Privacy Policy

1. Information We Collect

GRID42 collects information you provide directly: name, email, organization, and role when you create an account, request a build configuration, or contact us. We also collect usage data including assessment sessions, diagnostic results, and platform interactions.

2. How We Use Your Information

We use your information to provide and improve our services, including running diagnostic assessments, generating verifiable credentials, and delivering personalized coaching. We do not sell your personal data.

3. Verifiable Credentials & Privacy

The Passport issues W3C VC 2.0 credentials with SD-JWT selective disclosure. This means you control what information is shared — you can prove you passed a certification domain without revealing your individual scores. Differential privacy is applied at the workforce analytics layer.

4. Data Retention

Assessment data is retained for the duration of your subscription. Verifiable credentials are issued to you and stored in your credential wallet — we retain issuance records but not the credential contents. You may request deletion of your data at any time.

5. Security

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest, and OAuth 2.1 + PKCE for API authentication. CubeletCore deployments support air-gapped environments with Ed25519 signature-based activation.

6. Third-Party Services

We use Cloudflare (infrastructure), Vercel (hosting), Stripe (billing), and Arize Phoenix (observability). Each is bound by their respective privacy policies and our data processing agreements.

7. Contact

For privacy inquiries, contact us at privacy@grid42.ai.