Skip to content
SAGE GRIDS Logo

PrivacyPolicy

Last updated: May 2026

Scroll

Who we are

This policy describes how SAGE GRIDS LTD ("SAGE GRIDS", "we", "us") collects, uses, and shares personal information when you visit our website, purchase a product, or use our services. SAGE GRIDS LTD is a company registered in England and Wales under company number 16003773, with registered office at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. We are the data controller for personal information processed under this policy.

Information we collect

We collect information you provide directly to us when you fill in a contact form, subscribe to our newsletter, purchase a product, create an account, or contact support. This may include your name, email address, company name, billing details, support correspondence, and any other information you choose to share.

We automatically collect certain information when you visit the website, including your IP address, browser type, operating system, referring URLs, pages viewed, and basic interaction analytics. Our SaaS products also process the prompts, configurations, and content you submit in order to deliver the service.

How we use your information

  • To deliver the products and services you purchase, including AI generation, plugin updates, and licence validation.
  • To respond to your inquiries and provide customer and refund support.
  • To send transactional messages (receipts, licence emails, security and policy updates).
  • To send marketing communications, only with your consent and only until you opt out.
  • To improve and secure our website, products, and services, including detecting fraud and abuse.
  • To comply with our legal, tax, and accounting obligations.

Legal bases

Where UK GDPR or EU GDPR applies, our legal bases are: contractual necessity (to deliver products and services you have purchased), legitimate interests (to secure and improve our service, prevent abuse, and run our business), consent (for marketing emails and certain cookies), and legal obligation (for tax, accounting, and legal compliance).

Sub-processors and data sharing

We do not sell, trade, or rent your personal information. We share information with the following categories of sub-processor, only to the extent necessary to deliver the service:

  • Payment processing: Stripe handles checkout, billing, sales tax collection, and refunds as our merchant of record. They receive your billing details and order history. We will update this policy if we add or change payment processor.
  • Upstream AI providers: OpenAI, Anthropic, Google, and OpenRouter process the prompts and content you submit to our SaaS products in order to generate outputs. OpenRouter is a model gateway that may route your inferences to additional underlying model providers on our behalf. Their data handling is governed by their own terms; we route requests on a no-training basis where the provider supports it. We may add or change upstream providers from time to time and will update this policy when we do.
  • Hosting and infrastructure: Cloud hosting providers we use to run the website, our SaaS products, and our databases.
  • Email and communications: Transactional email providers used to send receipts, licence emails, password resets, and product updates.
  • Analytics: Google Analytics 4 (operated by Google Ireland Ltd) to count visits and understand which pages are useful. GA4 sets first-party cookies (_ga, _ga_<id>) only after you click Accept on our cookie banner. If you reject, no GA scripts load and no analytics data is sent to Google. You can change your choice at any time via the "Cookie settings" link in the footer. We do not run ad tracking, remarketing, or cross-site profiling.
  • Legal and regulatory: Where required by law, we may share information with regulators, law enforcement, or our professional advisors.

International transfers

Some of our sub-processors are based outside the UK and the European Economic Area, including in the United States. Where we transfer personal data internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or adequacy decisions where they apply. You can request a copy of the relevant transfer safeguard for any specific sub-processor by emailing [email protected].

Data retention

We keep personal information only for as long as we need it for the purposes described above. Customer-account and SaaS-product data is deleted within 30 days of subscription cancellation, except where we need to retain it for legal, tax, accounting, or fraud-prevention reasons (typically up to 7 years for tax records). Marketing-list contacts are kept until you unsubscribe. Anonymised analytics data may be retained indefinitely.

Data security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. This includes encrypted credential storage, access controls, and audit logging where applicable. No system is 100% secure; if we become aware of a breach affecting your personal information, we will notify you and the relevant supervisory authority as required by law.

Your rights

Subject to applicable law, you have the right to access, correct, delete, restrict the processing of, or port your personal information, and to object to processing carried out on the basis of legitimate interests. You can withdraw consent for marketing emails at any time using the unsubscribe link or by contacting us. To exercise these rights, email [email protected] from the email address we hold on file. We respond to verifiable requests within 30 days. We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects. AI-generated outputs from our products are content for you to use and review, not decisions about you.

If you are based in the UK or the EU and you believe we have not handled your data fairly, you have the right to lodge a complaint with your local supervisory authority. In the UK, that is the Information Commissioner's Office (ico.org.uk).

Cookies

Our website uses a small number of essential cookies for core functionality such as sessions, security, and your preferences. We also use Google Analytics 4 to measure site usage; GA4 sets first-party cookies (_ga, _ga_<id>) only after you click Accept on our cookie banner. If you reject, no GA scripts load and no analytics data is sent to Google. We do not load advertising trackers, run remarketing, or do cross-site profiling. You can change your choice at any time via the "Cookie settings" link in the footer, or control cookies through your browser settings.

Children

Our products are not directed to children under 18, and we do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. We will indicate the effective date at the top of the page and, where the change is material, notify customers by email.

Contact

Privacy and data-rights questions: [email protected]. SAGE GRIDS LTD, UK Company No. 16003773, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.