GridFrame legal

GridFrame Privacy Policy

This policy explains how Styps Ltd handles personal information across GridFrame, Release Web, product purchases, support and assisted setup.

Version 1.0Effective 18 July 2026

1. Who is responsible

Styps Ltd is the controller for personal information handled through GridFrame unless another notice says otherwise. Styps Ltd is registered in England and Wales under company number 14183652, with its registered office at 124 City Road, London, EC1V 2NX, United Kingdom. Contact for privacy questions.

2. Scope

This policy covers GridFrame websites, legal documents, guides, support, Release Web at publish.gridframe.site, and information used to review and administer a GridFrame assisted service. A Marcel or Philippe website published and operated by a customer is controlled by that customer and needs its own privacy information.

3. Information we collect

  • Contact and business details, such as name, email, country, time zone, business or store name and intended domain.
  • Purchase and entitlement details, such as the product, tier, order reference, payment status and masked licence reference.
  • Release Web information, such as secure licence and Vercel sessions, Vercel project and domain metadata, deployment status and technical request information.
  • Assisted-service records, such as request answers, workflow status, email timestamps, agreement evidence, payment references, handover details and support messages.
  • Security and diagnostic information, such as dates, server logs, browser type, limited network information, error details and one-way fingerprints used to protect consent or account activity.

4. Information we do not intend to keep

GridFrame Admin is not a vault for customer passwords, full licence keys, API keys, database addresses, two-factor codes or recovery keys. Do not send those items in ordinary email or support screenshots. Release Web encrypts necessary short-lived credentials in secure HTTP-only cookies and sends project settings to the requested deployment workflow; it is not intended as a permanent credential store.

5. Project files

Release Web prepares selected project files in the browser and uploads them to temporary Cloudflare R2 storage for deployment to Vercel. Common local environment files, dependencies, build output and Git metadata are excluded. Temporary staging is removed after deployment or cancellation and is not used as a project backup.

6. Purchases and payments

Polar may process software checkout, payment, tax, invoices and customer-portal information as merchant of record. Release Web may receive a temporary customer-session token to retrieve a matching licence benefit. Stripe processes card and billing details for an approved assisted-service booking. GridFrame does not receive full card details from either provider.

7. Marcel Setup requests and bookings

When you send a Marcel Setup request, we use the non-secret details you provide to review the request, contact you and manage availability. If approved, a private booking token expires after seven days. When you check the Agreement box, GridFrame records the request reference, agreement version, URL and SHA-256 fingerprint, a consent reference, date and time, and limited one-way security fingerprints. Stripe metadata connects the payment to that consent record. Resend delivers the workflow emails.

8. Why we use information

We use information to provide requested products and services, validate licences, maintain secure sessions, connect and operate requested Vercel actions, publish supported projects, manage setup requests and bookings, deliver emails, provide support, keep records, prevent misuse, diagnose problems, comply with legal duties and improve reliability.

9. Legal bases

Depending on the activity, we process information to take requested steps before a contract, perform a contract, comply with legal obligations, pursue legitimate interests in operating and securing GridFrame, or act with consent where consent is required. Our legitimate interests include preventing misuse, maintaining records, supporting customers and improving service reliability without overriding individual rights.

10. Who receives information

Information is shared only where needed with providers supporting the relevant activity, including Polar for purchases and entitlements, Vercel for deployment and domains, Cloudflare for temporary staging and infrastructure, Stripe for assisted-service payments, Resend for operational email, Neon for the restricted GridFrame Admin database, and professional advisers or authorities where law or legitimate protection of rights requires it.

11. Cookies

Release Web uses essential secure cookies for encrypted licence, Vercel connection and restricted administrator sessions. These cookies are needed for the requested workflow and use HTTP-only and other appropriate security settings. GridFrame does not need advertising cookies to provide Release Web.

12. Retention

Temporary project staging is scheduled for deletion after the workflow. Session cookies expire or are cleared when you sign out or disconnect. Purchase, tax, invoice, agreement, consent, payment, service and support records are kept only for as long as reasonably required for administration, security, legal obligations and disputes. The exact period depends on the record and applicable legal or accounting requirements.

13. International processing

Some providers may process information outside the United Kingdom. Where data-protection law requires it, we rely on adequacy regulations, approved contractual protections or another lawful transfer safeguard. Contact us if you need more information about the safeguard relevant to your information.

14. Security

Measures include server-side licence validation, encrypted or signed HTTP-only sessions, restricted administrator access, hashed administrator credentials, verified payment webhooks, production cookie protections and limited handling of secrets. No online service is completely risk-free. Protect your email and provider accounts and rotate a credential if you suspect exposure.

15. Your rights

Depending on the circumstances, you may have rights to access, correct, erase, restrict or receive your personal information, and to object to certain use. Where processing relies on consent, you may withdraw that consent without affecting earlier lawful use. Some rights are limited by legal duties and the reason information is used.

Send a request to . We may need to verify your identity. You may also complain to the UK Information Commissioner’s Office or another data-protection authority available to you.

16. Children

GridFrame commercial software and assisted services are intended for adults and are not directed to children under 13. A customer must meet the eligibility requirements in the GridFrame Terms.

17. Changes

We may update this policy when GridFrame, its providers or legal requirements change. The version and effective date identify the current document.

18. Contact

Email or write to Styps Ltd, 124 City Road, London, EC1V 2NX, United Kingdom.

GridFrameA product and service of Styps Ltd.
© 2026 Styps Ltd · Company 14183652 · 124 City Road, London, EC1V 2NX, United Kingdom