Last updated: June 28, 2026 · For business, institutional, and organisation customers
This Data Processing Agreement (“DPA”) is for businesses, colleges, institutes, and organisations that use GridShare to process personal data. It forms part of, and is incorporated into, our Terms of Service. It sets out how GridShare, acting as a data processor, handles personal data on your behalf. Individual hobbyist accounts that do not process third parties' personal data generally do not need a DPA.
For personal data you process using GridShare, you (the customer) are the Data Fiduciary / Controller and GridShare is the Data Processor, in the sense of the Digital Personal Data Protection Act, 2023 (“DPDPA”) and, where applicable, the GDPR. GridShare processes such personal data only to provide the compute Platform to you, and only on your documented instructions (including the instructions inherent in your use of the Platform).
| Item | Detail |
|---|---|
| Subject matter | Provision of on-demand GPU compute, storage, and the workspace autosave/restore service |
| Duration | For the term of your account / until the data is deleted as set out below |
| Nature & purpose | Running, storing, and backing up the workloads and data you choose to run on the Platform |
| Categories of data | Whatever you place in your /workspace or your workloads — determined and controlled by you. GridShare does not require or inspect it. |
| Data subjects | Determined by you (e.g. your students, employees, or customers, if your workloads involve their data) |
You are responsible for having a lawful basis to process the personal data you run on GridShare, and for not placing prohibited or special-category data on Community-tier nodes (see our Acceptable Use Policy and Section 3 of the Privacy Policy).
You authorise GridShare to engage the following sub-processors. We will give you reasonable notice of any intended addition or replacement so you can object on reasonable data-protection grounds.
| Sub-processor | Purpose | Location |
|---|---|---|
| DigitalOcean (compute & database) | Hosts the core Platform, database, and operational data | India (Bangalore) |
| DigitalOcean Spaces (object storage) | Stores workspace autosave/restore snapshots | Singapore (SGP1)* |
| Independent GPU Providers | Run your compute workloads on their hardware | India |
| Razorpay | Payment processing (if you transact) | India |
| Email provider (Zoho / transactional) | Account, billing, and alert emails | As per provider |
* Object storage is not offered in an Indian DigitalOcean region; Singapore is the nearest. This cross-border transfer is permitted under the DPDPA, which allows transfer of personal data outside India except to countries specifically restricted by the Government of India (Singapore is not restricted). See Section 7 of the Privacy Policy.
Other than the workspace snapshots stored in Singapore (Section 4), GridShare keeps your personal data on infrastructure located in India. Where any transfer outside India occurs, it is carried out only as permitted by the DPDPA and applicable law, with appropriate safeguards (encryption in transit and at rest, and access controls).
Community-tier limitation: workloads run on independent Provider hardware that GridShare cannot fully control at the OS/hardware level. For sensitive or regulated data, encrypt client-side before upload and do not use Community-tier nodes. This limitation is part of the service you are agreeing to.
You can delete a workspace snapshot at any time from your dashboard. On termination of your account, or on your written request, GridShare will delete your personal data within a reasonable period, except where retention is required by law (for example, financial transaction records retained for 7 years under the GST Act and Income Tax Act — see Section 8 of the Privacy Policy). Workspace snapshots are reclaimed when an instance is terminated and the workspace is no longer funded, or on request.
Each party's liability under this DPA is subject to the limitations and exclusions in the Terms of Service. This DPA is governed by the laws of India, and the courts at the seat of GridShare's registered office have exclusive jurisdiction, consistent with the Terms of Service.
For most customers, accepting the Terms of Service (which incorporate this DPA) at signup is sufficient. If your organisation requires a counter-signed copy or a custom DPA for procurement, email enterprise@gridshare.in and we will arrange it.
Note: this is a working version provided for transparency and procurement. It is being finalised with legal counsel following GridShare's incorporation; the registered entity name and any counter-signature will be added at that time.