Privacy Policy

Last updated: June 28, 2026  ·  Effective immediately

Plain English summary: We collect only what's necessary to run the marketplace — name, email, UPI ID. We never collect Aadhaar, full bank details, or card numbers. We don't sell your data. All data is stored in India. You can request deletion at any time. GridShare does not inspect the contents of your compute workloads.

1. Who We Are

This Privacy Policy applies to Quartusbrain Ideas Private Limited ("GridShare", "we", "our", "us"), operating the Platform at gridshare.in and relay.gridshare.in, incorporated under the Companies Act, 2013, India.

GridShare is a data fiduciary as defined under the Digital Personal Data Protection Act, 2023 (DPDPA 2023) with respect to the personal data it processes. For privacy queries, contact our Privacy Officer at: support@gridshare.in.

2. Data We Collect and Why

2.1 Providers (GPU node owners)

DataWhy We Collect ItRequired?
Full nameIdentity for payout records, TDS compliance, and supportYes
PAN (Permanent Account Number)TDS deduction under Section 194O — 1% rate (vs 20% without PAN)Strongly recommended
UPI ID (VPA)To send daily earnings payouts via RazorpayYes
Email addressPayout receipts, tax certificates, and account alertsOptional but recommended
Phone numberWhatsApp notifications for earnings, payout failures, and alertsOptional
City / LocationDisplayed on marketplace to help Buyers choose nearby nodesOptional
GPU hardware specsAutomatic tier assignment, pricing, and marketplace listingYes (auto-detected by agent)
Node uptime and performance metricsReliability score calculation and per-second billing verificationYes (auto-collected)

2.2 Buyers

DataWhy We Collect ItRequired?
Full nameAccount identity and GST invoice generationYes
Email addressLogin, billing receipts, instance alerts, and account securityYes
Phone numberWhatsApp alerts for low balance and instance eventsOptional
Company name & GSTINGST-compliant tax invoice generation for business customersOptional
SSH public keysInjected into instances for passwordless SSH access — stored as plain public keysOptional
Wallet balance and transaction recordsPrepaid compute billing, refund processing, and financial complianceYes
Instance launch history and compute usageBilling, fraud detection, and supportYes (auto-collected)
Browser fingerprint hash (SHA-256)Multi-account fraud detection — stored as a hash, never the raw fingerprintOptional (client-side)
Workspace contents (continuous autosave)To protect your work from interruption, restart, or node failure, we continuously back up your instance's /workspace (code, scripts, notebooks, configs, small outputs). Large regenerable files (model weights, caches, datasets) are excluded. We do not inspect or analyse the contents, and you can delete these backups at any time.Yes (auto, while running) — deletable

2.3 What We Do NOT Collect

3. Important Limitation — Provider Hardware

Note on Provider nodes: Compute workloads run on hardware owned and operated by independent Providers, not GridShare. GridShare has no technical ability to inspect or control what occurs on Provider hardware at the OS or hardware level. While Providers are contractually prohibited from accessing Buyer data, GridShare cannot technically guarantee that a Provider cannot access unencrypted data on their own hardware. Do not process highly sensitive, classified, or regulated data on Community-tier nodes. Use encrypted containers and in-instance encryption for sensitive workloads. For sensitive workloads we recommend encrypting data before upload and using checkpoints encrypted client-side. Buyer secrets injected into instances may be technically visible to the host machine owner; do not inject production credentials into Community-tier instances.

4. How We Use Your Data

5. Lawful Basis for Processing

Under the Digital Personal Data Protection Act, 2023 (DPDPA 2023), GridShare processes your personal data on the following bases:

6. Third Parties We Share Data With

ServiceData SharedPurposeLocation
Razorpay Software Pvt. Ltd.Name, UPI VPA, transaction amount, order IDProcessing Buyer payments and Provider payoutsIndia
WATI / AiSensy (WhatsApp Business API)Phone number and notification content onlySending WhatsApp alerts you have opted intoIndia / WhatsApp servers
DigitalOcean LLC (Cloud infrastructure)All Platform data is stored on DigitalOcean-hosted serversInfrastructure hostingIndia (Bangalore region)
SendGrid / Transactional emailEmail address and message contentSending transactional emails (receipts, alerts, verification)Global (Twilio infrastructure)
Competent legal authoritiesAs required by lawful orderLegal compliance — CERT-In, tax authorities, courtsIndia

We do not sell, rent, licence, or share your personal data with advertisers, data brokers, marketing firms, or any third party for commercial purposes.

We require all third-party data processors to maintain appropriate security and confidentiality standards. We are not responsible for the independent privacy practices of Razorpay or WhatsApp — please review their respective privacy policies.

7. Data Storage and Security

Despite these measures, no internet transmission or storage system is 100% secure. GridShare cannot guarantee absolute security of your data. In the event of a data breach affecting your personal data, we will notify you as required by applicable law.

8. Data Retention

CategoryRetention PeriodReason
Active account dataUntil account closurePlatform operation
Personal data after account closureDeleted within 90 daysDPDPA 2023 compliance
Financial transaction records7 years from transaction dateGST Act, Income Tax Act requirements
TDS records and Form 16A7 yearsIncome Tax Act 1961
Node heartbeat / performance data60 days rollingReliability score calculation, billing verification, and refund/dispute resolution
Workspace autosave backupsRetained while your instance is active or the workspace is funded (positive balance); reclaimed when the instance is terminated and no longer funded, or on your requestCrash recovery and resume
Security logs (IP, login events)90 daysFraud investigation and CERT-In compliance
Support correspondence3 years from last interactionDispute resolution

9. Your Rights Under DPDPA 2023

Under the Digital Personal Data Protection Act, 2023, you have the following rights with respect to your personal data held by GridShare:

To exercise any of these rights, email support@gridshare.in with subject "Privacy Request — [your full name]" from your registered email address. We will respond within 30 days.

10. Cookies and Local Storage

GridShare uses minimal browser storage:

11. Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or substantially all of GridShare's assets, personal data held by GridShare may be transferred to the acquiring entity as part of that transaction. You will be notified via email and/or prominent notice on the Platform at least 30 days before any such transfer, and the new entity will be bound to honour this Privacy Policy or provide notice of material changes. If you do not accept the new entity's privacy terms, you may close your account before the transfer takes effect.

12. Children's Privacy

GridShare is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a person under 18 has registered an account, contact support@gridshare.in and we will promptly delete the account and associated data.

13. Third-Party Links and Services

The Platform may contain links to third-party websites or services (e.g., Razorpay, DigitalOcean, GitHub). GridShare is not responsible for the privacy practices or content of those third parties. Visiting those sites is governed by their own privacy policies, which we encourage you to review.

14. Changes to This Policy

We may update this Privacy Policy as required. For material changes that meaningfully affect your rights, we will provide at least 7 days' advance notice via email. The updated date at the top of this page will always reflect when the Policy was last revised. Continued use of the Platform after the effective date constitutes acceptance of the revised Policy.

15. Grievance Officer

In accordance with the Information Technology Act, 2000, the IT (Intermediary Guidelines) Rules, 2021, and the Digital Personal Data Protection Act, 2023, GridShare has appointed a Grievance Officer: