Last updated: June 28, 2026 · Effective immediately
Plain English summary: We collect only what's necessary to run the marketplace — name, email, UPI ID. We never collect Aadhaar, full bank details, or card numbers. We don't sell your data. All data is stored in India. You can request deletion at any time. GridShare does not inspect the contents of your compute workloads.
This Privacy Policy applies to Quartusbrain Ideas Private Limited ("GridShare", "we", "our", "us"), operating the Platform at gridshare.in and relay.gridshare.in, incorporated under the Companies Act, 2013, India.
GridShare is a data fiduciary as defined under the Digital Personal Data Protection Act, 2023 (DPDPA 2023) with respect to the personal data it processes. For privacy queries, contact our Privacy Officer at: support@gridshare.in.
| Data | Why We Collect It | Required? |
|---|---|---|
| Full name | Identity for payout records, TDS compliance, and support | Yes |
| PAN (Permanent Account Number) | TDS deduction under Section 194O — 1% rate (vs 20% without PAN) | Strongly recommended |
| UPI ID (VPA) | To send daily earnings payouts via Razorpay | Yes |
| Email address | Payout receipts, tax certificates, and account alerts | Optional but recommended |
| Phone number | WhatsApp notifications for earnings, payout failures, and alerts | Optional |
| City / Location | Displayed on marketplace to help Buyers choose nearby nodes | Optional |
| GPU hardware specs | Automatic tier assignment, pricing, and marketplace listing | Yes (auto-detected by agent) |
| Node uptime and performance metrics | Reliability score calculation and per-second billing verification | Yes (auto-collected) |
| Data | Why We Collect It | Required? |
|---|---|---|
| Full name | Account identity and GST invoice generation | Yes |
| Email address | Login, billing receipts, instance alerts, and account security | Yes |
| Phone number | WhatsApp alerts for low balance and instance events | Optional |
| Company name & GSTIN | GST-compliant tax invoice generation for business customers | Optional |
| SSH public keys | Injected into instances for passwordless SSH access — stored as plain public keys | Optional |
| Wallet balance and transaction records | Prepaid compute billing, refund processing, and financial compliance | Yes |
| Instance launch history and compute usage | Billing, fraud detection, and support | Yes (auto-collected) |
| Browser fingerprint hash (SHA-256) | Multi-account fraud detection — stored as a hash, never the raw fingerprint | Optional (client-side) |
| Workspace contents (continuous autosave) | To protect your work from interruption, restart, or node failure, we continuously back up your instance's /workspace (code, scripts, notebooks, configs, small outputs). Large regenerable files (model weights, caches, datasets) are excluded. We do not inspect or analyse the contents, and you can delete these backups at any time. | Yes (auto, while running) — deletable |
/workspace directory to encrypted storage. We never read or analyse those backups, large regenerable files are excluded, and you can delete them at any time. Data outside /workspace, and anything on Community-tier provider hardware, is not copied by us.Note on Provider nodes: Compute workloads run on hardware owned and operated by independent Providers, not GridShare. GridShare has no technical ability to inspect or control what occurs on Provider hardware at the OS or hardware level. While Providers are contractually prohibited from accessing Buyer data, GridShare cannot technically guarantee that a Provider cannot access unencrypted data on their own hardware. Do not process highly sensitive, classified, or regulated data on Community-tier nodes. Use encrypted containers and in-instance encryption for sensitive workloads. For sensitive workloads we recommend encrypting data before upload and using checkpoints encrypted client-side. Buyer secrets injected into instances may be technically visible to the host machine owner; do not inject production credentials into Community-tier instances.
Under the Digital Personal Data Protection Act, 2023 (DPDPA 2023), GridShare processes your personal data on the following bases:
| Service | Data Shared | Purpose | Location |
|---|---|---|---|
| Razorpay Software Pvt. Ltd. | Name, UPI VPA, transaction amount, order ID | Processing Buyer payments and Provider payouts | India |
| WATI / AiSensy (WhatsApp Business API) | Phone number and notification content only | Sending WhatsApp alerts you have opted into | India / WhatsApp servers |
| DigitalOcean LLC (Cloud infrastructure) | All Platform data is stored on DigitalOcean-hosted servers | Infrastructure hosting | India (Bangalore region) |
| SendGrid / Transactional email | Email address and message content | Sending transactional emails (receipts, alerts, verification) | Global (Twilio infrastructure) |
| Competent legal authorities | As required by lawful order | Legal compliance — CERT-In, tax authorities, courts | India |
We do not sell, rent, licence, or share your personal data with advertisers, data brokers, marketing firms, or any third party for commercial purposes.
We require all third-party data processors to maintain appropriate security and confidentiality standards. We are not responsible for the independent privacy practices of Razorpay or WhatsApp — please review their respective privacy policies.
/workspace snapshots) are stored in GridShare's object storage in the DigitalOcean Singapore (SGP1) region — object storage is not offered in an Indian DigitalOcean region. This cross-border storage is permitted under the DPDPA 2023, which allows the transfer of personal data outside India except to countries specifically restricted by the Government of India (Singapore is not restricted). These snapshots are encrypted in transit (TLS 1.2+) and at rest, and are accessible only through short-lived, account-bound linksDespite these measures, no internet transmission or storage system is 100% secure. GridShare cannot guarantee absolute security of your data. In the event of a data breach affecting your personal data, we will notify you as required by applicable law.
| Category | Retention Period | Reason |
|---|---|---|
| Active account data | Until account closure | Platform operation |
| Personal data after account closure | Deleted within 90 days | DPDPA 2023 compliance |
| Financial transaction records | 7 years from transaction date | GST Act, Income Tax Act requirements |
| TDS records and Form 16A | 7 years | Income Tax Act 1961 |
| Node heartbeat / performance data | 60 days rolling | Reliability score calculation, billing verification, and refund/dispute resolution |
| Workspace autosave backups | Retained while your instance is active or the workspace is funded (positive balance); reclaimed when the instance is terminated and no longer funded, or on your request | Crash recovery and resume |
| Security logs (IP, login events) | 90 days | Fraud investigation and CERT-In compliance |
| Support correspondence | 3 years from last interaction | Dispute resolution |
Under the Digital Personal Data Protection Act, 2023, you have the following rights with respect to your personal data held by GridShare:
To exercise any of these rights, email support@gridshare.in with subject "Privacy Request — [your full name]" from your registered email address. We will respond within 30 days.
GridShare uses minimal browser storage:
In the event of a merger, acquisition, restructuring, or sale of all or substantially all of GridShare's assets, personal data held by GridShare may be transferred to the acquiring entity as part of that transaction. You will be notified via email and/or prominent notice on the Platform at least 30 days before any such transfer, and the new entity will be bound to honour this Privacy Policy or provide notice of material changes. If you do not accept the new entity's privacy terms, you may close your account before the transfer takes effect.
GridShare is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a person under 18 has registered an account, contact support@gridshare.in and we will promptly delete the account and associated data.
The Platform may contain links to third-party websites or services (e.g., Razorpay, DigitalOcean, GitHub). GridShare is not responsible for the privacy practices or content of those third parties. Visiting those sites is governed by their own privacy policies, which we encourage you to review.
We may update this Privacy Policy as required. For material changes that meaningfully affect your rights, we will provide at least 7 days' advance notice via email. The updated date at the top of this page will always reflect when the Policy was last revised. Continued use of the Platform after the effective date constitutes acceptance of the revised Policy.
In accordance with the Information Technology Act, 2000, the IT (Intermediary Guidelines) Rules, 2021, and the Digital Personal Data Protection Act, 2023, GridShare has appointed a Grievance Officer: