Legal

Privacy Policy

Last updated: 3 June 2026

1. Who we are

4D Grid Energy (Pty) Ltd ("4D Grid", "we", "us") is the operator of the GridSync platform and is the responsible party (data controller) for personal information processed through the Services. We are committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 ("POPIA"), and where applicable, the EU General Data Protection Regulation ("GDPR").

For POPIA-specific rights and our Information Officer's contact details, please see our POPIA Notice.

2. Information we collect

We collect the following categories of personal information:

  • Account information: name, email address, organisation, role, hashed password.
  • Contact form submissions: name, email, phone number (optional), company (optional), message content, submission IP address and timestamp.
  • Operational data: Site addresses, Device identifiers, electrical measurements, dispatch events and other telemetry necessary to provide the Services. This data is associated with a Customer organisation rather than with individual end-users unless you specifically link them.
  • Technical data: IP address, browser type, device type, pages visited, timestamps, log data and similar information collected automatically when you interact with the Services.
  • Communications: records of emails and other communications with us.

We do not knowingly collect personal information from children under 18.

3. How we use your information

We process personal information for the following purposes:

  • Creating and managing your Account and providing the Services;
  • Authenticating users and securing the Services;
  • Responding to enquiries submitted via the contact form;
  • Sending transactional notifications (account approval, password reset, security alerts);
  • Operating, monitoring, securing and improving the Services;
  • Complying with legal obligations including taxation, accounting and lawful requests from regulators;
  • Detecting, investigating and preventing fraud, abuse or threats to the Services.

4. Lawful basis for processing

We process personal information on the basis of: (a) your consent (which you may withdraw at any time); (b) the necessity of processing to perform a contract with you or to take steps at your request prior to entering into a contract; (c) compliance with a legal obligation; and (d) our legitimate interests in operating, securing and improving the Services, balanced against your rights.

5. Sharing of information

We do not sell personal information. We share personal information only as necessary with:

  • Service providers who process information on our behalf under contractual confidentiality and security obligations — for example, our cloud hosting provider (Railway), our database provider (MongoDB Atlas), our static-site host (Vercel), our transactional email provider (Resend) and similar infrastructure partners;
  • Customer organisations: if you are an end-user associated with a Site managed by a Customer organisation, that organisation's administrators may have access to operational data about that Site;
  • Legal authorities where required by law, court order or a lawful regulatory request;
  • Acquirers in connection with a corporate transaction (merger, acquisition or asset sale), subject to equivalent privacy protections.

6. Cross-border transfers

Some of our service providers operate servers outside the Republic of South Africa, including in the United States and the European Union. Where we transfer personal information across borders, we ensure that the recipient is bound by laws, binding corporate rules or contractual safeguards that provide an adequate level of protection in accordance with Section 72 of POPIA.

7. Security

We take appropriate, reasonable technical and organisational measures to protect personal information against loss, damage, unauthorised destruction, unlawful access and unlawful processing. These include encryption in transit (TLS), encrypted password storage (bcrypt), rate limiting on authentication endpoints, role-based access controls, audit logging and segregated production environments. No system is impenetrable; we cannot guarantee absolute security.

8. Retention

We retain personal information only for as long as is necessary to fulfil the purposes set out in this policy, or for longer where required by law (for example, taxation and accounting obligations). When personal information is no longer required, we will delete or de-identify it.

9. Your rights

Subject to applicable law, you have the right to:

  • Request access to the personal information we hold about you;
  • Request correction of inaccurate or incomplete personal information;
  • Request deletion of personal information where there is no legal basis to retain it;
  • Object to certain processing activities including direct marketing;
  • Withdraw consent where processing is based on consent;
  • Lodge a complaint with the Information Regulator (South Africa) — see contact details in our POPIA Notice.

To exercise these rights, contact us at our contact page.

10. Cookies & analytics

The GridSync websites use a minimal set of strictly necessary cookies and similar storage required to keep you signed in and to remember your preferences. We do not currently use third-party advertising trackers. If we introduce analytics or marketing cookies in future, we will update this policy and, where required, request your consent.

11. Changes

We may update this Privacy Policy from time to time. The current version is always posted at this URL with the "Last updated" date above. Material changes will be communicated by email where reasonably practicable.

12. Contact

Privacy questions can be directed to:

4D Grid Energy (Pty) Ltd
Attention: Information Officer
Houghton Estate, Johannesburg, Republic of South Africa
Contact: via our contact page