Version: 2.1
Effective Date: July 5, 2026
Company: The Widget Bot LLC, a Michigan limited liability company ("The Widget Bot," "we," "our," or "us"), operating the Gridget platform under Netrork LLC.
This Privacy Policy ("Policy") explains how The Widget Bot and Netrork LLC collect, process, and protect personal data in connection with the Gridget service ("Gridget," "Service," or "Platform").
By creating a vendor account or using Gridget, you acknowledge and consent to the practices described in this Policy.
1.1 "Gridget" refers to the proprietary digital platform operated by The Widget Bot LLC that enables vendors to process and print customer-provided images into sheets for customized photo products (such as magnets, ornaments, and keychains).
1.2 "The Widget Bot LLC" refers to the Michigan limited liability company that operates Gridget.
1.3 "Netrork LLC" refers to the Michigan limited liability company that owns The Widget Bot LLC and the Gridget Intellectual Property.
1.4 "Vendors" are registered business users who create Gridget accounts, purchase tokens, and manage customer photo uploads and print orders.
1.5 "Customers" are individuals who upload images through QR codes or upload links provided by vendors — or whose images or order information otherwise enter the Service through the photo booth or a connected commerce platform, as described in Section 2 — for the purpose of creating customized photo products. Customers do not create accounts on Gridget.
1.6 "Tokens" are digital units purchased by vendors from Gridget to enable the processing and generation of printable sheets.
We collect information that vendors voluntarily provide when creating or using a Gridget account. This may include contact details (such as email address), business identifiers (such as company name), transactional information (such as token purchases, template usage, and order activity), and communication preferences (such as marketing consent status).
When a vendor grants or withdraws marketing consent, we record the consent status, timestamp, IP address, and the version of the Terms of Service in effect at that time. This information is retained for compliance and audit purposes.
We may also collect limited, vendor-defined text or labels associated with artwork or print jobs. Gridget does not require or request that personally identifiable information (PII) about end customers be entered into these fields.
When an end customer interacts with Gridget—for example, by uploading an image through a QR code or unique link—Gridget automatically processes only what is needed to fulfill the vendor's request.
This typically includes the image file, technical metadata (such as file size, format, device type, IP address, and timestamp), and any optional descriptive text the vendor provides.
Beyond the optional text-message opt-in, connected commerce platform orders, and feedback survey described below, Gridget does not require names, contact information, or other direct identifiers from end customers, and any vendor-entered free-text labels are controlled solely by the vendor. Vendors are responsible for ensuring that such text complies with applicable privacy laws.
Text-message opt-in. If the vendor has enabled order notifications, an end customer may optionally provide a mobile phone number to receive a text message when their order is ready for pickup. When a customer opts in, we record the phone number, the date and time of consent, and the IP address from which consent was given. Providing a phone number is never required to use Gridget, and the number is used solely to deliver order-status notifications for that specific order — never for marketing.
Connected commerce platforms (Shopify). When a vendor connects a commerce platform such as Shopify to their Gridget account, Gridget receives order information from that platform when a customer makes a purchase. This may include the buyer's name and email address as recorded on the order, which Gridget stores as an order reference so the vendor can match the Gridget order to the platform order. This information originates from the customer's purchase on the vendor's store and is governed by the vendor's and the platform's own privacy terms; Gridget uses it only to label and fulfill the order; when the order is later deleted from Gridget, the name or email is replaced with the platform's order number (see Section 6).
Event photo booth. Vendors may operate a Gridget-powered photo booth at their events. Images captured at a booth are taken by the vendor's booth device, may depict event attendees, and are stored and processed by Gridget on the vendor's behalf (including optional image adjustment, overlays, and on-site printing). The vendor, as the event operator, is responsible for providing any notice to and obtaining any consent from the individuals photographed. Booth and event images are deleted on the schedule described in Section 6.
Feedback survey. After completing an upload, customers may optionally rate their experience and leave a comment. If submitted, we store the rating, the comment text, and basic device information (browser and device type). Gridget uses this feedback for its own product-improvement purposes.
All information is processed solely for the purposes of account management, service operation, and product fulfillment. We apply technical and organizational measures to protect data at rest and in transit and to minimize the amount of personal information stored.
We may aggregate or anonymize data for analytics or service improvement, but we do not sell or share personal information with third parties for marketing.
The Widget Bot and its authorized personnel may access uploaded photos, orders, and related activity for legitimate operational purposes, including quality assurance, order verification, technical troubleshooting, and abuse prevention. Widget Bot does not manually review all content.
We process collected data to:
We do not sell or rent personal information.
For compliance purposes:
All personal data and uploaded content are securely stored in the United States (Virginia region) using Vercel, Cloudflare, and NEON for hosting, storage, and secure global content delivery. We also use Axiom for application telemetry and error monitoring (which may receive usage events directly from your browser while using the Service) and Resend for delivering email, each acting as a service provider on our behalf.
Data is encrypted in transit and at rest, and access is restricted to authorized personnel under strict confidentiality agreements.
Text messages are delivered through our messaging infrastructure and our telecommunications carrier partner, Flowroute, Inc. (United States), acting as a service provider on our behalf. Carrier partners receive only the information necessary to deliver the message (the recipient phone number and message content) and are not permitted to use it for any other purpose.
Gridget uses functional cookies and application analytics (Vercel and Cloudflare metrics, and Axiom telemetry, which records product-usage events such as page views, upload progress, and errors) to ensure site reliability, security, and performance. We do not use cookies or tracking technologies for advertising or behavioral profiling.
Vendors may opt in to receive marketing communications from Gridget, including product updates, tips, and promotional emails. Marketing consent is always optional, never pre-selected, and separate from acceptance of the Terms of Service.
When you grant or withdraw marketing consent, we record:
You may withdraw your marketing consent at any time by:
Withdrawal of consent does not affect transactional communications necessary for account operation (such as sign-in links and purchase confirmations).
Marketing emails may include standard delivery measurement (whether an email was opened and which links were clicked), which we use to gauge the relevance of what we send. This measurement applies only to marketing emails to vendors — never to transactional emails or customer-facing communications.
Where a vendor has enabled the feature, end customers may opt in to receive a text message when their order is ready for pickup. These messages are transactional: they relate solely to the customer's own order and are never used for marketing or promotional purposes.
Transfers of personal data from the EEA, UK, or Australia to the U.S. are conducted pursuant to Standard Contractual Clauses (SCCs) approved by the European Commission or other appropriate safeguards.
Users — including end customers who provided a phone number for text notifications — may request access, correction, or deletion of their personal data by contacting privacy@thewidgetbot.com. We will verify requester identity and respond within applicable legal timeframes.
We comply with applicable U.S. state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA). We do not sell personal information as defined under those laws.
Gridget is not directed to children under 13. We do not knowingly collect personal data from minors. If discovered, such data will be deleted promptly.
In the event of a data breach involving personal information, we will notify affected users and relevant supervisory authorities as required by law.
The Widget Bot LLC
Attn: Privacy Compliance
Email: privacy@thewidgetbot.com
Address: Plymouth, Michigan, USA
If you are located outside the United States, please contact us by email for regional representative details.
We may update this Policy periodically. Continued use of Gridget after updates constitutes acceptance of the revised Policy.
Last updated: July 5, 2026