Privacy Policy
Last Updated: April 3, 2026
Effective Date: April 3, 2026
OPEN SOURCE SIX SIGMA, LLC (“Company,” “we,” “our,” or “us”) respects your privacy and is committed to protecting it through our compliance with this policy.
This Privacy Policy describes the types of information we collect from you when you use SixGrid at app.sixgrid.com and sixgrid.com (the “Service”), and our practices for collecting, using, maintaining, protecting, and disclosing that information.
Please read this policy carefully. By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with our practices, do not use the Service.
1. What This Policy Covers
This policy applies to information we collect:
(a) Through the Service, including the SixGrid web application at app.sixgrid.com and the SixGrid marketing website at sixgrid.com.
(b) In email, chat, and other electronic communications between you and the Service.
(c) When you interact with our customer support channels.
This policy does not apply to information collected by:
(a) Open Source Six Sigma, LLC on other websites it operates, including opensourcesixsigma.com (which is governed by its own privacy policy).
(b) Any third party, including through any application, service, or content that may link to or be accessible from the Service.
2. Information We Collect
We collect three categories of information:
2.1 Account Data
Account Data is information you provide when you register for and manage your Account. This includes:
(a) Name and email address. (b) Organization name. (c) Password (managed by our authentication provider; we do not store passwords directly). (d) Billing information (processed and stored by our payment processor; we do not store full credit card numbers). (e) Profile information you choose to provide. (f) Role and permission settings within your organization.
2.2 Customer Data
Customer Data is the content you and your Authorized Users upload, input, create, or process through the Service. This includes:
(a) Project information (charters, problem statements, goals, scope, status). (b) Milestones and to-do items. (c) Project notes and comments. (d) Metrics (primary and secondary, targets and actuals). (e) Financial data (benefits, costs, classifications). (f) File attachments (documents, images, and other files you upload). (g) Reports and final report content. (h) Group and team structure information. (i) Activity log entries generated by your actions in the Service.
Your Customer Data may contain sensitive and proprietary business information. We recognize that the nature of Lean Six Sigma and Continuous Improvement work means your project data may include confidential operational details, financial figures, process performance metrics, and organizational information. We treat all Customer Data as confidential. See Section 5 for details on how we protect it.
2.3 Usage Data
Usage Data is information collected automatically when you use the Service. This includes:
(a) Device information (browser type, operating system, device type). (b) IP address. (c) Pages visited and features used within the Service. (d) Session duration and frequency of use. (e) Referring URLs. (f) Error logs and performance data. (g) General geographic location (derived from IP address, not precise location).
Usage Data does not include the content of your Customer Data. We do not read your project charters, notes, financials, or other Customer Data content as part of Usage Data collection.
3. How We Collect Information
3.1 Information You Provide Directly
We collect Account Data and Customer Data that you voluntarily provide when you:
(a) Register for an Account. (b) Create or edit projects, milestones, to-dos, notes, metrics, financials, or other content. (c) Upload files and attachments. (d) Invite team members to your organization. (e) Update your profile or Account settings. (f) Contact us for support. (g) Submit feedback or respond to surveys. (h) Use the contact form on sixgrid.com.
3.2 Information Collected Automatically
We collect Usage Data automatically as you navigate and interact with the Service using:
Cookies. We use essential cookies required for the Service to function (such as authentication session cookies). We may also use analytics cookies to understand how the Service is used and to improve it. You may refuse non-essential cookies by adjusting your browser settings, though this may affect your ability to use certain features of the Service.
Analytics Tools. We may use product analytics tools (such as PostHog) to collect Usage Data about how features are used, user flows, and session behavior. These tools help us improve the Service and understand usage patterns. Analytics tools collect Usage Data only — they do not access the content of your Customer Data.
Error Monitoring. We use error monitoring tools (such as Sentry) to detect, diagnose, and resolve technical issues. Error reports may include technical metadata about the state of the application when an error occurred. We minimize the collection of personal or Customer Data in error reports.
Server Logs. Our hosting infrastructure automatically records certain information in server logs, including IP addresses, request timestamps, and request metadata. These logs are used for security monitoring, troubleshooting, and maintaining the Service.
3.3 Information from Third Parties
We may receive information about you from third-party services we use to operate the Service:
(a) Clerk (our authentication provider) may provide us with your name, email address, and authentication status when you sign in or are invited to an organization.
(b) Stripe (our payment processor) may provide us with limited billing information, such as subscription status, payment method type (but not full card numbers), and transaction history.
4. How We Use Your Information
4.1 Account Data
We use Account Data to:
(a) Create and manage your Account. (b) Authenticate your identity and maintain session security. (c) Process payments and manage your Subscription. (d) Send transactional communications (account confirmations, billing receipts, password resets, milestone reminders, and other Service-related notifications). (e) Provide customer support. (f) Communicate important updates about the Service, including changes to these policies. (g) Comply with legal obligations.
4.2 Customer Data
We use Customer Data solely to:
(a) Provide and maintain the Service (storing, displaying, processing, and delivering your content back to you and your Authorized Users). (b) Provide customer support when you request it. (c) Generate reports and exports you request within the Service. (d) Prevent or address technical or security issues. (e) Comply with applicable law, regulation, or legal process.
We do not use your Customer Data for advertising, marketing, or profiling purposes. We do not sell your Customer Data. We do not provide your Customer Data to third parties for their own purposes.
4.3 Usage Data
We use Usage Data to:
(a) Operate, maintain, and improve the Service. (b) Understand how features are used and identify areas for improvement. (c) Monitor the performance, stability, and security of the Service. (d) Detect and prevent abuse or unauthorized access. (e) Generate aggregated, de-identified analytics and insights (which do not identify you or your organization).
4.4 Aggregated and De-Identified Data
We may create aggregated, anonymized, or de-identified data from Usage Data and Account Data for purposes including analytics, benchmarking, product improvement, and industry research. Aggregated Data does not identify you, your organization, or any individual, and does not contain Customer Data content in identifiable form. We may use and share Aggregated Data for any lawful purpose.
5. How We Protect Your Information
5.1 Security Measures
We implement reasonable administrative, technical, and physical safeguards designed to protect your information from unauthorized access, disclosure, alteration, and destruction. These measures include:
(a) Encryption in Transit. All data transmitted between your browser and the Service is encrypted using TLS/SSL.
(b) Managed Database. Customer Data is stored in a managed PostgreSQL database with automated backups, point-in-time recovery, and storage encryption provided by our hosting provider.
(c) File Storage. Uploaded files are stored in Cloudflare R2, an S3-compatible object storage service with encryption at rest.
(d) Authentication Security. User authentication is managed by Clerk, which provides secure session management, password hashing, and supports multi-factor authentication.
(e) Access Controls. The Service enforces role-based access controls, ensuring users only have access to the data and features appropriate for their role within their organization.
(f) Infrastructure Security. Our backend services are protected by CORS policies, rate limiting, security headers (via Helmet), and environment-based configuration.
(g) Error Monitoring. We use Sentry for real-time error detection and alerting, enabling us to quickly identify and resolve issues that could affect data integrity or availability.
(h) Organizational Isolation. Each organization’s data is logically isolated within the Service. Users in one organization cannot access the data of another organization.
5.2 Personnel Access
Company personnel access to Customer Data is restricted and governed by the commitments described in our Terms of Service (Section 7.5). Personnel will only access Customer Data for the specific purposes listed there: providing the Service, responding to your support requests, resolving system errors, investigating Terms of Service violations, and complying with legal requirements.
5.3 Limitations
While we implement reasonable security measures, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information. You are responsible for maintaining the security of your Account credentials and for all activity that occurs under your Account.
6. Our Sub-Processors
We use third-party service providers (“sub-processors”) to help us operate the Service. Each sub-processor only receives the minimum information necessary to perform its function. Our current sub-processors are:
| Sub-Processor | Purpose | Data Processed |
|---|---|---|
| Clerk | Authentication and user management | Name, email, organization membership, session data |
| Stripe | Payment processing and subscription management | Billing contact info, payment method, transaction history |
| Render | Backend hosting and managed database | All Customer Data, Account Data (stored in PostgreSQL database) |
| Vercel | Frontend hosting and delivery | Usage Data (request logs, IP addresses); no Customer Data is stored on Vercel |
| Cloudflare (R2) | File storage | Uploaded file attachments |
| Resend | Transactional email delivery | Recipient email addresses, email content for notifications |
| Sentry | Error monitoring and alerting | Technical error data, application state metadata; minimal personal data |
| PostHog | Product analytics | Usage Data (feature usage, session behavior); no Customer Data content |
We may update this list of sub-processors from time to time. We will update this Privacy Policy or maintain a separate sub-processor list on our website to reflect changes.
Each sub-processor is bound by their own privacy and security commitments. We select sub-processors that maintain reasonable security practices appropriate to the nature of the data they process.
7. When We Share Your Information
We do not sell your personal information or Customer Data. We share your information only in the following circumstances:
7.1 With Sub-Processors
We share information with the sub-processors listed in Section 6, solely for the purposes described there.
7.2 Within Your Organization
Customer Data and Account Data within the Service is shared among Authorized Users within your organization according to the role-based access controls and visibility settings configured by the Account Owner and administrators. For example, users assigned to a Group may see projects within that Group based on their role.
7.3 Legal Requirements
We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that such disclosure is necessary to:
(a) Comply with a legal obligation. (b) Protect and defend the rights or property of the Company. (c) Prevent or investigate possible wrongdoing in connection with the Service. (d) Protect the personal safety of users of the Service or the public. (e) Protect against legal liability.
If we receive a legal request for your data, we will notify you (via the email address associated with your Account) before disclosing your information, unless we are legally prohibited from doing so or unless the request relates to an emergency involving danger of death or serious physical injury.
7.4 Business Transfers
If the Company is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your information becomes subject to a different privacy policy.
7.5 With Your Consent
We may share your information with third parties when you give us explicit consent to do so.
8. Data Retention
8.1 Active Accounts
We retain your Account Data and Customer Data for as long as your Account is active.
8.2 After Cancellation
When you cancel your paid Subscription, your Account reverts to the Free plan. Your Account Data and Customer Data remain accessible under Free plan limitations.
8.3 After Account Deletion
If you request Account deletion:
(a) Customer Data will be permanently deleted from active systems within 30 days.
(b) Customer Data will be permanently deleted from backups within 60 days.
(c) Certain Account Data (such as billing transaction records) may be retained as required by law or for legitimate business purposes (such as tax compliance and dispute resolution).
8.4 Usage Data
Usage Data and server logs are retained for a reasonable period necessary for the purposes described in this policy (typically no longer than 12 months), after which they are deleted or anonymized.
8.5 Inactive Accounts
Accounts on the Free plan with no login activity for 12 consecutive months may be flagged as inactive. We will notify the Account Owner by email before taking any action. If no response is received within 30 days, we reserve the right to delete the Account and associated data.
9. Your Rights and Choices
9.1 Access and Update
You can access, update, and correct your Account Data at any time through the Service’s Settings pages. You can create, modify, and delete your Customer Data at any time through the Service.
9.2 Data Export
You can export your Customer Data using the export features available within the Service. If automated export is not available for certain data, contact us at support@sixgrid.com and we will provide your data in a standard format within a reasonable timeframe.
9.3 Account Deletion
You can request deletion of your Account by contacting support@sixgrid.com. Upon deletion, your data will be handled as described in Section 8.3.
9.4 Email Communications
You can opt out of non-essential email communications (such as product updates and marketing) by following the unsubscribe instructions in those emails or by updating your notification preferences in the Service. You cannot opt out of essential transactional communications related to your Account (such as billing receipts, security alerts, and Terms of Service updates).
9.5 Cookies
You can control cookies through your browser settings. Disabling essential cookies may impair the functionality of the Service.
9.6 Do Not Track
The Service does not currently respond to “Do Not Track” browser signals. We do not track your activity across third-party websites.
10. State Privacy Rights
10.1 California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information, including the right to know what personal information is collected, the right to request deletion, the right to opt out of the sale of personal information, and the right to non-discrimination for exercising your rights.
We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
Under the CCPA, the Company acts as a “service provider” with respect to Customer Data. We process Customer Data only for the business purposes described in these Terms and this Privacy Policy.
To exercise your rights under the CCPA/CPRA, contact us at support@sixgrid.com. We will verify your identity before processing your request.
10.2 Other State Privacy Laws
Residents of other states with privacy legislation (such as Virginia, Colorado, Connecticut, Utah, and others) may have additional rights regarding their personal information. To exercise any rights you may have under applicable state privacy laws, contact us at support@sixgrid.com.
11. Children’s Privacy
The Service is not intended for persons under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you are under 18, do not use the Service or provide any information to us.
If we learn that we have collected personal information from a person under 18 without verification of parental consent, we will delete that information promptly. If you believe we may have information from or about a person under 18, please contact us at support@sixgrid.com.
12. International Users
The Service is operated from the United States. If you access the Service from outside the United States, you understand and agree that your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to this transfer, storage, and processing.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the “Last Updated” date at the top of this page and by sending an email to the Account Owner at the email address on file. Your continued use of the Service after we post changes constitutes your acceptance of the updated policy.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
14. Data Opt-Out
If you wish to request that we stop processing your personal information or delete your data entirely, you may do so by:
(a) Deleting your content within the Service using the available tools.
(b) Requesting Account deletion by contacting support@sixgrid.com.
(c) For specific data processing opt-outs (such as analytics), contacting support@sixgrid.com with your request.
We will process opt-out requests in accordance with applicable law and within a reasonable timeframe. Some data may be retained as required by law or for the legitimate purposes described in Section 8.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: support@sixgrid.com
Mail:
Open Source Six Sigma, LLC
3033 N. 44th Street, Suite 130
Phoenix, AZ 85018
SixGrid is a product of Open Source Six Sigma, LLC.