The Grid

Legal

Data deletion

Effective 2026-05-26

This page describes how to request deletion of your data from The Grid, what gets deleted, and how long the process takes. It covers requests made directly by you, requests made by Meta or Google on your behalf under their platform data-deletion requirements, and requests made under GDPR Article 17 (right to erasure) or comparable jurisdictional laws.

How to request deletion

Send an email to privacy@tothegrid.co with the following details:

  • Subject line: Data Deletion Request — [your account email]
  • The email address associated with your The Grid account
  • The brand workspace name(s) you want deleted, if your account is associated with more than one
  • A brief note confirming you are the account holder or have authorization to make this request on the account holder's behalf

If you reach us via a different channel (Meta's Data Use Checkup, Google's OAuth verification flow, a support ticket), we will route the request to the same internal process below.

What gets deleted

On request, we delete the following from our production databases and any backups within our retention windows:

  • Your account record and login credentials
  • Every brand workspace your account owns, including all campaigns, channel plans, event cards, sticky notes, documents, and other content authored inside The Grid
  • All historical signal data ingested from connected channel APIs on behalf of your brand workspaces — Meta Ads, Google Ads, GA4, Klaviyo, Postscript, Shopify, Amazon SP-API, Recharge, Gorgias, TikTok Ads, and Google Drive
  • All OAuth tokens, API keys, webhook secrets, and integration credentials stored on your behalf
  • Activity logs and audit records tied to your account
  • Any AI priors, brand-voice answers, or tactical priming answers you captured during onboarding or in Settings → AI

Data we may retain after deletion: anonymized aggregate usage metrics (no identifying information), records required for legal compliance (e.g., financial transaction records required by tax authorities), and limited records required to enforce our Terms of Service (e.g., a hash of an account email to prevent re-registration in cases of policy violation). These retentions are disclosed in our Privacy Policy.

Timeline

We process every deletion request within 30 days of receipt. For requests received during a US federal holiday or weekend, the 30-day clock starts the next business day. If your request involves data held by a subprocessor (e.g., Vercel hosting backups, Liveblocks multiplayer state), we coordinate with the subprocessor to complete deletion within the same window where their retention policy permits.

Confirmation

Once your deletion is complete, we send a confirmation email to the address you submitted the request from. The confirmation email lists: the date deletion completed, the brand workspace(s) deleted, and any data categories that were retained for legal compliance with the reason for retention.

About the email-based process

We are currently shipping data deletion via a human-in-the-loop email workflow. A programmatic endpoint that accepts an HTTP request and triggers deletion asynchronously is on our near-term roadmap and will replace this process when available. The endpoint URL will be published here and in our Meta App configuration once it ships. Until then, the email workflow described above is the canonical mechanism.

Questions

If you have questions about this process, the scope of deletion, or your data subject rights more broadly, contact us at privacy@tothegrid.co. For our complete data practices, see our Privacy Policy.