Privacy Policy

Last updated: June 2, 2026

Our Commitment to Privacy

Gridmock ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our OCPP simulation platform and related services.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, company name, billing address
  • Payment Information: Credit card details (processed by Stripe, not stored by us)
  • Communications: Support tickets, emails, and chat messages
  • Profile Data: Team member information, API keys, webhooks

1.2 Technical Data We Collect

  • Usage Data: Virtual charger configurations, OCPP message logs, API requests
  • Performance Data: Response times, error rates, uptime metrics
  • Device Information: IP address, browser type, operating system
  • Cookies: Only essential cookies for session and authentication (see Section 6 below)

1.3 Information We Do NOT Collect

  • We do not collect personally identifiable information from end-users of your CSMS (charging station users)
  • We do not track your location or use third-party advertising cookies
  • We do not sell your data to third parties

2. How We Use Your Information

  • Service Delivery: Provide and maintain the Gridmock platform
  • Billing: Process payments and send invoices
  • Support: Respond to support requests and troubleshoot issues
  • Product Improvement: Analyze usage patterns to improve performance and features
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Communications: Send service updates, security alerts, and (optionally) product news
  • Legal Compliance: Comply with legal obligations and enforce our Terms

3. Data Storage and Security

3.1 Where We Store Your Data

Your data is stored on secure servers in the European Union (EU) and the United States. We use industry-leading cloud infrastructure providers:

  • AWS (Frankfurt, Virginia regions)
  • Google Cloud Platform (Belgium region for EU customers)

3.2 How We Protect Your Data

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access, multi-factor authentication (MFA)
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Backups: Daily encrypted backups with 30-day retention
  • Compliance: SOC 2 Type II, ISO 27001 (in progress)

3.3 Data Retention

  • Account Data: Retained while your account is active + 90 days after cancellation
  • OCPP Message Logs: 7-90 days depending on your plan (Professional: 7 days, Scale: 30 days, Enterprise: custom)
  • Billing Records: 7 years for tax compliance
  • Support Tickets: 3 years for quality assurance

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

  • Service Providers: Stripe (payment processing), AWS/GCP (hosting), Postmark (transactional emails)
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In the event of a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize data sharing

5. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following data protection rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Opt out of certain data processing activities
  • Right to Withdraw Consent: Revoke consent for data processing at any time

To exercise these rights, contact us at support@gridmock.com. We will respond within 30 days.

6. Cookies and Tracking

We keep tracking to a minimum. Our website uses Umami, a privacy-focused, cookieless analytics tool, so no consent banner is required.

  • No Tracking Cookies: Umami does not set cookies or use persistent identifiers
  • Aggregated & Anonymous: We only see aggregate visit data, never individual profiles
  • No Advertising Trackers: We do not use Google Analytics, ad pixels, or cross-site tracking
  • Essential Cookies Only: Any cookies we set are strictly necessary to operate the service

7. International Data Transfers

If you are located outside the United States, your data may be transferred to and processed in the US. We ensure adequate protection through:

  • EU-US Data Privacy Framework compliance
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data residency options for Enterprise customers

8. Children's Privacy

Gridmock is a B2B service not intended for individuals under 18. We do not knowingly collect data from children. If we discover we have collected data from a child, we will delete it immediately.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our platform at least 30 days before the changes take effect. Continued use of Gridmock after changes constitutes acceptance.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us: