Skip to content
GridCraft
FeaturesPricingGamesDocsEditor
FeaturesPricingGamesDocsEditor
GridCraft

A tile map editor for game developers.

Product

  • Features
  • Pricing
  • Editor

Resources

  • Documentation
  • Get Started
  • Sign In
  • Dashboard

Community

  • Send feedback
  • Discord

Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
© 2026 GridCraft. A product of OmniaDev Inc.

Privacy Policy

Last updated: 2026-05-21

This policy tells you what GridCraft does with your data. It covers the website at gridcraft.dev, the browser editor, and the desktop app. If something is unclear, email us. The address is at the bottom.

Who runs GridCraft

GridCraft is built and operated by OmniaDev Inc., a company registered in Alberta, Canada. For privacy law, OmniaDev Inc. is the data controller (GDPR language) and the business that decides how your personal information is used (CCPA / CPRA language).

You can reach the privacy contact at [email protected].

What we collect

Three buckets:

  • Account data. Email address, username, and a bcrypt hash of your password. If you buy a paid plan, we also store your subscription tier, the dates it starts and renews, and a Stripe customer ID. We never see your full card number.
  • Your maps and tilesets. The files you create or upload. Stored in our PostgreSQL database so the editor can load them back on your other devices. On the free tier you get 3 maps, 25 MB of storage, and a single bound device. Paid plans raise those limits.
  • Usage and request data. Server logs of requests to the API (IP address, timestamp, route, status). If you accept analytics cookies, Google Analytics also records page views and a few standard interactions.

Why we have it

Account data is what lets you sign in and keep your subscription current. Your maps are stored so the editor has something to load. Server logs help us debug, catch abuse, and keep the service up. Analytics, when you opt in, shows which features actually get used so we know where to spend our time.

Under GDPR, the lawful bases we rely on are: contract (running your account and storing your maps), legitimate interest (security logs and abuse prevention), and consent (analytics cookies, marketing email).

How long we keep it

  • Account and map data: as long as your account is open. Delete the account and it is removed within 30 days, except where we are required to keep records (tax law for invoices, for example).
  • Server logs: 90 days, then they roll off automatically.
  • Payment records and invoices: 7 years, to satisfy Canadian tax law.
  • Analytics data: handled inside Google Analytics with the standard 14-month retention window.
  • Cookie consent choice: 12 months in your browser's localStorage, then we ask again.

Who we share it with

We don't sell your data. We use a small number of processors to run the service:

  • Stripe handles payments and subscription billing. They receive your email, a customer ID, and the payment details you give them. Their privacy policy is at stripe.com/privacy.
  • Google Analytics (Google LLC) records aggregated usage data, but only after you accept analytics cookies. IP addresses are anonymized before storage. Their policy is at policies.google.com/privacy.
  • Our hosting provider runs the servers that the website, API, and database live on. They see the same traffic the servers do.

We share data with law enforcement only when we have a valid legal order. If we ever have to, and the law lets us tell you, we will.

International transfers

GridCraft is operated from Canada. If you use the service from the EU, UK, or California, your data moves to Canada (and possibly the US, via Stripe and Google). Canada has an adequacy decision from the European Commission for commercial organizations under PIPEDA, which covers the bulk of these transfers. Where it doesn't, we rely on Standard Contractual Clauses with our processors.

Your rights

Wherever you live, you can email [email protected] and ask us to:

  • Send you a copy of the data we hold on you.
  • Correct anything that's wrong.
  • Delete your account and the data attached to it.
  • Stop using your data for a specific purpose.

We aim to respond within 30 days. We may ask you to confirm the email on the account before acting, so we don't hand your data to the wrong person.

If you're in the EU, UK, or Switzerland (GDPR / UK GDPR)

You have the rights to access, rectification, erasure, restriction, portability, and objection. You can withdraw consent at any time (for analytics, click “Cookie preferences” in the footer). You can also complain to your national data protection authority. We don't have an EU representative at our current size, but the email above is the working contact.

If you're in California (CCPA / CPRA)

You have the rights to know what categories of personal information we collect, to access and delete it, to correct it, and to opt out of any “sale” or “sharing”. We don't sell personal information and we don't share it for cross-context behavioural advertising. We won't discriminate against you for exercising these rights.

If you're in Canada (PIPEDA / Alberta PIPA)

You have the rights to access and correct your personal information, and to withdraw consent. If you're in Alberta and you can't resolve a complaint with us, you can contact the Office of the Information and Privacy Commissioner of Alberta. If you're elsewhere in Canada, the Office of the Privacy Commissioner of Canada handles PIPEDA complaints.

Cookies and local storage

We use a few. The full list is on the cookie policy page. Analytics cookies only load after you accept them in the banner. Your auth token is kept in localStorage so you stay signed in between visits.

Security

Data is encrypted in transit (HTTPS) and at rest. Passwords are hashed with bcrypt. The database lives on managed hosting with access restricted to the application and our own admins. We don't pretend any system is unbreakable. If we have a breach that affects you, we'll notify you within the time the law requires (72 hours for GDPR notifications to regulators).

Children

GridCraft isn't for kids under 13. We don't knowingly collect data from anyone in that age range. If you think your child has signed up, email us and we'll remove the account.

Paid plans

Subscribing adds billing information to the picture: a Stripe customer record, invoice history, and the plan you're on. The card itself stays with Stripe. If you cancel, your maps stick around until the end of the period you paid for, then your account drops to the free-tier limits (3 maps, 25 MB, one device). Anything over those limits goes into read-only mode until you upgrade again or delete it.

Changes

If we change this policy in a way that affects you, we'll email the address on your account and update the date at the top of this page. Small editorial fixes won't get an email.

Contact

OmniaDev Inc.
Alberta, Canada
[email protected]