Privacy

Privacy Policy

Fifth Avenue Photographic, LLC ("we," "us," "our") operates The Grid Index and the related WordPress products. This policy explains what data we collect, why, and what we don't collect — written plainly, without dark patterns.

Last updated: May 21, 2026

The short version

  • We don't sell your personal data. We don't share it with advertisers, brokers, or any third party that markets to you.
  • Our WordPress plugins do not phone home. No analytics, no install registration, no telemetry.
  • Our website collects only what's needed to run it: standard web server logs, contact form submissions, and the WordPress session cookies set when you log in.
  • You can request access to or deletion of any personal data we hold by writing to us through the contact form.

1. What we collect

Contact form submissions

When you submit the contact form on this site, we receive: your name, email address, the inquiry type you selected, the subject line, the message body, the timestamp of submission, your IP address, and the User-Agent string sent by your browser. We use this only to respond to your message and to defend the form against abuse (rate-limiting, spam filtering).

Server logs

Our web host generates standard access logs containing IP addresses, timestamps, requested URLs, HTTP status codes, referrer headers, and User-Agent strings. These logs are retained for a short rolling window and are used solely for security, debugging, and abuse mitigation.

Cookies

We set the standard WordPress cookies when administrators log in to the back end. We do not set tracking, advertising, or third-party analytics cookies on the public-facing site. If we add any first-party analytics in the future, we will list them here and offer a way to decline.

Account data (administrators only)

If you have a WordPress account on this site (i.e., you are a staff editor or administrator), WordPress stores your username, hashed password, email, and role. This data is held in the WordPress database and is only accessible to authorized administrators.

2. What we don't collect

We do not run third-party advertising, retargeting, or behavioral tracking on this site. We do not embed analytics that fingerprint your device. Our published WordPress plugins do not collect any data about the sites that install them — there is no "active installs" telemetry, no usage reporting, and no list of customer sites maintained on our side.

If our plugin does fetch an external RSS feed on your behalf, that fetch comes from your server, not ours. The publisher whose feed you enable will see your server's IP in their access logs — we do not see or proxy that traffic.

3. How we use the information we collect

  • To respond to messages submitted through the contact form.
  • To diagnose and fix technical issues with the site.
  • To detect and prevent abuse, spam, and unauthorized access attempts.
  • To meet legal obligations if we receive a valid legal request.

4. Who has access

We do not sell personal information. We do not rent, trade, or share it for marketing purposes. The only parties with technical access to data on this site are:

  • Our web host — the hosting provider that runs the server this site lives on. They have access to server-level data (logs, files, database) as part of operating the infrastructure.
  • Email delivery provider — when the contact form sends a message, that email passes through whatever SMTP service the site is configured to use. The provider may briefly log the recipient address and message for delivery purposes.
  • Legal authorities — if compelled by a valid subpoena, court order, or other legal process. We will resist overly broad requests and notify the affected party where legally permitted.

5. Third-party headlines and feeds

When this site displays headlines aggregated from external publishers via RSS, those headlines remain the intellectual property of the originating publisher. Each headline links to the publisher's own site, where their privacy policy applies once you click through.

We do not relay your browsing activity to the publishers we link to. Their cookie and privacy practices are their own — review them on each publisher's site if you want details.

6. Your rights

Depending on where you live, you may have rights under laws like the EU GDPR, the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), or similar regional regulations. These typically include the right to:

  • Know what personal data we hold about you.
  • Request a copy of that data.
  • Request correction of inaccurate data.
  • Request deletion of your data, subject to legal retention requirements.
  • Object to or restrict certain processing.
  • Opt out of any future analytics or marketing we might introduce.

To exercise any of these rights, send us a message via the contact form and tell us what you're asking for. We respond within 30 days, faster when we can.

7. How long we keep things

  • Contact form messages — retained in the recipient inbox for as long as needed to handle the inquiry, then archived per normal email retention.
  • Server access logs — typically rotated within 30–90 days by the hosting provider.
  • Rate-limit counters — short-lived transients (under 10 minutes), then automatically deleted.
  • Administrator accounts — retained for as long as the person needs back-end access; deleted on request or when they leave.

8. Security

We run this site over HTTPS, keep WordPress core and plugins patched, and follow standard security practices for our infrastructure. No web service can promise perfect security; if a breach affecting personal data ever occurs, we will notify affected users in accordance with applicable law.

9. Children's privacy

This site is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has submitted data, please contact us and we will delete it.

10. Changes to this policy

When we update this policy, we update the "Last updated" date at the top. Material changes will be flagged in a notice on the site for at least 14 days. Continued use after the effective date constitutes acceptance.

11. Contact

Questions, requests, complaints — all of it goes to Fifth Avenue Photographic, LLC. The fastest way to reach us is the contact form. We respond to legitimate privacy requests within 30 days.