Legal

Privacy Policy

This Privacy Policy explains how Grande Web Network collects, uses, and protects your personal information across our family of websites and services.

Effective Date: March 30, 2026 Last Updated: March 30, 2026 Data Controller: Scott Gilley, Grande Web Network
This policy applies to all websites operated by Grande Web Network, including grandewebnetwork.com, a2zwordfinder.com, a2zwords.com, ifindwines.com, a2zarcade.com, a2zlessons.com, a2ztrivia.com, puzzledepot.com, and all affiliated properties. For questions, contact us at [email protected].

1. Who We Are

Grande Web Network ("GWN," "we," "us," or "our") is a network of educational, entertainment, and utility websites operated by Scott Gilley, an individual operator based in the United States.

Data Controller:
Scott Gilley
Grande Web Network
Email: [email protected]

Our network includes, but is not limited to, the following properties: grandewebnetwork.com, a2zwordfinder.com, a2zwords.com, ifindwines.com, a2zarcade.com, a2zlessons.com, a2ztrivia.com, a2znews.com, a2zmemes.com, a2zmahjong.com, a2zpuzzles.com, puzzledepot.com, wordlewonk.com, crossbingo.com, wordunscrambler.ai, frame-games.com, wunzzles.com, iwordfinder.com, lettersintowords.com, and affiliated satellite domains.

2. Data We Collect

We collect information in the following categories:

2.1 Information You Provide Directly

2.2 Information Collected Automatically

2.3 Information from Third Parties

3. How We Use Your Data

Service Delivery

Providing access to word games, wine pairing tools, trivia, educational content, and other GWN services.

Analytics & Improvement

Understanding how visitors use our sites so we can improve features, fix bugs, and prioritize development.

Advertising

Serving relevant display advertisements to support free access to our services. We share data with ad partners as described in Section 6.

Email Communications

Sending newsletters, product updates, and promotional messages to subscribers (with your explicit consent).

Security & Fraud Prevention

Detecting and preventing abuse, scraping, bot traffic, unauthorized access, and fraudulent activity.

Legal Compliance

Fulfilling legal obligations including responding to lawful data access requests and enforcing our Terms of Use.

Legal Basis for Processing (GDPR)

PurposeLegal Basis
Service delivery, account managementContractual necessity (Art. 6(1)(b))
Analytics (GA4)Legitimate interests (Art. 6(1)(f))
Advertising cookies & profilingConsent (Art. 6(1)(a))
Newsletter & email marketingConsent (Art. 6(1)(a))
Security logs, fraud preventionLegitimate interests (Art. 6(1)(f))
Legal obligationsLegal obligation (Art. 6(1)(c))

4. Cookies & Tracking Technologies

We use cookies and similar technologies (pixels, local storage, session storage) to operate our services. Below is a description of each category:

Essential Cookies

Required for the operation of our websites. These cannot be disabled without breaking core functionality.

Analytics Cookies

Help us understand visitor behaviour in aggregate. No personal information is sold through these cookies.

Advertising Cookies

Used to deliver relevant advertisements and measure their effectiveness. These are set by our advertising partners (see Section 6).

Managing Cookies

You can control cookies through your browser settings. Disabling analytics or advertising cookies will not prevent you from using our services. To opt out of interest-based advertising from Google, visit adssettings.google.com. To opt out of Amazon interest-based ads, visit amazon.com/adprefs.

5. Third-Party Services

We share data with the following third-party service providers who assist us in operating our network:

ProviderPurposeData SharedPrivacy Policy
Google LLC (Analytics)Google Analytics 4 — usage analyticsIP (anonymized), browser, session data, eventsLink
Google LLC (Ads)Google Ad Manager, AdSense — ad servingIP, device, cookie IDs, page contextLink
Amazon Web Services (APS)Amazon Publisher Services — header biddingIP, cookie IDs, bid request dataLink
Cloudflare, Inc.CDN, DDoS protection, DNS, securityIP, request headers, page URLsLink
Kit (ConvertKit)Email list management, newsletter deliveryEmail address, subscription preferencesLink
Stripe, Inc.Payment processing for member subscriptionsName, email, billing address, payment methodLink
Linode / AkamaiWeb server hosting (node1, node2, node3)Log data, server-processed requestsLink
UDM ServeDisplay advertisingIP, device, cookie IDsAvailable on request
PixFuture MediaDisplay advertisingIP, device, cookie IDsLink

We do not sell your personal data to these providers. They act as data processors or independent data controllers under their own privacy policies, as applicable.

6. Advertising Partners

Our websites are supported by advertising. To serve relevant ads and measure their performance, our advertising partners may use cookies, device identifiers, and similar tracking technologies to collect data about your interactions with our sites and across the web.

Interest-Based Advertising

Some of our partners may build a profile of your interests based on browsing behaviour to deliver personalized ads. You can opt out of interest-based advertising by visiting the Digital Advertising Alliance opt-out page or the European Interactive Digital Advertising Alliance (EDAA) for EU residents.

Our Advertising Partners Include:

When advertising is served, the following data may be transmitted to ad partners: your approximate geographic location (country/region), device type, browser, the URL of the page you are viewing, and a pseudonymous identifier. No name, email address, or payment information is shared with ad partners.

7. Data Retention

Data TypeRetention PeriodReason
Server access logs90 daysSecurity monitoring and abuse prevention
Google Analytics 4 data14 months (GA4 default)Trend analysis; configurable in GA4 admin
Email subscriber dataUntil unsubscribe or deletion requestNewsletter delivery (Kit/ConvertKit)
Member account dataDuration of account + 2 years after closureSubscription records, legal and tax obligations
Payment records7 yearsTax and accounting legal requirements
Cloudflare security logsUp to 30 daysDDoS and threat analysis (Cloudflare retention)
Support communications3 yearsResolution records and quality assurance

Upon receiving a verified deletion request (see Section 14), we will erase your personal data within 30 days, except where we are required to retain it by law.

8. International Data Transfers

Grande Web Network is operated from the United States. If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with data transfer restrictions, your personal information will be transferred to and processed in the United States.

We rely on the following safeguards for international transfers:

You may request a copy of the transfer safeguards applicable to any third-party processor by contacting us at [email protected].

9. EU & EEA Resident Rights (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:

Right of Access (Art. 15)

Request a copy of the personal data we hold about you and information about how it is used.

Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete personal data.

Right to Erasure (Art. 17)

Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.

Right to Restriction (Art. 18)

Request that we limit our processing of your data in certain circumstances.

Right to Data Portability (Art. 20)

Receive your personal data in a structured, machine-readable format and transfer it to another controller.

Right to Object (Art. 21)

Object to processing based on legitimate interests, including profiling for direct marketing purposes.

Right to Withdraw Consent

Where we process your data based on consent (e.g., email marketing, advertising cookies), you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu. UK residents may contact the Information Commissioner's Office (ICO).

Response Timeline

We will respond to verified rights requests within 30 days. Complex requests may require up to 90 days with notice. We do not charge a fee for reasonable requests.

How to Exercise Your Rights

Submit requests by email to [email protected] with the subject line "GDPR Rights Request." We will verify your identity before processing any request.

10. California Resident Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information.

Do We Sell Personal Information?

We do not sell personal information in the traditional sense. However, some of our advertising practices (behavioral advertising cookies shared with ad partners) may constitute a "sale" or "sharing" under the CCPA's broad definition. You have the right to opt out of this.

Your California Rights

Categories of Personal Information Collected (Last 12 Months)

CategoryExamplesCollected?
IdentifiersIP address, email, cookie IDsYes
Internet activityPages visited, search queries, interactionsYes
Geolocation dataCountry/region from IP (not precise location)Yes
Commercial informationPurchase history for member subscriptionsYes (members)
InferencesInterests inferred by Google for ad targetingVia Google
Financial informationCredit/debit card numbersNo (Stripe only)
Biometric dataFingerprints, facial recognitionNo
Sensitive personal informationSSN, health data, precise geolocationNo

Exercising Your California Rights

Submit a verifiable consumer request by emailing [email protected] with the subject line "CCPA Rights Request." You may also designate an authorized agent to submit requests on your behalf. We respond within 45 days (extendable by 45 days with notice).

11. Children's Privacy

Our services are intended for users aged 13 and older. We do not knowingly collect personal information from children under the age of 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at [email protected] and we will delete the information promptly.

For users in the EU/EEA, consent to data processing is required from a parent or guardian for children under 16 years of age (or the applicable age in your member state).

12. Data Security

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. In the event of a data breach that poses a high risk to your rights and freedoms, we will notify affected individuals and applicable supervisory authorities as required by law.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Your continued use of our services after the effective date of any changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

14. Contact & Data Requests

For any privacy-related questions, concerns, or to exercise your data rights, please contact:

Grande Web Network — Privacy Team

Name: Scott Gilley
Email: [email protected]
Subject line: "Privacy Request" or "GDPR Rights Request" or "CCPA Rights Request"

We aim to acknowledge all privacy inquiries within 3 business days and resolve them within 30 days. For complex requests, we may request additional time (up to 90 days total for GDPR, 90 days total for CCPA) with written notice.

For EU residents, if you are not satisfied with our response, you may escalate to your local data protection authority.