Privacy Policy
Last updated · Jun 13, 2026
Welcome to GrowthOS, a software-as-a-service platform that helps marketing teams and agencies generate, track, and convert organic inbound leads ("Services"). This Privacy Policy describes the information we collect, how we use it, who we share it with, how we protect it, and the choices you have over its use.
This Privacy Policy applies to all users of our Services at https://growth-os.co/ ("you", "your").
A few notes before we begin:
The "Section highlights" at the top of each clause are summaries for ease of reading. They do not replace the clause itself. If a highlight conflicts with the full clause, the clause prevails.
We may revise this Privacy Policy from time to time as our Services evolve. Please check this page regularly. Material changes will be communicated to you directly where required by law.
If you do not agree with how we process data as described here, please do not use our Services.
By using, visiting, or signing up for our Services, you agree to this Privacy Policy.
1. Data we collect and why
Section highlights
This section lists what data we collect, how we collect it, why we collect it, and who we share it with.
What we collect | How we collect it | Why we collect it | Who we share it with |
|---|---|---|---|
Name, email address, account password, phone number, and address | You provide it during sign-up and through your use of the Services | To create and secure your account, raise invoices, deliver the Services on your subscription plan, and communicate with you for customer support, grievance redressal, product updates, and transactional notices | Email, analytics, and hosting service providers acting on our behalf. We do not sell your data. |
Content you upload, including text, files, and documents used inside GrowthOS | From your use of the Services | To deliver the features you have signed up for, including content analysis, lead qualification, and reporting | Same as above |
Payment information (card details, payment provider account info, GST number where applicable, and preferred mode of transfer) | You provide it during checkout and from your use of the Services | To process payments, enable paid Services, and meet tax and accounting obligations | Payment processors. Their terms and privacy policies govern how they handle this data. |
Google Workspace API data (see Section 2) | When you connect your Google account through OAuth | To deliver the specific Workspace-connected features you have signed up for | See Section 2 |
Services usage data, including log information, pages viewed, and time spent | Automatically reported by your browser and our application when you use the Services | To personalize your experience, measure usage trends, provide customer support, and improve the Services | Third-party analytics providers such as Google Analytics, under contract and in compliance with applicable law |
Device data, including time zone, operating system, hardware and software versions, browser type, and plugins | You provide it during sign-up and from your use of the Services | To deliver the Services in your local time, optimize performance, and provide diagnostics | We do not share this data except as described in this Privacy Policy |
How we collect your information
We collect personal information in three ways:
Information you give us. When you sign up, configure your account, connect integrations, or contact us, we collect what you provide directly.
Information we collect from your use of the Services. We use cookies, web beacons, and similar tracking technologies to record how you interact with the Services. This includes the pages you visit and the time spent on them.
Information we receive from third parties. When you authorize an integration (for example, Google), we receive data from that third party based on the permissions you have granted.
Legal bases for processing
Where applicable law (such as GDPR) requires a legal basis for processing, we rely on:
Performance of a contract with you, such as our terms of use.
Our legitimate interests, including protecting the Services from abuse, fraud, or security risks, and improving and promoting the Services, where those interests are not overridden by your rights.
Your consent, when we ask for it for a specific purpose.
Compliance with legal obligations.
Who we share your data with
We do not sell your personal information. We share it only with the following categories of recipients, on a need-to-know basis:
Service providers and vendors who help us run the Services (hosting, analytics, payment processing, email delivery, and customer support tools), under contractual confidentiality and data protection obligations.
Other users, only where you explicitly choose to share content or collaborate.
Business affiliates, who must use any shared data consistently with this Privacy Policy.
Acquirers, in the event of a merger, acquisition, restructuring, or sale of assets. You will be notified where required by law.
Law enforcement and regulators, when required by law, court order, or to establish or defend our legal rights.
Professional advisors such as accountants, lawyers, and auditors, on a need-to-know basis.
2. Google Workspace API data and limited use compliance
Section highlights
When you connect a Google account, we access only the Workspace data needed to deliver features you have signed up for, and we follow Google's Limited Use restrictions. We do not use this data to train AI or ML models.
Scopes and data we access
When you connect your Google account to GrowthOS through OAuth, we may request access to the following Google Workspace API scopes:
Google Search Console (
https://www.googleapis.com/auth/webmasters). To view and manage Search Console data for your verified sites. We use this to analyze organic search performance, surface keyword and page-level insights, monitor indexing and crawl status, and recommend optimizations that improve your organic inbound results.Google Analytics read-only (
https://www.googleapis.com/auth/analytics.readonly).To see and download your Google Analytics data. We use this to report on traffic sources, user behavior, conversion paths, and the performance of your organic inbound campaigns inside your GrowthOS dashboard.
Google Analytics (
https://www.googleapis.com/auth/analytics).To view and manage your Google Analytics data, including configuring custom dimensions, events, and audience segments required to track lead-quality signals and measure inbound funnel performance end to end.
We only access the scopes necessary to deliver the features you have enabled. You can review and revoke GrowthOS's access at any time from your Google Account permissions page.
Limited use commitment
GrowthOS's use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.
Specifically, we commit that:
No AI or ML training on Workspace data. We do not use Google Workspace user data, or data derived from it, to develop, improve, or train generalized or non-personalized AI and/or ML models. Any AI features in GrowthOS that operate on your Workspace data do so to deliver the user-facing feature you requested, and the data is not retained for model training.
No transfers except as needed to deliver the Services. We do not transfer Google Workspace data to third parties except where necessary to provide or improve user-facing features within GrowthOS, to comply with applicable law, or as part of a merger, acquisition, or sale of assets in which case you will be notified.
No use for advertising. We do not use or transfer Google Workspace data for serving advertisements, including retargeting, personalized, or interest-based advertising.
No human access except as permitted. We do not allow humans to read your Google Workspace data unless we have your affirmative agreement to view specific messages, files, or other data, it is necessary for security purposes (for example, investigating abuse), it is required to comply with applicable law, or the data has been aggregated and anonymized for internal operations.
Storage and retention of Workspace data
We do not store Google Workspace data beyond what is necessary to deliver the features you have signed up for. Where caching is used for performance, it is limited to the duration permitted by Google's terms. You can request deletion of your Workspace-derived data at any time by contacting admin@growth-os.co.
3. How we store, secure, and transfer your data
Section highlights
We use industry-standard technical and organizational safeguards to protect your data, including encryption in transit, access controls, and firewalls.
We apply security measures appropriate to the sensitivity of the data we handle:
We maintain a security and access authorization policy and review it periodically.
Data transferred between your device and our Services is encrypted in transit over HTTPS. You can verify this through the lock icon in your browser's address bar.
We enforce strict access controls to prevent unauthorized internal access to personal data.
Our systems handling user data are protected by firewalls and monitored for unauthorized access.
If you correspond with us by email, we cannot fully rule out third-party interception. For confidential matters, we recommend physical mail or PGP-encrypted email.
No method of transmission over the internet or method of electronic storage is fully secure. While we use industry best practices, we cannot guarantee absolute security.
We do not generally transfer your personal data outside your jurisdiction of residence. Where we do, we ensure compliance with applicable law. If you reside in the European Economic Area, we do not transfer data outside the EEA except in compliance with the GDPR.
If a security incident affects your data, we will investigate, take reasonable steps to mitigate the impact, and notify affected users where required by applicable law.
4. Your rights
Section highlights
You have meaningful control over your personal data. Most rights can be exercised by writing to admin@growth-os.co or through your account settings.
Access and portability
You can request a copy of the personal data we hold about you. Where the processing is automated and based on your consent or a contract, you can also request that we transmit it to another provider in a structured, machine-readable format, where technically feasible.
Rectification
You can ask us to correct inaccurate or incomplete personal data, where you cannot update it directly through your account.
Erasure
You can ask us to delete your personal data, subject to data retention requirements under applicable law and our legal obligations. Note that deleting certain data may prevent us from continuing to provide the Services to you.
Withdrawing consent
You can withdraw consent at any time through your account settings or by writing to admin@growth-os.co. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Restriction of processing
You can ask us to restrict how we use your data where:
You contest its accuracy.
The processing is unlawful and you oppose erasure.
We no longer need the data but you require it for legal claims.
You have objected to processing pending verification of our legitimate grounds.
Objection to processing
You can object to processing based on legitimate interests or for direct marketing. If you object to direct marketing, we will stop processing your data for that purpose. For other legitimate interest processing, we will stop unless we have compelling legitimate grounds or need to handle a legal claim.
Appeals and complaints
If you are dissatisfied with our response to a request, you can appeal by emailing admin@growth-os.co. You also have the right to lodge a complaint with your local data protection authority.
Opting out
You can opt out of marketing communications at any time. Where applicable law gives you the right to opt out of selling, sharing, profiling, or targeted advertising, you can exercise that right by writing to admin@growth-os.co.
Do not track
There is no agreed industry standard for "Do Not Track" signals, so we do not respond to them in any specific way.
5. How long we keep your data
We retain personal data only as long as necessary for the purposes for which it was collected, and consistent with applicable law. Our retention criteria include:
The duration of our relationship with you and your use of the Services.
Legal or regulatory obligations that require us to retain certain records (for example, tax and transaction records).
The need to retain data in light of statutes of limitation, ongoing litigation, or regulatory investigations.
When data is no longer needed, we delete or anonymize it.
6. Our communications
We may send you Services-related announcements when necessary, such as maintenance windows, security advisories, privacy updates, and administrative notices. These are sent by email or SMS. You cannot opt out of essential Service-related communications, but you can opt out of marketing communications at any time.
7. Children's data
Our Services are not directed at individuals under the age of 18 ("Minors"). Minors are not permitted to sign up. We do not knowingly collect personal data from Minors.
If we learn that we have collected data from a Minor without verified parental consent where required, we will delete it as quickly as possible. If you believe we may hold data from or about a Minor, please contact us at admin@growth-os.co.
8. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Services before the changes take effect. Continued use of the Services after the effective date constitutes acceptance of the updated policy.
9. Contact us
For privacy questions, data requests, or to exercise any of your rights, contact us at:
Email: admin@growth-os.co
Website: https://usegrowthos.com/