Privacy Policy
Effective date: 6 June 2026
Growpins AI is committed to protecting your personal information and being transparent about how we use it. This policy explains what data we collect, why we collect it, how we protect it, and what rights you have - wherever in the world you are based.
1. Who We Are (Data Controller)
Growpins AI operates the platform at growpins.ai. For the purposes of UK GDPR and EU GDPR, Growpins AI is the data controller responsible for your personal data. If you have any questions about how we handle your data, contact us at info@growpins.ai.
2. What We Collect
Account & Profile Data
Name, email address, and business name when you register. Optionally, your phone number and store branding details (logo, store description).
Transaction & Billing Data
Subscription plan, billing cycle, and payment confirmation records. We do not store full card numbers - payment processing is handled by our third-party payment processor.
Store & Product Data
Product listings, images, descriptions, and pricing you upload to your store, along with store settings and configuration.
Usage & Technical Data
Pages visited, features used, session duration, browser type, IP address, device type, and referring URLs. This is collected automatically when you use the platform.
Communications
Messages you send us via email or support forms, including support tickets and feedback.
Free Tool Data (SEO Audit)
The URL you submit for auditing. Results are cached per domain for 24 hours. We do not link audit submissions to identifiable users unless you are logged in.
3. How We Use Your Information & Legal Basis
| Purpose | Legal Basis (UK / EU GDPR) |
|---|---|
| Provide and operate the platform | Performance of a contract |
| Process payments and manage subscriptions | Performance of a contract |
| Send transactional emails (receipts, account alerts) | Performance of a contract |
| Improve our AI tools and platform features | Legitimate interests |
| Analyse usage and prevent fraud or abuse | Legitimate interests |
| Send marketing emails and product updates | Consent (you may opt out at any time) |
| Comply with legal obligations | Legal obligation |
4. Who We Share Your Information With
- Payment Processors: Your payment data is handled by our payment provider. We only receive confirmation of payment status - we never see or store your full card details.
- Firebase (Google): We use Firebase for authentication and some data services. Google processes data as a sub-processor under Google's data processing terms.
- Google APIs: Our SEO Audit tool uses Google PageSpeed Insights and Google Safe Browsing APIs. Submitted URLs are sent to Google for analysis.
- Analytics Providers: We may use third-party analytics tools to understand how the platform is used. These tools may collect anonymised usage data.
- Legal & Regulatory: We may disclose your data to comply with a legal obligation, court order, or to protect our rights and the safety of our users.
- We do not sell your personal data to any third party, ever.
5. Cookies
We use cookies and similar technologies to operate the platform, remember your preferences, and analyse usage. The types of cookies we use:
- Strictly Necessary: Required for authentication, session management, and platform security. These cannot be disabled.
- Analytics: Help us understand how users interact with the platform so we can improve it. Set only with your consent.
- Preference: Remember settings such as display preferences and dismissed banners.
You can manage or withdraw cookie consent at any time via our cookie banner or your browser settings. Disabling strictly necessary cookies will affect platform functionality.
6. Data Retention
- Active Accounts: We retain your data for as long as your account is active.
- After Account Deletion: We delete or anonymise personal data within 30 days of a verified deletion request, except where we are required by law to retain it longer (e.g. financial records kept for 6 years under UK tax law).
- SEO Audit Cache: Domain audit results are cached for 24 hours and then discarded.
7. International Data Transfers
Growpins operates globally and your data may be processed in countries outside your own, including the United Kingdom, the European Economic Area, and the United States (for example, via Firebase / Google Cloud). Where we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the relevant regulatory authorities.
8. Your Rights
Depending on where you are located, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Ask us to correct inaccurate or incomplete data.
- Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
- Restriction: Ask us to pause processing of your data in certain circumstances.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests or for direct marketing.
- Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
To exercise any of these rights, email info@growpins.ai. We will respond within 30 days.
9. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include encrypted data transmission (HTTPS), access controls, and regular security reviews. No system is 100% secure - if you believe your account has been compromised, contact us immediately at info@growpins.ai.
10. Children's Privacy
Growpins is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes by email or via a notice on the platform. The effective date at the top of this page shows when the policy was last revised.
12. Contact & Complaints
For any privacy-related questions or to exercise your rights, contact us at info@growpins.ai.
If you are based in the United Kingdom and are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. If you are based in the EU, you may contact your local data protection authority.