Privacy Policy

Effective Date: December 13, 2025 | Last Updated: December 13, 2025

Your Privacy Matters: At Grow8, we are committed to protecting your privacy and ensuring the security of your personal and business data. This Privacy Policy explains how we collect, use, share, and protect your information in compliance with GDPR, CCPA, and other applicable data protection regulations.

1. Introduction

This Privacy Policy applies to all information collected through our platform, website (grow8.ai), mobile applications, and any related services (collectively, "Services"). By using our Services, you consent to the practices described in this policy.

Grow8 acts as both a data controller and data processor depending on the context of data processing activities.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, company name, billing address
  • Payment Information: Credit card details, billing information (processed through secure payment processors)
  • Profile Information: Business details, marketplace seller IDs, product categories
  • Communications: Messages, support requests, feedback you send to us

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken, time spent on platform
  • Device Information: IP address, browser type, operating system, device identifiers
  • Cookies and Tracking: Session cookies, analytics cookies, preference cookies
  • Log Data: Access times, error logs, referring URLs

2.3 Information from Third-Party Integrations

When you connect marketplace accounts (Amazon, eBay, Shopify, etc.), we may collect:

  • Seller account information and performance metrics
  • Product listings, inventory data, and pricing information
  • Order history and customer transaction data
  • Reviews, ratings, and customer feedback
  • Advertising and promotional campaign data

3. How We Use Your Information

We use collected information for the following purposes:

PurposeLegal Basis (GDPR)
Provide and maintain our ServicesContract Performance
Process payments and subscriptionsContract Performance
Analyze data and generate insightsContract Performance / Legitimate Interest
Send service-related communicationsContract Performance
Send marketing communications (with consent)Consent
Improve and personalize our ServicesLegitimate Interest
Detect and prevent fraud or abuseLegitimate Interest / Legal Obligation
Comply with legal obligationsLegal Obligation

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share data with trusted third-party vendors who assist in operating our Services:

  • Cloud hosting providers (AWS, Google Cloud)
  • Payment processors (Stripe, PayPal)
  • Analytics providers
  • Customer support tools
  • Email service providers

4.2 Marketplace Platforms

We may share data back to marketplace platforms as required for integration functionality, in compliance with their respective API terms (including Amazon SP-API Data Protection Policy).

4.3 Legal Requirements

We may disclose information when required by law, court order, or government request, or to protect our rights, property, or safety.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Audits: Regular security assessments and penetration testing
  • Compliance: SOC 2 Type II certified infrastructure

For more details, please see our Security Policy.

6. Data Retention

We retain your information for as long as necessary to:

  • Provide our Services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements
  • Maintain business records as required by law

Upon account deletion, we will delete or anonymize your personal data within 90 days, except where retention is required by law.

7. Your Privacy Rights

7.1 Rights Under GDPR (European Users)

If you are in the European Economic Area, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data ("Right to be Forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Request limitation of processing
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time for consent-based processing

7.2 Rights Under CCPA (California Residents)

California residents have the right to:

  • Know: What personal information we collect and how it's used
  • Delete: Request deletion of personal information
  • Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
  • Non-Discrimination: Not be discriminated against for exercising privacy rights

7.3 Exercising Your Rights

To exercise any of these rights, please contact us at:

Email: hello@grow8.ai
Subject Line: "Privacy Rights Request"

We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA).

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your session and preferences
  • Analyze usage patterns and improve our Services
  • Provide personalized experiences
  • Measure advertising effectiveness

Cookie Types:

  • Essential Cookies: Required for platform functionality
  • Analytics Cookies: Help us understand usage patterns
  • Marketing Cookies: Used for targeted advertising (with consent)

You can manage cookie preferences through your browser settings or our cookie consent banner.

9. International Data Transfers

Your information may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all third-party processors
  • Compliance with applicable cross-border transfer mechanisms

10. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information promptly.

11. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date
  • Sending an email notification for significant changes

Continued use of our Services after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions, concerns, or requests, please contact us:

Contact Email
Email: hello@grow8.ai

You also have the right to lodge a complaint with your local data protection authority.

This Privacy Policy was created in accordance with GDPR, CCPA, and Amazon's Data Protection Policy requirements.

For any questions, please contact us at hello@grow8.ai.