Privacy Policy

1. Who we are

GrowthPulse ("we", "us", "our") provides an AI growth operating system for service businesses. For the purposes of GDPR, GrowthPulse is the data controller for personal data you provide when you create an account or use the product.

2. Data we collect

• Account data: name, email, hashed password, and authentication tokens.
• Business data you enter: company details, audit answers, leads, deals, reviews, campaigns, and notes.
• Usage data: pages viewed, actions taken, errors, and approximate location derived from IP — used to improve the product.
• Communications: messages you send us through the contact form or email.

3. How we use your data

We use your data to operate GrowthPulse, generate your Growth Score, detect leaks, generate Fix Packs and campaigns through AI, send product communications (e.g. the weekly Monday Brief), respond to support requests, and meet legal obligations.

4. Legal basis (GDPR)

• Contract: processing needed to provide the service you signed up for.
• Legitimate interests: product analytics, fraud prevention, and improving GrowthPulse.
• Consent: optional marketing emails — you can withdraw consent at any time.
• Legal obligation: tax, accounting, and regulatory record-keeping.

5. AI processing

When you generate a Fix Pack, campaign, or AI brief, the relevant business context is sent to third-party AI providers (e.g. via the Lovable AI Gateway) to produce the output. These providers are bound by data-processing agreements and do not retain your data for training. We never include passwords or payment information in AI prompts.

6. Who we share data with

We share data only with sub-processors that help us run GrowthPulse: cloud hosting and database providers, transactional email providers, AI model providers, and payment processors. We do not sell your data to anyone, and we do not share it for advertising purposes.

7. Data retention

We keep your account and business data for as long as your account is active. After deletion, we remove personal data within 30 days, except where we must retain it for legal, accounting, or fraud-prevention purposes (typically up to 7 years).

8. Storage & security

Data is stored on managed infrastructure with encryption at rest and in transit. Per-row access controls ensure you can only see your own company's data. We restrict employee access on a need-to-know basis and review our security posture regularly.

9. Your rights

You can access, export, correct, or delete your data at any time. You can also object to certain processing or ask us to restrict it. Email privacy@growthpulse.app and we will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. Cookies & analytics

We use first-party cookies strictly to keep you logged in and to remember your preferences. We use minimal product analytics to understand which features are used. We do not run third-party advertising trackers and we do not build behavioural profiles for advertising.

11. Children's privacy

GrowthPulse is intended for business owners and operators. It is not directed at children under 16. We do not knowingly collect data from anyone under 16; if you believe we have, contact us and we will delete it.

12. International transfers

Some of our sub-processors operate outside the EU/EEA. Where this happens, transfers are covered by Standard Contractual Clauses or another approved transfer mechanism.

13. Changes to this policy

We'll post material changes on this page and email account holders before they take effect. The "Last updated" date at the top reflects the most recent version.

14. Contact us

Privacy questions: privacy@growthpulse.app. General questions: visit our contact page.