← Back to Home

Privacy Policy

Last updated: June 2026

1. Introduction

GrowthzillaOS® ("we", "us", "our") is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR), the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection, and other applicable privacy laws. This policy explains how we collect, use, store, and protect your information.

2. Data Controller

The data controller for the processing described in this policy is the operator of GrowthzillaOS®. For inquiries, contact us at [email protected].

3. Data We Collect

We collect the following categories of personal data:

  • Account Data: Name, email address, password (hashed), business name, industry, and onboarding responses.
  • Lead Data: Names, emails, phone numbers, and company information submitted through landing page forms.
  • Usage Data: Pages visited, features used, session duration, and AI interaction logs.
  • Payment Data: Processed securely by Stripe. We never store full card numbers.
  • Bot Data: Telegram/WhatsApp user IDs and conversation logs for bot integrations.

4. Legal Basis for Processing

  • Consent: Lead capture forms require explicit consent. You may withdraw consent at any time.
  • Contract: Account and payment data is processed to deliver our services.
  • Legitimate Interest: Usage analytics to improve the platform.

5. AI & Automated Processing

We use AI (large language models) to generate marketing content, audits, coaching, and strategies. Your business data (name, industry, goals) is sent to the AI to personalize responses. AI outputs are used solely within your account. We do not use your data to train AI models.

6. Data Sharing

We do not sell your data. We share data only with:

  • Stripe: Payment processing (PCI-DSS compliant).
  • Abacus AI: AI processing infrastructure (data processor, bound by DPA).
  • Cloud Infrastructure: Hosting and storage (encrypted at rest and in transit).

7. Data Retention

Account data is retained while your account is active. Upon account deletion, all personal data is permanently erased within 30 days. Lead data is retained per the account owner's settings and deleted upon account closure. Bot connection data is deleted when you disconnect.

8. Your Rights (GDPR Articles 15-22)

You have the right to:

  • Access: Request a copy of all your personal data (available in Dashboard → Privacy).
  • Rectification: Correct inaccurate personal data.
  • Erasure: Delete your account and all associated data (Dashboard → Privacy).
  • Portability: Export your data in machine-readable JSON format.
  • Objection: Object to processing based on legitimate interest.
  • Restriction: Request limited processing of your data.

9. Cookies

We use:

  • Essential Cookies: Authentication session tokens. Required for the platform to function.
  • Preference Cookies: Cookie consent state, stored locally in your browser.

We do not use third-party tracking cookies or advertising cookies.

10. Security

We implement industry-standard security measures: TLS encryption in transit, encryption at rest, hashed passwords (bcrypt), session-based authentication, and role-based access controls.

11. International Transfers

Data may be processed in regions outside your jurisdiction. Where applicable, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards to protect your data during cross-border transfers.

12. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email or in-app notification. Continued use constitutes acceptance of the updated policy.

13. Contact

For privacy inquiries, data requests, or complaints, contact us at [email protected].