Privacy Policy

Last modified: January 8, 2025

1. Introduction

GrowHub AI Ltd (“GrowHub”, “we”, “our”, or “us”) respects your privacy and is committed to protecting your personal information. This Privacy Policy (our “Privacy Policy”) tells you what to expect us to do with your personal information when visiting our website located at https://growhub.ai or otherwise working or communicating with us. It also tells you about your privacy rights and how the law protects you.

2. Controller

When you are a registered user of GrowHub, we act as the “Data Controller” for the personal data related to your account and usage of our service. We are registered as a Data Controller with the UK Information Commissioner's Office under registration number C1618364.

3. What Information We Collect, Use, and Why

We collect or use the following information to provide our services:

  • Names and contact details
  • Purchase or account history
  • Payment details (including card or bank information for transfers and direct debits)
  • Credit reference information
  • Account information
  • Website user information (including user journeys and cookie tracking)

We collect or use the following information for the operation of customer accounts and guarantees:

  • Names and contact details
  • Payment details (including card or bank information for transfers and direct debits)
  • Purchase history
  • Account information, including registration details
  • Information used for security purposes
  • Marketing preferences

We collect or use the following information for service updates or marketing purposes:

  • Names and contact details
  • Marketing preferences
  • Website and app user journey information

We collect or use the following information to comply with legal requirements:

  • Name
  • Contact information
  • Financial transaction information

We collect or use the following personal information for dealing with queries, complaints or claims:

  • Names and contact details
  • Payment details
  • Account information
  • Purchase or service history
  • Customer or client accounts and records
  • Financial transaction information
  • Correspondence

4. Lawful Bases and Data Protection Rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO's website.

Which lawful basis we rely on may affect your data protection rights, which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO's website:

  • Your right of access - You have the right to ask us for copies of your personal information. You can request other information, such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for.
  • Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.
  • Your right to erasure - You have the right to ask us to delete your personal information.
  • Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information.
  • Your right to object to processing - You have the right to object to the processing of your personal data.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation or to you.
  • Your right to withdraw consent - When we use consent as our lawful basis you have the right to withdraw your consent at any time.

If you make a request, we must respond to you without undue delay and, in any event, within one month.

To make a data protection rights request, please contact us using the contact information at the bottom of this Privacy Policy.

5. Our Lawful Bases for the Collection and Use of Your Data

Our lawful bases for collecting or using personal information to provide services and goods are:

  • Consent - We have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract - We're collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability.
  • Legitimate interests - We're collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability.

Our legitimate interests are:

  • Streamlined access to our services through trusted authentication methods including, but not limited to, Gmail and LinkedIn
  • Enhanced security through established login providers

We minimise privacy risks by:

  • Collecting only essential profile information
  • Using reputable service providers for data processing
  • Following UK data protection standards

Our lawful bases for collecting or using personal information for the operation of customer accounts and guarantees are:

  • Consent - We have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract - We're collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability.
  • Legal obligation - We have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests - We're collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability.

Our legitimate interests are:

  • Account security and fraud prevention through secure authentication methods
  • Customer support and service optimisation
  • Maintaining accurate customer records for service continuity
  • Processing payments securely through our payment provider (Stripe)

We minimise risks by:

  • Using established third-party providers for critical services
  • Implementing secure authentication methods
  • Collecting only essential account information
  • Following strict data protection protocols

Our lawful bases for collecting or using personal information for service updates or marketing purposes are:

  • Consent - We have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract - We're collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability.
  • Legitimate interests - We're collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability.

Our legitimate interests are:

  • Informing users about platform changes that affect their service usage
  • Communicating security updates and technical improvements
  • Notifying users about new features that enhance their personal brand growth
  • Maintaining service quality and user engagement

We minimise risks by:

  • Clearly distinguishing between service updates and marketing communications
  • Providing easy opt-out options for marketing messages
  • Only sending relevant, valuable information
  • Using secure communication channels
  • Limiting communication frequency to avoid overwhelming users

Our lawful bases for collecting or using personal information for legal requirements are:

  • Legal obligation - We have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests - We're collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability.

Our legitimate interests are:

  • Maintaining accurate records required by UK company law
  • Ensuring compliance with consumer protection regulations
  • Meeting our tax and financial reporting obligations
  • Demonstrating compliance with data protection laws

We minimise risks by:

  • Collecting only the information necessary for legal compliance
  • Storing records securely using reputable providers
  • Maintaining data for only as long as legally required
  • Ensuring appropriate access controls

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

  • Contract - We're collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to object.
  • Legal obligation - We have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests - We're collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability.

Our legitimate interests are:

  • Maintaining accurate records of customer communications
  • Tracking and resolving issues efficiently
  • Improving our service based on feedback
  • Protecting our business from fraudulent claims
  • Understanding common user challenges

We minimise risks by:

  • Using information only for resolving the specific query or complaint
  • Maintaining confidentiality of communications
  • Storing records securely
  • Limiting access to authorised support staff
  • Retaining information only for necessary periods

6. Where We Get Personal Information From

  • Directly from you
  • Publicly available sources
  • Suppliers and service providers

7. How Long We Keep Information

We retain your personal data only for as long as needed to provide our services and comply with our legal obligations. This includes keeping records for accounting, tax, and regulatory reporting purposes.

When deciding how long to keep your data, we carefully consider:

  • What data we hold and how sensitive it is
  • The risks if this data was accessed without authorisation
  • Whether we could provide our services with less data
  • Our legal and regulatory requirements as a UK company

8. Changes to Our Privacy Policy

We may update this Privacy Policy as our service evolves and grows. When we make significant changes that affect how we handle personal data, we'll notify you directly through the email address you use to login to GrowHub.

We encourage you to:

  • Ensure your email address is current in your GrowHub account
  • Check this Privacy Policy occasionally for any updates

The latest version of this policy will always be available on our website, with the most recent revision date shown at the top.

9. Subprocessors

EntityDescriptionLocation
AnthropicLarge language model providerCalifornia, USA
CloudflareCloud and database hostingCalifornia, USA
PostHogAnalyticsCalifornia, USA
StripePayment processingCalifornia, USA

We require our AI service providers to use your data solely to provide our services. We do not permit these providers to use your data to train on or improve their AI models.

10. Contact Information

If you have any questions, concerns, complaints, or suggestions regarding our Privacy Policy, you may contact us using the contact information below.

Address:

GROWHUB AI LTD
1401 Elizabeth Tower
141 Chester Road
Manchester
United Kingdom
M15 4ZG

Email:

[email protected]

If you have concerns about how we handle your privacy or data protection, we encourage you to contact us first so we can address your concerns directly.

If you remain unhappy with how we've used your data after raising a complaint with us, you can also complain to the ICO.

The ICO's address:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
United Kingdom
SK9 5AF

Website:

https://www.ico.org.uk/make-a-complaint