GrowthEasy AI

Privacy Policy

Last updated: 18 January 2026

1. Introduction

GrowthEasy AI ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our platform, including when you connect your Shopify, Google Analytics 4, or HubSpot accounts. We comply with the UK GDPR and EU GDPR where applicable.

This service is for business use only – not for consumers under 18 or personal use. The Consumer Rights Act 2015 does not apply.

2. Data We Collect

We collect only the minimum data necessary to provide our service:

  • Your email address (for account creation and communication)
  • OAuth access tokens for Shopify, GA4, and HubSpot (securely stored, used only to fetch analytics data)
  • Aggregated analytics data (revenue, orders, traffic, contacts) — never individual customer PII unless explicitly provided by connected platforms
  • Usage data (which pages you visit, features used) for product improvement

We do not collect payment details — all billing is handled securely by Stripe.

3. How We Use Your Data

Your data is used solely to:

  • Provide real-time analytics and AI-powered growth insights
  • Generate personalised recommendations via the AI Growth Coach
  • Improve our product and fix bugs
  • Send occasional service updates (you can opt out)

We process your data under legitimate interest for service delivery (scans, insights, weekly emails) and relevant marketing (product updates). This is necessary and proportionate, with low privacy impact. You can object anytime by emailing privacy@growtheasy-ai.com.

4. Data Storage & Security

All data is encrypted at rest and in transit. Access tokens are stored securely and never logged. We use industry-standard providers (Render, Vercel, Stripe) with GDPR-compliant infrastructure. Data is retained only as long as your account is active. Upon deletion, all data is permanently removed within 30 days.

We use encryption, access controls, rate limiting, and regular testing to secure data.

In the unlikely event of a data breach, we will notify affected users and the ICO as required by law.

We use US-based processors (Resend, Stripe, OpenAI) with Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreement (IDTA) for international transfers.

5. Your Rights (GDPR)

You have the right to access, rectify, erase, object to, or port your data. Email info@growtheasy-ai.com for any request — we respond within 1 month.

  • Access your personal data
  • Correct inaccurate data
  • Request deletion ("right to be forgotten")
  • Object to processing
  • Data portability

Contact us at info@growtheasy-ai.com (or privacy@growtheasy-ai.com) to exercise these rights.

6. Contact

For privacy questions or data requests:
info@growtheasy-ai.com or privacy@growtheasy-ai.com
GrowthEasy AI
51 Portal Road
Winchester
SO23 0PU
United Kingdom

Beta v0.1 © 2026 GrowthEasy AI