Privacy Policy

1. Introduction

Welcome to Grownalytics, operated by Grownalytics ("we," "our," or "us"), based in Sweden. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, including any related media, integrations, or applications connected with Grownalytics.

2. Information We Collect

We may collect, use, store, and transfer different kinds of personal data about you, including:

• Identity Data: Name, username, or similar identifier
• Contact Data: Email address, phone number
• Technical Data: IP address, browser type, device information, operating system
• Usage Data: How you use our website and platform
• Marketing and Communications Data: Your preferences in receiving marketing from us
• Tracking Data: Click data, conversion data, lead data, campaign parameters (UTM tags, fbclid, gclid), and cookies (fbp, fbc) collected through our tracking infrastructure
• Third-Party Integration Data: Data received through platform integrations such as Meta (Facebook) when you connect your advertising accounts

3. How We Collect Your Data

We use different methods to collect data from and about you, including:

• Direct interactions: When you create an account, fill out forms, submit leads through opt-in pages, or contact us
• Automated technologies: Cookies, server logs, tracking pixels, and our JavaScript tracking snippet placed on partner landing pages
• Third-party platforms: Social media platforms like Meta (Facebook/Instagram) when you connect integrations or log in via social auth
• Server-side events: Data sent to advertising platforms (Meta Conversions API) for conversion tracking and campaign optimization

4. How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• To provide and maintain our Service
• To process transactions and send related information
• To notify you about changes to our Service
• To provide customer support
• To gather analysis so that we can improve our Service
• To monitor the usage of our Service
• To detect, prevent, and address technical issues and fraud
• To send you marketing communications (with your consent)
• To integrate with advertising platforms (Meta) for conversion tracking and campaign optimization
• To communicate with you regarding platform services and operational updates

Data Categories and Processing

Platform Data (from Third-Party Integrations)

Data obtained through integrations with advertising platforms (Meta, Facebook, Instagram, etc.):

• Purpose: Conversion tracking, campaign optimization, and analytics as permitted by each platform's terms
• Sharing: Not sold, licensed, or transferred to third parties. Shared only as explicitly permitted by platform terms
• Deletion: You may request deletion of Platform Data at any time. We will process such requests promptly and in accordance with platform requirements
• Retention: Retained only as long as necessary for legitimate business purposes and as required by platform terms
• No Commercial Sale: Platform Data is never sold, licensed, or transferred to third parties for commercial purposes

First-Party Data (Directly Collected)

Data collected directly through our website, forms, tracking snippet, and services:

• Collection: Collected through account registration, opt-in forms, tracking pixels, and direct platform interactions
• Usage: Service delivery, customer support, analytics, and business operations
• Aggregated Sharing: We may share aggregated, anonymized data with service providers under appropriate data protection agreements

5. Data Retention and Deletion

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Data Deletion Process

You can delete your account and all associated personal data at any time:

• Self-service deletion: Go to Account Settings → Security → Delete Account in your dashboard. You will be asked to confirm twice and type your workspace name or ID before deletion is executed.
• Email request: Contact us at privacy@grownalytics.com

When you delete your account:

• All personal data (name, email, login credentials, preferences) is permanently removed
• All workspace data you own (leads, clicks, conversions, integrations, API keys, team memberships) is permanently deleted
• Any active subscription is cancelled — no further auto-renewal charges will be made
• You retain access until the end of your current billing period (renewal date)
• You will receive on-screen confirmation once deletion is complete
• This action is irreversible and cannot be undone

6. Facebook Data Deletion

If you have used Facebook to interact with our service, you can request data deletion in two ways:

• Through our website: Contact us at privacy@grownalytics.com
• Through Facebook: Go to your Facebook Settings → Apps and Websites → Remove our app

When you request data deletion through Facebook, we will:

• Receive a deletion request with your app-scoped user ID
• Delete all data associated with your Facebook ID
• Provide a confirmation code and status tracking URL

7. Your Legal Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data we hold about you
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable, machine-readable format
• Right to Withdraw Consent: Withdraw consent for data processing at any time
• Right to Opt-Out: Decline marketing communications

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards:

• Standard Contractual Clauses for data transfers outside the EU/EEA
• Adequacy decisions and approved certification mechanisms
• Service providers bound by equivalent data protection obligations

Privacy Regulation Compliance

GDPR Compliance (EU)

• Lawful basis for processing established for all data activities
• Data subject rights fully supported
• 72-hour breach notification procedures in place

CCPA / CPRA Compliance (US)

• Consumer rights disclosure and fulfillment
• Data category and purpose transparency
• Third-party disclosure limitations

Data Controller Responsibilities

When you use Grownalytics to create data collection interfaces (opt-in pages, tracking), collect information from end users through our platform, you are the data controller under applicable privacy laws (GDPR, CCPA, etc.). Grownalytics acts as a data processor on your behalf.

As a data controller, you must:

• Obtain explicit, informed consent from end users before collecting their data through our platform
• Clearly inform end users that their data will be processed by Grownalytics
• Provide end users with our Privacy Policy and your own privacy notice
• Comply with all applicable privacy laws in your jurisdiction and your end users' jurisdictions
• Handle data subject requests (access, rectification, erasure, portability) for your end users

8. Data Breach and Security

We implement robust security measures to protect your data:

Security Measures

• Industry-standard encryption for data in transit and at rest
• Access controls and authentication mechanisms
• Regular security audits and vulnerability assessments
• Continuous monitoring and threat detection systems
• PII hashing (SHA-256) before transmission to third-party platforms

Data Breach Response

In the unlikely event of a data breach affecting your personal information:

• We will assess the breach and take immediate containment actions
• Affected users will be notified within 72 hours where required by law
• Relevant authorities will be notified as required by applicable regulations
• Platform partners (Meta, etc.) will be informed if Platform Data is affected

9. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete such information and terminate the account.

10. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please reach out to us: