Privacy Policy
Version 1.0-draft · Effective June 8, 2026 · Contact privacy@growth.store
This policy explains how growth.store (“we”) handles personal data when you use our dashboard and browser extension. We act as a processor for the LinkedIn data you collect through the extension (you are the controller of that data), and as a controller for your account and billing information.
1. Data we process
- Account data: email, authentication identifiers, subscription status.
- Your LinkedIn content: your posts, their engagement metrics, and account statistics.
- Third-party engagement data: the public profile fields (name, headline, profile URL, follower count, degree of connection) of people who comment on your posts, so we can score and rank engagement. This is collected under legitimate interest; see §6 for the rights of those individuals.
- Technical data: IP address and user agent, recorded in security audit logs.
2. How we use it
To provide the service: scoring comments, surfacing leads, computing audience analytics, authenticating you, processing billing, and maintaining security and audit records. We do not sell personal data, and our AI subprocessors do not train on your data.
3. Legal bases (GDPR)
- Contract — to deliver the service you subscribe to.
- Legitimate interest — to process the engagement data of third parties who interact with your content, balanced against their rights.
- Legal obligation — to keep records required by law.
- Consent — where specifically requested (e.g. enabling the extension).
4. Sharing & subprocessors
We share data only with the vetted processors listed on our Subprocessors page, each bound by a data-processing agreement.
5. Retention
Collected LinkedIn data is purged for accounts inactive beyond 24 months; security audit logs are kept 12 months. You may request earlier deletion at any time (§6).
6. Your rights
Depending on your jurisdiction (GDPR, UK GDPR, CCPA/CPRA), you have rights to access, export, correct, delete, and object to processing of your personal data, and to non-discrimination for exercising them.
- Account holders: export and delete your data from your dashboard’s Privacy settings.
- Third parties (people whose engagement was collected): submit a request via our data-request form or email privacy@growth.store. We verify and respond within 30 days (GDPR) / 45 days (CCPA), and add you to a suppression list so your data is not re-collected.
We do not sell or “share” personal information as defined by the CCPA/CPRA.
7. Security
Data is encrypted in transit and at rest, isolated per tenant via row-level security, and access is restricted and audit-logged. See our security practices for details.
8. Contact
Questions or requests: privacy@growth.store.