Privacy Policy

Effective date: June 6, 2026

growity.ai ("we", "us", or "our") operates the growity.ai website and AI ad management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Account Information. When you create an account, we collect your name and email address. Authentication is handled through Google SSO, Telegram Login, or via a 6-digit verification code sent to your email. We do not store passwords.

Ad Account Data. We collect information about the advertising accounts you connect, including account names, campaign data, performance metrics, and spend data. This data is used to power our AI optimization, analytics, and reporting features.

Payment Information. Payments are processed through Stripe. We do not store your full credit card number. Stripe may collect billing details such as your name, card last four digits, and billing address.

Usage Data. We automatically collect information about how you interact with our platform, including pages visited, features used, timestamps, browser type, device information, and IP address (from which we may infer approximate location).

2. How We Use Your Information

  • Provide, operate, and maintain our platform and services
  • Operate and optimize your advertising campaigns across connected platforms using AI
  • Process transactions and send billing-related communications
  • Analyze usage patterns to improve our product and user experience
  • Send service-related notifications, updates, and support messages
  • Send our newsletter, product updates, and marketing communications where you have opted in — you can unsubscribe at any time via the link in every such email
  • Detect, prevent, and address fraud or technical issues

3. Legal Basis for Processing

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

  • Contract performance — processing your account information, channel data, and campaign data is necessary to provide the service you signed up for (Article 6(1)(b)).
  • Legitimate interest — we process usage data and analytics to improve our product, prevent fraud, and ensure platform security (Article 6(1)(f)). You may object to this processing at any time.
  • Legal obligation — we may process data when required to comply with applicable laws, such as tax or financial regulations (Article 6(1)(c)).
  • Consent — where required, we obtain your explicit consent before processing (e.g., marketing communications). You may withdraw consent at any time (Article 6(1)(a)).

4. Data Sharing & Third Parties

We do not sell your personal information. We share data only with the following third-party services that are essential to operating our platform:

Stripe — for payment processing. Stripe's use of your data is governed by the Stripe Privacy Policy.

Google — for SSO authentication. Google's use of your data is governed by the Google Privacy Policy.

Google Ads API — for campaign management and performance data retrieval. Google's use of your data is governed by the Google Privacy Policy and Google Ads Data Processing Terms.

growity.ai's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Telegram — for Telegram Login authentication and for campaign management and ad placement on the Telegram Ads platform. Telegram's use of your data is governed by the Telegram Privacy Policy.

Yandex Direct API — for campaign management and performance data retrieval. Yandex's use of your data is governed by the Yandex Privacy Policy.

Meta Ads API — for campaign management and performance data retrieval (when available). Meta's use of your data is governed by the Meta Privacy Policy.

Brevo (Sendinblue) — for transactional email (sign-in codes, billing notices) and, where you have opted in, our newsletter. Brevo's use of your data is governed by the Brevo Privacy Policy.

We may also disclose your information if required by law or to protect our rights, safety, or property.

5. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

What we do NOT store:

  • Ad platform account passwords or authentication tokens
  • Session cookies or credentials of any connected accounts
  • Credit card numbers (payments are handled entirely by Stripe)
  • Advertising funds or balances (all ad spend goes directly to the respective ad platforms)

Access to your ad platform accounts is granted through each platform's native OAuth or permission system. You can revoke access at any time through each platform's settings.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Account data — retained while your account is active and for 30 days after deletion request, to allow for account recovery.
  • Campaign and analytics data — retained while your account is active. Deleted within 90 days of account closure.
  • Payment records — retained for 7 years as required by tax and financial regulations.
  • Usage and server logs (including IP addresses) — retained for up to 12 months for security and product improvement purposes, then anonymized or deleted.

When data is no longer needed, it is securely deleted or anonymized so that it can no longer be linked to you.

7. Your Rights

Depending on your jurisdiction (including under GDPR for EEA/UK residents), you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you (Article 15).
  • Rectification — request that we correct inaccurate or incomplete information (Article 16).
  • Erasure — request that we delete your personal data ("right to be forgotten"), subject to legal retention obligations (Article 17).
  • Restriction — request that we restrict processing of your data while a dispute or request is being resolved (Article 18).
  • Data portability — request a copy of your data in a structured, machine-readable format (e.g., JSON or CSV) for transfer to another service (Article 20).
  • Objection — object to processing based on legitimate interest. We will stop processing unless we demonstrate compelling legitimate grounds (Article 21).
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
  • Complaint — lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.

To exercise any of these rights, contact us at privacy@growity.ai. We will respond within 30 days.

8. International Data Transfers

growity.ai is operated by Egorsky LLC. Your data may be processed and stored in countries outside the European Economic Area (EEA), wherever our infrastructure providers operate. When we transfer data outside the EEA, we ensure appropriate safeguards are in place:

  • Transfers to countries with an EU adequacy decision.
  • Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.
  • Transfers to providers who participate in recognized data protection frameworks.

You may request information about the specific safeguards applied to your data transfers by contacting us.

9. Cookies & Tracking

We use a strictly necessary cookie to maintain your session and authentication state — always active because the service cannot function without it, and under GDPR it needs no consent. For our own measurement we set one first-party cookie (gw_sid, about 12 months) and count page views server-side, to see how much traffic the site gets and which source or ad brought a visit. This is strictly first-party: no cross-site tracking, no profiling, never shared; the IP address is used only in the moment to derive an approximate country and filter bots, then truncated before storage. Because it is privacy-friendly first-party measurement, it runs without a consent banner. We do not use Google Analytics or other third-party analytics. Sentry (error monitoring) sets no cookies and runs under our legitimate interest in keeping the service secure and stable. For details, see our Cookie Policy.

10. Children's Privacy

Our service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised effective date. Your continued use of the service after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us at:

privacy@growity.ai

For GDPR-related inquiries, you may also contact your local data protection supervisory authority.