Privacy Policy

Growsimpley (“Growsimpley”, “we”, “our”, “us”) operates the website growsimpley.com and related tools that help small business owners get an AI-assisted local growth plan. This policy explains what we collect, why, how long we keep it, and the rights you have.

For privacy questions, write to privacy@growsimpley.com.

You provide it directly: business name (optional), industry, city, average ticket size, monthly revenue range, competitor names, growth goals, and the email address used to deliver your report. Privacy toggles let you mark business name as private and skip revenue/ticket figures.

Account information: email address and authentication identifiers when you create an account or sign in with Google.

Automatic information: device type, browser, IP address, approximate location derived from IP, pages viewed, referrer, timestamps and basic analytics events. This is collected via standard server logs and cookies.

Cookies & local storage: strictly-necessary cookies for login sessions; functional cookies to remember preferences; aggregated analytics. You can clear cookies via your browser at any time.

We do not knowingly collect government IDs, payment-card numbers (payments, when enabled, are processed by a PCI-compliant provider — we never see your full card), health information, or data from anyone under 16.

• To deliver the service you requested — generate your growth report, save it to your dashboard, email it to you. (Contract.)
• To improve our models and content using aggregated, de-identified patterns across reports. (Legitimate interest.)
• To send transactional emails (login links, report ready, account notices). (Contract.)
• To send occasional product updates — only if you opt in, and you can unsubscribe with one click. (Consent.)
• To prevent fraud, abuse and security incidents and comply with law. (Legal obligation / legitimate interest.)

We do not sell your personal information. We do not run third-party advertising trackers or share your inputs with data brokers.

Your inputs are sent to large-language-model providers we contract with (currently Google and the Lovable AI Gateway) strictly to generate your report. These providers act as processors under written terms that prohibit using your data to train their public models. We do not send your email address to the model — only the business inputs needed for the plan.

We share only what is necessary, only with vetted processors, and only under written data-processing agreements:

• Cloud hosting & database (Lovable Cloud / Supabase infrastructure).
• AI providers used to generate reports.
• Transactional email provider.
• Analytics (privacy-respecting, aggregated).
• Law enforcement when legally compelled.
• A successor entity in the event of a merger or acquisition (we will notify you).

Growsimpley serves customers worldwide. Our infrastructure may process data across multiple regions, including the European Union, the United Kingdom, the United States, India, and Asia-Pacific. Where data leaves your region we rely on Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent safeguards.

• Reports & inputs: kept while your account is active, plus 24 months, so you can revisit your plan.
• Account data: kept until you delete the account.
• Server logs: 90 days.
• Backups: rotated out within 35 days.

Depending on where you live, you have the right to access, correct, export, restrict, object to processing, withdraw consent, and delete your personal data. EU/EEA residents have rights under the GDPR; UK residents under the UK GDPR and DPA 2018; California residents under CCPA/CPRA; Brazilian residents under LGPD; Canadian residents under PIPEDA; Australian residents under the Privacy Act 1988; Indian residents under the Digital Personal Data Protection Act, 2023; and residents of other jurisdictions under their local laws.

To exercise any right, email privacy@growsimpley.com. We respond within 30 days. You may also lodge a complaint with your local data-protection authority.

We use row-level security on the database, encrypted connections (TLS 1.2+), encryption at rest, least-privilege access for our team, regular security scans, and audit logs. No system is perfectly secure — please use a strong, unique password and notify us at security@growsimpley.com if you suspect misuse.

Growsimpley is built for business owners and is not directed at children under 16. We do not knowingly collect their data; if you believe a child has provided information, contact us and we will delete it.

If we change this policy materially we will email account holders and update the “Last updated” date above. Continued use after changes means you accept the updated policy.

Growsimpley — hello@growsimpley.com. For privacy specifically: privacy@growsimpley.com.

Read the Terms of Service →