← Back

Privacy Policy

Version 1.0-2026-06-08 · hash 48384590be2d3f4a

GrowIQ — Privacy Policy
Version 1.0-2026-06-08 · Effective 8 June 2026

1. Scope. This Policy explains how GhayaInc USA ("GrowIQ") collects and processes personal
data of account users and visitors to our website. Where the Service processes
personal data contained in Customer Data on a customer's behalf, GrowIQ acts as a
Processor under the Data Processing Addendum, and the customer is the Controller.

2. Data We Collect. (a) Account data: name, work email, company, role, and
authentication data; (b) Billing data: plan, payment references; (c) Usage and
device data: log data, IP address, browser/device, and feature interactions;
(d) Communications you send us; (e) Company details you provide (e.g. address,
phone, firmographics).

3. How We Use It. To provide, secure, support, and improve the Service; to
authenticate users; to process payments; to communicate about the Service; to
comply with law; and to detect and prevent fraud and abuse.

4. Legal Bases (EEA/UK). We rely on: performance of a contract; our legitimate
interests in operating and improving the Service; consent (where required, e.g.
certain cookies); and compliance with legal obligations.

5. Sharing & Sub-processors. We share personal data with vetted sub-processors
(e.g. cloud hosting, email/SMTP, address validation) under contracts requiring
appropriate protection, and with authorities where legally required. We do not
sell personal data.

6. Retention. We retain personal data for as long as your account is active and as
needed to provide the Service, then delete or de-identify it, subject to legal
retention requirements.

7. Security. We use appropriate technical and organizational measures, including
encryption in transit, access controls, tenant isolation, and audit logging. No
method of transmission or storage is fully secure.

8. Your Rights. Subject to law, you may request access, correction, deletion,
portability, restriction, or objection, and may withdraw consent. California
residents have rights under the CCPA/CPRA, including to know, delete, correct, and
opt out of "sale"/"sharing" (we do not sell/share for cross-context advertising).
To exercise rights, contact us; we will not discriminate for exercising them.

9. Cookies. We use strictly necessary cookies for authentication and security, and
limited analytics. You can control non-essential cookies via your browser or our
controls where offered.

10. International Transfers. Where personal data is transferred across borders, we
use appropriate safeguards (e.g. Standard Contractual Clauses).

11. Children. The Service is not directed to individuals under 16, and we do not
knowingly collect their personal data.

12. Changes. We may update this Policy; material changes will be notified and the
version incremented.

13. Contact. GhayaInc USA, 15 Summer St, Unit 308, Franklin, MA 02038, USA · info@ghayainc.com