GrowthCat Privacy Policy

1. Who This Policy Applies To

This Policy applies to visitors, account holders, app owners, influencers, prospects, and other users whose personal data may be processed through the GrowthCat website and service.

2. Information We Collect

We may collect account information such as name, email address, login credentials, profile details, company information, billing-related metadata, campaign data, referral code usage, payout-related data, analytics events, support messages, and technical logs such as IP address, browser, device information, and usage activity.

We may also receive information from third parties such as Stripe, RevenueCat, app stores, analytics providers, and other service providers or integration partners used to operate the service.

3. How We Use Information

We may use information to operate and improve the service, authenticate users, manage plans and subscriptions, provide referral analytics, generate payout quotes, detect abuse, troubleshoot errors, enforce limits, communicate with users, comply with legal obligations, and protect GrowthCat, its users, and third parties.

4. GDPR and Lawful Bases for Processing

Where the GDPR or similar privacy laws apply, GrowthCat relies on one or more lawful bases depending on the processing context, including performance of a contract, compliance with legal obligations, legitimate interests, and, where required, consent.

Legitimate interests may include operating the platform, securing accounts, preventing abuse, improving the service, measuring performance, administering plans, supporting integrations, and protecting GrowthCat, its users, and third parties.

5. Sharing and Third Parties

We may share information with service providers and infrastructure vendors such as hosting providers, analytics vendors, communications vendors, payment providers, and integration partners including Stripe and RevenueCat, where needed to operate the service.

We may also disclose information when required by law, to respond to lawful requests, to enforce our terms, to investigate fraud or security issues, or in connection with a merger, sale, financing, or transfer of assets.

6. Controllers, Processors, and Customer Data

Depending on the data and context, GrowthCat may act as an independent controller, joint controller, or processor/service provider. For example, GrowthCat may act as a controller for account, security, billing, and direct product operations, and may act as a processor or service provider for certain campaign or end-user related data processed on behalf of app owners.

App owners and other business users remain responsible for their own privacy notices, lawful bases, and instructions where they control the purposes and means of personal data processing.

7. Payment and Payout Data

Payment credentials and payout account details may be collected and processed by third-party providers such as Stripe. GrowthCat may receive limited metadata about billing status, setup state, payout eligibility, connected account state, and related payment events, but GrowthCat may not store full card or financial account details directly.

Stripe may also determine and apply certain processing, payout, currency conversion, cross-border, dispute, or similar fees in connection with payments or payouts involving app owners, influencers, or end users. For more information, see Stripe pricing and fees.

8. International Data Transfers

GrowthCat and its service providers may process data in countries outside the jurisdiction in which you are located. Where required by applicable law, GrowthCat will rely on transfer mechanisms recognized under applicable privacy law, such as contractual safeguards or other lawful transfer tools.

9. Data Retention

We may retain data for as long as reasonably necessary to provide the service, maintain records, resolve disputes, enforce agreements, comply with law, and protect legitimate business interests. Retention periods may vary by data type and use case.

10. Security

We use reasonable administrative, technical, and organizational measures to protect information, but no method of transmission or storage is completely secure. We cannot guarantee absolute security.

11. Data Subject Rights

Depending on your jurisdiction, you may have rights relating to access, correction, deletion, portability, objection, restriction, withdrawal of consent, and complaint to a supervisory authority. You may also update certain account information through the product or stop using the service at any time.

Where GrowthCat processes data on behalf of a customer, requests may need to be directed to that customer as the relevant controller.

12. Cookies, Analytics, and Similar Technologies

GrowthCat may use cookies, local storage, analytics tools, and similar technologies to keep users signed in, remember preferences, measure product performance, secure the service, and improve functionality. Where required by applicable law, non-essential technologies should be deployed only with appropriate notice or consent.

13. Children’s Privacy

GrowthCat is not intended for children and is not directed to individuals below the age at which they can lawfully enter into binding service agreements in their jurisdiction. If GrowthCat becomes aware that it has collected personal data in violation of applicable law, it may delete that data.

14. Changes to This Policy

We may update this Privacy Policy at any time. Continued use of the service after an updated version is posted constitutes acceptance of the updated policy.

15. Contact and GDPR Requests

Privacy and data protection requests should be directed through the support or contact channels made available by GrowthCat. If you intend to rely on this Policy in production, GrowthCat should add its legal entity name, registered address, and privacy contact details to this section.