GrowthCat Privacy Policy

1. Who This Policy Applies To

This Policy applies to visitors, account holders, app owners, influencers, prospects, and other users whose personal data may be processed through the GrowthCat website and service.

2. Information We Collect

We may collect account information such as name, email address, login credentials, profile details, company information, billing-related metadata, campaign data, referral code usage, attributed subscription revenue, refund status, payout-related data, analytics events, support messages, and technical logs such as IP address, browser, device information, and usage activity.

We may also receive information from third parties such as Stripe, RevenueCat, app stores, analytics providers, and other service providers or integration partners used to operate the service.

3. How We Use Information

We may use information to operate and improve the service, authenticate users, manage plans and subscriptions, provide referral analytics, calculate Monthly Attributed Revenue and plan usage, generate payout quotes, detect abuse, troubleshoot errors, enforce limits, communicate with users, comply with legal obligations, and protect GrowthCat, its users, and third parties. Monthly Attributed Revenue calculations may use attributed subscription revenue, renewal, refund, net proceeds, gross amount, campaign, and integration data, and are separate from influencer commission calculations.

4. GDPR and Lawful Bases for Processing

Where the GDPR or similar privacy laws apply, GrowthCat relies on one or more lawful bases depending on the processing context, including performance of a contract, compliance with legal obligations, legitimate interests, and, where required, consent.

Legitimate interests may include operating the platform, securing accounts, preventing abuse, improving the service, measuring performance, administering plans, supporting integrations, and protecting GrowthCat, its users, and third parties.

5. Sharing and Third Parties

We may share information with service providers and infrastructure vendors such as hosting providers, analytics vendors, communications vendors, payment providers, and integration partners including Stripe and RevenueCat, where needed to operate the service, attribute subscription revenue, calculate usage limits, and support campaign payouts.

We may also disclose information when required by law, to respond to lawful requests, to enforce our terms, to investigate fraud or security issues, or in connection with a merger, sale, financing, or transfer of assets.

6. Controllers, Processors, and Customer Data

Depending on the data and context, GrowthCat may act as an independent controller, joint controller, or processor/service provider. For example, GrowthCat may act as a controller for account, security, billing, and direct product operations, and may act as a processor or service provider for certain campaign or end-user related data processed on behalf of app owners.

App owners and other business users remain responsible for their own privacy notices, lawful bases, and instructions where they control the purposes and means of personal data processing.

7. Payment and Payout Data

Payment credentials and payout account details may be collected and processed by third-party providers such as Stripe. GrowthCat may receive limited metadata about billing status, setup state, payout eligibility, connected account state, and related payment events, but GrowthCat may not store full card or financial account details directly.

Stripe may also determine and apply certain processing, payout, currency conversion, cross-border, dispute, or similar fees in connection with payments or payouts involving app owners, influencers, or end users. For more information, see Stripe pricing and fees.

8. International Data Transfers

GrowthCat and its service providers may process data in countries outside the jurisdiction in which you are located. Where required by applicable law, GrowthCat will rely on transfer mechanisms recognized under applicable privacy law, such as contractual safeguards or other lawful transfer tools.

9. Data Retention

We may retain data for as long as reasonably necessary to provide the service, maintain records, resolve disputes, enforce agreements, comply with law, and protect legitimate business interests. Retention periods may vary by data type and use case.

10. Security

We use reasonable administrative, technical, and organizational measures to protect information, but no method of transmission or storage is completely secure. We cannot guarantee absolute security.

11. Data Subject Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data GrowthCat holds about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten") where no overriding legitimate purpose or legal obligation applies.
• Restriction: Request that we limit processing of your data in certain circumstances.
• Portability: Receive your data in a structured, machine-readable format where technically feasible.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdrawal of consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
• Supervisory authority complaint: Lodge a complaint with your local data protection authority (e.g., the relevant EU DPA, the UK ICO).

Where GrowthCat processes data on behalf of an app owner (as data processor), requests relating to that data may need to be directed to that app owner as the relevant data controller. GrowthCat will assist controllers in responding to data subject requests as required by Article 28 GDPR.

To exercise your rights directly with GrowthCat, contact us through the support channels available within the platform.

12. Cookies, Analytics, and Similar Technologies

GrowthCat uses the following categories of cookies and similar technologies:

• Strictly necessary: Session authentication cookies and security tokens required for you to log in and use the service. These cannot be disabled.
• Analytics (optional): Cookies and local-storage entries that help us understand how GrowthCat is used, measure feature adoption, and identify errors. These are only set where you have given consent via our cookie banner or where otherwise permitted by applicable law.

You can manage your cookie preferences at any time by clearing your browser's local storage or by refreshing your consent via the cookie banner. Note that disabling analytics cookies does not affect your ability to use the service.

For EU/EEA visitors, non-essential cookies are only used on the basis of your freely given, specific, informed, and unambiguous consent as required by the ePrivacy Directive and applicable national laws. For UK visitors, the same principle applies under PECR.

13. Children’s Privacy

GrowthCat is not intended for children and is not directed to individuals below the age at which they can lawfully enter into binding service agreements in their jurisdiction. If GrowthCat becomes aware that it has collected personal data in violation of applicable law, it may delete that data.

14. Changes to This Policy

We may update this Privacy Policy at any time. Continued use of the service after an updated version is posted constitutes acceptance of the updated policy.

15. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information collected about you in the past 12 months.
• Right to Delete: Request deletion of personal information collected from you, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: GrowthCat does not sell personal information for monetary consideration. We do not share personal information for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: GrowthCat does not use or disclose sensitive personal information beyond what is necessary to provide the service.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise your California rights, contact us through the support channels within the platform. We will respond within 45 days as required by law. We will verify your identity before processing your request.

16. Data Processing Agreement

App owners who use GrowthCat to process personal data of EU/EEA or UK data subjects must enter into a Data Processing Agreement (DPA) with GrowthCat as required by Article 28 GDPR. GrowthCat's standard DPA is available at growthcat.com/dpa. By using GrowthCat in a context where GDPR applies, you agree to the terms of that DPA.

17. Contact and Privacy Requests

Privacy and data protection requests should be directed through the support channels made available within the GrowthCat platform. For GDPR-related requests, you may also contact us by identifying yourself as an EU/EEA or UK data subject and specifying the right you wish to exercise. We aim to respond within 30 days for GDPR requests and 45 days for CCPA requests.

If you are an EU/EEA resident and you believe your rights have not been respected, you have the right to lodge a complaint with your national data protection supervisory authority. If you are a UK resident, you may contact the Information Commissioner's Office (ICO).