Plain-language summary: GetGrowth collects your account details, social media access tokens, and usage data to deliver the service. We don't sell your data — ever. Your followers' personal data is never stored or shared beyond what is needed to run your automations. You can delete your account and all data at any time.
GetGrowth is operated by Block and Byte Technologies Pvt Ltd, a company incorporated under the Companies Act, 2013 in India. Our platform helps content creators and businesses automate social media engagement, lead generation, and sales across Instagram, WhatsApp, YouTube, Facebook, and LinkedIn.
For the purposes of applicable data protection laws, Block and Byte Technologies Pvt Ltd is the data controller of personal data we collect from you as a user of our platform. For personal data we process on your behalf about your audience and followers, we act as a data processor.
Registered address: Block and Byte Technologies Pvt Ltd, India · admin@getgrowth.me
We collect several categories of personal information, depending on how you use GetGrowth.
When you connect a social media platform (Instagram, Facebook, WhatsApp Business, LinkedIn, YouTube), we receive and store OAuth access tokens issued by those platforms. These tokens allow GetGrowth to perform actions on your behalf — such as reading comments, sending DMs, or publishing posts.
When your automations run, GetGrowth temporarily processes data about your audience members — such as their usernames, comment text, DM content, and phone numbers captured via lead flows. This data is processed to deliver the automation and is subject to strict handling:
All payments are processed by Cashfree Payments, a PCI-DSS Level 1 certified payment gateway. GetGrowth does not receive, store, or process card numbers, bank account details, or UPI IDs. We receive only:
We collect information in the following ways:
| Purpose | Data Used | Lawful Basis |
|---|---|---|
| Create and manage your account | Name, email, phone | Contract performance |
| Authenticate your identity and secure login | Email, password hash, IP address | Contract + Legitimate interest |
| Run your social media automations | OAuth tokens, automation config, content | Contract performance |
| Generate and publish posts on your behalf | Persona data, topic keywords, OAuth tokens | Contract performance |
| Process payments and issue invoices | Email, billing name, GST number | Contract + Legal obligation |
| Send transactional emails (receipts, alerts) | Email, account activity | Contract performance |
| Send product updates and newsletters | Email, usage preferences | Consent (unsubscribable anytime) |
| Provide customer support | Account details, communications history | Contract + Legitimate interest |
| Detect fraud and prevent abuse | IP address, usage patterns, device data | Legitimate interest |
| Improve platform quality and features | Aggregated, anonymised usage data | Legitimate interest |
| Comply with legal obligations | Billing records, identity data | Legal obligation |
| Respond to legal requests or enforce our Terms | Relevant account data | Legal obligation + Legitimate interest |
We will never use your data for purposes incompatible with those listed above without obtaining your consent first.
Under applicable privacy laws (including GDPR and India's DPDP Act 2023), we must have a valid lawful basis to process your personal data. We rely on the following:
GetGrowth connects to external social media platforms via their official APIs. The data we access on each platform is strictly limited to what is necessary for the features you enable.
When an automation runs (e.g., a comment triggers a DM), GetGrowth processes data in real time to execute the defined action. This may include reading comment text, extracting keywords, generating a reply, and sending it. No human at GetGrowth reviews this content during normal operation.
GetGrowth uses large language model (LLM) technology to generate posts, replies, and message sequences in your voice. When content is generated:
When a lead is captured (e.g., a follower comments a keyword and provides their WhatsApp number), that contact record is stored in your GetGrowth CRM. You are responsible for handling these contacts in compliance with applicable laws in your jurisdiction, including obtaining and documenting consent where required.
We never sell your personal data to any third party. We share data only with the following categories of recipients, strictly as necessary:
| Sub-processor | Purpose | Data Shared | Location |
|---|---|---|---|
| Cashfree Payments | Payment processing | Billing name, email, transaction details | India (PCI-DSS certified) |
| Google Cloud Platform | Cloud infrastructure and hosting | All platform data (encrypted at rest) | asia-south1, Mumbai, India |
| LLM Provider | AI content generation | Persona prompts, post samples, comment context (no follower PII) | USA (under DPA) |
| Meta (Instagram / Facebook / WhatsApp) | Platform API access | OAuth tokens, automation actions | USA / EU / Global |
| Google (YouTube / OAuth) | Platform API access | OAuth tokens, comment data | USA / Global |
| Platform API access | OAuth tokens, post content | USA / EU | |
| Email delivery provider | Transactional email delivery | Email address, email content | Under DPA |
We may also disclose personal data if required by law, court order, or government authority, or where necessary to protect the rights, property, or safety of GetGrowth, our users, or the public.
In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction. We will notify you by email or prominent notice on our platform before your data is subject to a different privacy policy.
We retain your personal data only as long as necessary for the purposes set out in this policy or as required by law.
| Data Type | Retention Period | Reason |
|---|---|---|
| Account information | Duration of account + 30 days after deletion request | Service delivery; grace period for recovery |
| OAuth access tokens | Until revoked or account deleted | Platform connection; encrypted at all times |
| Automation logs & activity history | 90 days rolling | Debugging, analytics |
| CRM / lead contact records | Until you delete them or delete your account | Your business use; you control this data |
| Billing and payment records | 7 years | Indian GST Act compliance |
| Support communications | 3 years | Legal defence; quality assurance |
| Anonymised analytics data | Indefinitely | Aggregate product insights; no personal data retained |
On account deletion, we begin purging your personal data within 30 days, except where retention is required by law. A written deletion request to admin@getgrowth.me will be acknowledged within 72 hours.
We take the security of your data seriously and implement layered technical and organisational controls:
Note: While we implement strong security measures, no system is 100% immune to threats. We encourage you to use a strong, unique password for your GetGrowth account and enable two-factor authentication.
GetGrowth is based in India and primarily stores data on Google Cloud's Mumbai (asia-south1) region. However, some data processing occurs outside India — for example, when our LLM provider or platform APIs (Meta, Google, LinkedIn) process data in the USA or EU.
When personal data is transferred internationally, we ensure appropriate safeguards are in place:
Depending on where you live, you have various rights over your personal data. We respect all of the following, regardless of your location:
Request a copy of all personal data we hold about you. We'll provide it within 30 days in a portable format.
Ask us to correct inaccurate or incomplete personal data. Most data can be updated directly in your account settings.
Request deletion of your personal data ("right to be forgotten"). We'll erase it within 30 days, except where retention is legally required.
Receive your personal data in a structured, machine-readable format (JSON/CSV) to transfer to another service.
Ask us to pause processing of your data in certain circumstances — for example, while we verify a correction request.
Object to processing based on legitimate interests or for direct marketing. We will stop unless we have compelling grounds to continue.
Where processing is based on your consent (e.g., marketing emails), you can withdraw it at any time without affecting prior processing.
Lodge a complaint with your local data protection authority if you believe we have mishandled your data. We'd prefer you contact us first so we can resolve it.
To exercise any of these rights, email admin@getgrowth.me with the subject line "Data Rights Request". We will respond within 30 days (or 15 days for DPDP Act requests). We may ask you to verify your identity before processing the request.
In addition to the universal rights above, users in specific regions have additional protections under local law.
You are protected by the EU General Data Protection Regulation (GDPR) or the UK equivalent. Our lawful bases for processing are listed in Section 5. You have the right to lodge a complaint with your national supervisory authority (e.g., ICO in the UK, CNIL in France, BfDI in Germany). Our EU/UK representative can be contacted at admin@getgrowth.me. We rely on Standard Contractual Clauses for data transfers out of the EEA.
Indian users are protected under India's Digital Personal Data Protection Act, 2023. You have the right to know what data we hold, correct it, request erasure, and nominate a person to exercise rights on your behalf. A Grievance Officer is designated (see Section 17). You may file a complaint with the Data Protection Board of India once it is constituted. We obtain your explicit consent at signup and for specific data uses.
California residents have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information is collected, the right to delete, the right to opt out of sale (we do not sell personal data), and the right to non-discrimination. To exercise these rights, email admin@getgrowth.me with "California Privacy Request" in the subject. We will respond within 45 days.
Brazilian users are protected under Brazil's LGPD. You have the right to confirm the existence of processing, access your data, correct it, anonymise or delete it, request portability, and be informed about sharing. You may also revoke consent at any time. Contact admin@getgrowth.me for any LGPD requests.
Canadian users are protected under PIPEDA (Personal Information Protection and Electronic Documents Act) and, if in Quebec, Law 25. You have the right to access and correct your personal information. We collect only data that is necessary and with your consent. Contact our privacy officer at admin@getgrowth.me.
Australian users are protected by the Privacy Act 1988 and the Australian Privacy Principles (APPs). You have the right to access and correct information we hold about you. If you believe we have breached the APPs, contact us first and then the Office of the Australian Information Commissioner (OAIC) if needed.
Users in the UAE are covered by the UAE Federal Law on Personal Data Protection (PDPL No. 45 of 2021). We process your data only with consent or as permitted by law. You have rights of access, correction, and deletion. Similar rights apply for users in Saudi Arabia, Bahrain, and other GCC countries with applicable data laws.
Regardless of where you are located, GetGrowth applies the same core protections to all users: no data selling, encryption at rest and in transit, the right to access and delete your data, and transparent disclosure of how data is used. We are committed to handling your data responsibly no matter where you are in the world.
We use cookies and similar technologies to operate and improve GetGrowth. Here is what we use and why:
| Cookie Type | Purpose | Can You Opt Out? |
|---|---|---|
| Essential / Strictly Necessary | Keep you logged in, maintain session security, prevent CSRF attacks. The platform cannot function without these. | No — required for service |
| Functional | Remember your preferences (e.g., language, timezone, dashboard layout). | Yes — via browser settings |
| Analytics | Understand how users navigate the product so we can improve it. Data is aggregated and anonymised. | Yes — cookie banner or browser settings |
| Marketing / Advertising | We do not currently use advertising cookies on the GetGrowth platform. | N/A |
You can control cookies through your browser settings at any time. Note that disabling essential cookies will affect your ability to use GetGrowth. For EU/UK users, we display a cookie consent banner on first visit as required by the ePrivacy Directive.
We do not use cross-site tracking, fingerprinting, or any technology to follow you across the internet outside of GetGrowth.
GetGrowth is a professional business tool intended for adults and is not directed at children under the age of 13 (or 16 in the EU/UK as required by local law).
We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact admin@getgrowth.me immediately and we will delete the data promptly.
If you are between 13 and 18, you should use GetGrowth only with the consent and supervision of a parent or legal guardian.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
We encourage you to review this page periodically. Continued use of GetGrowth after the effective date of a revised policy constitutes your acceptance of the changes.
All previous versions of this policy are available on request — email admin@getgrowth.me.
We take privacy seriously. For any questions, requests, or concerns about this policy or how we handle your data, please reach out through the appropriate channel below.
admin@getgrowth.me
Subject: "Privacy Query"
Response within: 5 business days
admin@getgrowth.me
Subject: "Data Rights Request"
Response within: 30 days
Block and Byte Technologies Pvt Ltd
admin@getgrowth.me
Response within: 15 days (as per DPDP Act 2023)
If you discover or suspect a security vulnerability or data breach involving GetGrowth:
admin@getgrowth.me
Subject: "Security Report"
If you are not satisfied with our response, you have the right to escalate to the relevant supervisory authority in your jurisdiction — such as the Data Protection Board of India, the ICO (UK), the CNIL (France), or your applicable regional authority.