GrowthzillaOS®

Privacy Policy

Last updated: June 25, 2026

1. Introduction

GrowthzillaOS® is a brand operated by Saleselite Consulting Group FZCO ("we," "us," "our," or the "Company"). The Company operates the website growthzilla.ae and the GrowthzillaOS® platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal data when you access or use our Service.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, password (hashed), company name, industry, business description, and other onboarding details you submit during registration.
  • Payment Information: Billing address and payment method details. Payment processing is handled by Stripe, Inc. We do not store full credit card numbers on our servers.
  • Business Data: Marketing content, brand guidelines, target audience descriptions, campaign assets, lead data, customer reviews, social media content, email sequences, and other materials you create or upload through the Service.
  • Communication Data: Messages, support requests, feedback, and other communications you send to us or through the Service (including Telegram and WhatsApp bot interactions).
  • Third-Party Account Credentials: OAuth tokens and API keys for connected services (Google, LinkedIn, Meta/Facebook, Telegram, WhatsApp) that you voluntarily integrate. These credentials are encrypted at rest.

2.2 Information Collected Automatically

  • Device & Browser Data: IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
  • Usage Data: Pages visited, features used, click patterns, session duration, referring URLs, search queries within the platform, and interaction timestamps.
  • Cookies & Tracking Technologies: We use essential cookies for authentication and session management, functional cookies for user preferences (e.g., theme, workspace), and analytics cookies to understand usage patterns. See Section 8 for more details.
  • Log Data: Server logs that record requests, errors, timestamps, and response codes.

2.3 Information from Third Parties

  • Single Sign-On (SSO): If you sign in via Google, we receive your name, email address, and profile picture from Google's OAuth API.
  • Connected Integrations: When you connect LinkedIn, Meta, or other marketing platforms, we may receive profile data, page insights, and publishing permissions as authorized by you.
  • Payment Provider: Stripe may share transaction status, subscription details, and fraud-prevention signals with us.

3. How We Use Your Information

We process your personal data for the following purposes:

  • Service Delivery: To create and maintain your account, provide AI-powered marketing tools, generate content, manage campaigns, and deliver the core functionality of GrowthzillaOS®.
  • AI Processing: Your business data (company name, industry, brand guidelines, content history) is used as context for our AI agents to generate personalized marketing content, strategies, and recommendations. AI-generated outputs are stored in your account.
  • Communication: To send transactional emails (welcome emails, lead notifications, password resets), alert notifications via your configured channels (email, Telegram, WhatsApp), and — with your consent — marketing communications about new features.
  • Billing & Subscriptions: To process payments, manage subscription tiers, track token/credit usage, and handle auto-recharge if enabled.
  • Analytics & Improvement: To understand how the Service is used, identify trends, diagnose technical issues, and improve features, performance, and user experience.
  • Security & Fraud Prevention: To detect and prevent unauthorized access, abuse, spam, and fraudulent activity, including rate limiting and lead deduplication.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or government requests.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or a jurisdiction that requires a legal basis for processing, we rely on the following:

  • Contractual Necessity: Processing required to perform our contract with you (e.g., providing the Service, managing your account).
  • Legitimate Interests: Processing for our legitimate business interests (e.g., improving the Service, security, fraud prevention), provided these interests are not overridden by your fundamental rights.
  • Consent: Where you have given explicit consent (e.g., marketing emails, optional analytics cookies). You may withdraw consent at any time.
  • Legal Obligation: Processing necessary to comply with legal requirements.

5. Data Sharing & Disclosure

We do not sell your personal data. We may share information with:

  • Service Providers: Trusted third-party vendors who assist in operating the Service, including:
    • Stripe, Inc. — payment processing
    • Cloud infrastructure providers — hosting and data storage
    • AI model providers — language model inference (your data is sent as API calls and is not used to train third-party models)
    • Email delivery services — transactional and notification emails
  • Connected Platforms: When you authorize integrations (e.g., publishing to LinkedIn or Meta), data is shared with those platforms as necessary to perform the requested action.
  • Agency Accounts: If you operate under an agency workspace, the agency owner may have access to workspace-level analytics and content. Individual lead data and account credentials remain private to each user.
  • Legal Requirements: We may disclose information if required by law, subpoena, court order, or government request, or to protect the rights, property, or safety of GrowthzillaOS®, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred as part of that transaction. We will notify you of any such change.

6. Data Retention

  • Account Data: Retained for the duration of your active account plus 90 days after deletion request to allow for recovery.
  • Business & Marketing Data: Retained for as long as your account is active. Upon account deletion, all associated marketing content, leads, campaigns, and generated materials are permanently deleted within 30 days.
  • Payment Records: Transaction records are retained for 7 years to comply with tax and accounting regulations.
  • Log Data: Server and access logs are retained for up to 12 months for security and debugging purposes.
  • Backup Data: Encrypted backups may retain data for up to 30 days after deletion from primary systems.

7. Data Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted using TLS 1.2 or higher.
  • Passwords are salted and hashed using bcrypt.
  • Third-party API credentials and tokens are encrypted at rest using AES-256.
  • Database connections use SSL and are access-controlled with role-based permissions.
  • We enforce rate limiting, input validation, and CSRF protection across all API endpoints.
  • Regular security reviews and dependency vulnerability scanning.

While we strive to protect your personal data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Cookies & Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Functional Cookies: Store your preferences such as theme settings, workspace selection, and notification preferences.
  • Analytics Cookies: Help us understand usage patterns and improve the Service. You may opt out of analytics cookies in your browser settings.

We do not use advertising or retargeting cookies. We do not participate in cross-site tracking networks.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention obligations.
  • Portability: Request your data in a structured, machine-readable format (CSV export is available for leads and content).
  • Restriction: Request that we limit processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Automated Decision-Making: Our AI agents generate marketing recommendations, but no fully automated decisions with legal or similarly significant effects are made without human involvement.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. International Data Transfers

Your data may be processed in jurisdictions outside your country of residence, including the United States, where our cloud infrastructure providers operate. When transferring data internationally, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Data processing agreements with all sub-processors.
  • Adequacy decisions where applicable.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at [email protected] and we will promptly delete such information.

12. AI-Specific Disclosures

  • AI-Generated Content: Content produced by our AI agents (blog posts, social media copy, email sequences, strategies, ad campaigns) is generated based on your inputs and business context. You own all AI-generated content created through your account.
  • Model Training: Your business data and AI-generated outputs are not used to train or fine-tune any third-party AI models. Data sent to AI providers is processed under strict data processing agreements and is not retained by them beyond the immediate request.
  • Human Oversight: All AI-generated content is presented to you for review before publication. No content is auto-published without your explicit action (unless you enable auto-publish features, which require manual opt-in).

13. UAE & MENA Region Compliance

For users located in the United Arab Emirates, we comply with applicable data protection regulations including UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and its implementing regulations. Your rights under UAE law are respected and enforced.

14. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the CCPA/CPRA:

  • Right to Know: What personal information we collect, use, and disclose.
  • Right to Delete: Request deletion of your personal information.
  • Right to Opt-Out of Sale: We do not sell personal information. No opt-out is necessary.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to your registered address and/or through a prominent notice on the Service. Your continued use of the Service after the effective date of changes constitutes acceptance of the updated policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: