Data Security and Privacy

This page contains an overview of data management, security and privacy policy of the Growhold service and website.

The key takeaways are:

  • Growhold service provides tools and architectures to comply data privacy regulations. We are GDPR compliant.
  • Client reserves all rights to the stored data. Growhold provides tools for data privacy controls and customized data exports.
  • Data is isolated for each client and located behind several firewalls on Amazon Web Services architecture.
  • Growhold’s public website is cookieless and based on anonymous visitor tracking only.
  • When user is logged in, cookies only maintain the user session. User’s activities are tracked without cookies.
  • Client’s data is hosted in US, EU or Singapore data center according to the client’s preference.
  • Growhold’s own data relating to global service usage, user profiles, customer records and invoicing is hosted in US.

GDPR and ePrivacy

Growhold is committed to compliance of the EU General Data Protection Regulation (GDPR) and ePrivacy. Key aspects are listed below.

Personal data items

Growhold stores the following personal data when user signs up or uses the service.

  • Full name
  • Company name
  • Email address
  • Email optout
  • User role (administrator or standard user)
  • For paying clients: Company address, VAT number and subscribed plan
  • City and country (by user’s IP address location)
  • Events that indicate actions taken by user, for example inviting a new users, connecting a new integration or viewing the content
  • Technical information, such as IP address, browser name, the type of computer and network connection provided by internet protocols

Data persistence and removal

All client data in Growhold online service is removed one month after a client cancels the subscription or ends the free trial. An off-line backup of the data is carried out every day. These backups are stored for a maximum of two months.

Information that relates to business relationship between client and Growhold is maintained as long as needed for legal purposes according to US laws and regulations.

Location of data

The Growhold service and client’s data are hosted in the selected local data center in US, EU or Singapore according to client’s preference. To provide strict control for clients, Growhold provides a field mapping template feature that helps to restrict the data available for integrations.

Data that relates to using the Growhold, such as subscription plans, service usage or company invoicing details are hosted in US.

List of 3rd party services

Growhold uses the following 3rd party services to store personal identification data.

Following services store anonymous non-personal identification information relating to service usage.

Data report

According to GDPR and ePrivacy regulations, client and individual users have right to ask a report of personal identification data and related details from Growhold. We will deliver the report within five business days upon request, after validating the requester&rsquo’s identity.

Security

The Growhold service runs in a secure hosted environment on Amazon Web Services behind several layers of firewalls. The Growhold app runs on the customer’s device, which can be for example a laptop or a tablet.

Authentication and authorization

Customers are authenticated with a username and password by the Growhold app to prevent unauthorized access to the platform. Only password hashes are stored.

A token is generated by the service upon login. All further requests to the Growhold service are authenticated with the token. The token is validated and request is authorized so that users can only access data from their own account.

Access to external data sources

Growhold plartform provides data analytics based on clients’ existing data in external data sources. Thus clients must give access to these systems. The credentials and access keys to the data sources are encrypted in the storage.

Access in the data source systems can and should be limited to specific data sets only. Especially in the case of subscription billing management, such as Stripe or Chargebee, this means giving a read-only access to only strictly mandatory data sets. Client controls this with tools provided by those source systems.

Stored data items

Data that is pulled from external data sources and stored to Growhold while using the service is fully owned by client and isolated into client-specific database. Growhold stores only the data that is visible for client in analytics views and automation features.

For subscription billing integrations this includes, but not limits to

  • Subscription details, such as start, end, invoice period, charges and fees
  • Client payment details, such as payment method and credit card expiration time
  • Account details, such as company name and address

Data items that are stored by user tracking API or other user event integrations can be fully controlled by client. Typically they include at least

  • User on-site or in-app events, such as page views or feature usage
  • Technical data related to events, such as browser name or IP address

Stored data typically contains elements that relate to GDPR and other similar regulations. While Growhold provides the tools to make compliance easier, the client is fully responsible for maintaining their own good standing towards these regulations.

Data encryption

All data is encrypted using TLS (SSL) while in transit. Credentials and access keys to external data sources are also encrypted when in storage. Storage databases in turn are encrypted as provided by Amazon Web Services RDS system.

Privacy

Growhold uses, maintains and discloses information collected from the users of the website and services.

Personal identification information

We may collect personal identification information from users in a variety of ways, including, but not limited to, when user sign up for a free trial, place an order, and in connection with other services or features we make available on our site. Users may be asked for personal information such as name, business name and email address.

We will collect personal identification information from user only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain site and service related activities.

Non-personal identification information

We may collect non-personal identification information about users whenever they interact with our site. Non-personal identification information may include the browser name, the type of computer and technical information about users means of connection to our site, such as the internet service providers utilized. This data is maintained anonymously unless if voluntarily logged in to our service.

Web browser cookies

When voluntarily signing up or logging in to our services, our site uses strictly mandatory session cookies to enhance user experience. User's web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the site and especially the service will not function properly.

How we use collected information

  • To improve customer service. Information you provide helps us respond to your customer service requests and support needs more efficiently.
  • To personalize user experience. We may use information in the aggregate to understand how our users as a group use the services and resources provided on our site.
  • To send periodic emails. We may use the email address to send user information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests

Sharing your personal information

We do not sell, trade, or rent users personal identification information to others. We may only share generic aggregated demographic information not linked to any personal identification information regarding visitors and users.

Changes to this security and privacy policy

Growhold has the discretion to update this security and privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect.

Contact

If you have any questions about this data security and privacy policy, the practices of this site, or your dealings with this site, please send us email to support@growhold.com or call us +1 (917) 267-7934.

Updated: 24th of June 2020


 

Copyright © 2020 Growhold, Inc. - Security and Privacy Policy