Data Security and Privacy
The key takeaways are:
Growhold service provides tools and architectures to comply data privacy regulations. We are GDPR compliant.
Client reserves all rights to the stored data. Growhold provides tools for data privacy controls and customized data exports.
Data is isolated for each client and located behind several firewalls on Amazon Web Services architecture.
Growhold’s public website is cookieless and based on anonymous visitor tracking only.
When user is logged in, cookies only maintain the user session. User’s activities are tracked without cookies.
Client’s data is hosted in US, EU or Singapore data center according to the client’s preference.
Growhold’s own data relating to global service usage, user profiles, customer records and invoicing is hosted in US.
GDPR and ePrivacy
Growhold is committed to compliance of the EU General Data Protection Regulation (GDPR) and ePrivacy. Key aspects are listed below.
Personal data items
Growhold stores the following personal data when user signs up or uses the service.
- Full name
- Company name
- Email address
- Email optout
- User role (administrator or standard user)
- For paying clients: Company address, VAT number and subscribed plan
- City and country (by user’s IP address location)
- Events that indicate actions taken by user, for example inviting a new users, connecting a new integration or viewing the content
- Technical information, such as IP address, browser name, the type of computer and network connection provided by internet protocols
Data persistence and removal
All client data in Growhold
online service is removed one month after a client
cancels the subscription or ends the free trial.
An off-line backup of the data is carried out every day.
These backups are stored for a maximum of two months.
Information that relates to business relationship between client and Growhold
is maintained as long as needed for legal purposes according to US laws and regulations.
Location of data
The Growhold service and client’s data are
hosted in the selected local data center in US, EU or Singapore according to client’s preference.
To provide strict control for clients, Growhold
provides a field mapping template feature that helps
to restrict the data available for integrations.
Data that relates to using the Growhold, such as subscription plans, service usage or company invoicing details are hosted in US.
List of 3rd party services
Growhold uses the following 3rd party services to store personal identification data.
Following services store anonymous non-personal identification information relating to service usage.
According to GDPR and ePrivacy regulations, client and individual users have right to ask a report of personal identification data and related details from Growhold.
We will deliver the report within five business days upon request, after validating the requester&rsquo’s identity.
The Growhold service runs in a secure hosted environment on Amazon Web Services behind several layers of firewalls. The Growhold app runs on the customer’s device, which can be for example a laptop or a tablet.
Authentication and authorization
Customers are authenticated with a username and password by the Growhold app to prevent unauthorized access to the platform. Only password hashes are stored.
A token is generated by the service upon login. All further requests to the Growhold service are authenticated with the token. The token is validated and request is authorized so that users can only access data from their own account.
Access to external data sources
Growhold plartform provides data analytics based on clients’ existing data in external data sources. Thus clients must give access to these systems. The credentials and access keys to the data sources are encrypted in the storage.
Access in the data source systems can and should be limited to specific data sets only.
Especially in the case of subscription billing management, such as Stripe or Chargebee,
this means giving a read-only access to only strictly mandatory data sets.
Client controls this with tools provided by those source systems.
Stored data items
Data that is pulled from external data sources and stored to Growhold while using the service is fully owned by client and isolated into client-specific database.
Growhold stores only the data that is visible for client in analytics views and automation features.
For subscription billing integrations this includes, but not limits to
- Subscription details, such as start, end, invoice period, charges and fees
- Client payment details, such as payment method and credit card expiration time
- Account details, such as company name and address
Data items that are stored by user tracking API or other user event integrations can be fully controlled by client. Typically they include at least
- User on-site or in-app events, such as page views or feature usage
- Technical data related to events, such as browser name or IP address
Stored data typically contains elements that relate to GDPR and other similar regulations.
While Growhold provides the tools to make compliance easier,
the client is fully responsible for maintaining their own good standing towards these regulations.
All data is encrypted using TLS (SSL) while in transit.
Credentials and access keys to external data sources are also encrypted when in storage.
Storage databases in turn are encrypted as provided by Amazon Web Services RDS system.
Growhold uses, maintains and discloses information
collected from the users of the website and services.
Personal identification information
We may collect personal identification information from users in a variety of
ways, including, but not limited to, when user sign up for a free trial, place an order, and in
connection with other services or features we make available
on our site. Users may be asked for personal information such as
name, business name and email address.
We will collect personal identification information from user only if they voluntarily
submit such information to us. Users can always refuse to supply personally
identification information, except that it may prevent them from engaging in
certain site and service related activities.
Non-personal identification information
We may collect non-personal identification information about users whenever they
interact with our site. Non-personal identification information may include the
browser name, the type of computer and technical information about users means
of connection to our site, such as the internet service providers utilized.
This data is maintained anonymously unless if voluntarily logged in to our service.
Web browser cookies
When voluntarily signing up or logging in to our services, our site uses strictly
mandatory session cookies to enhance user experience. User's web browser places
cookies on their hard drive for record-keeping purposes and sometimes to track
information about them. User may choose to set their web browser to refuse
cookies, or to alert you when cookies are being sent. If they do so, note that some
parts of the site and especially the service will not function properly.
How we use collected information
- To improve customer service. Information you provide helps us respond
to your customer service requests and support needs more efficiently.
- To personalize user experience. We may use information in the aggregate
to understand how our users as a group use the services and resources provided on our site.
- To send periodic emails. We may use the email address to send user information
and updates pertaining to their order. It may also be used to respond to
their inquiries, questions, and/or other requests
Sharing your personal information
We do not sell, trade, or rent users personal identification information to others.
We may only share generic aggregated demographic information not linked to any
personal identification information regarding visitors and users.
When we do, we will revise the updated date at the bottom of this page. We
encourage users to frequently check this page for any changes to stay informed
about how we are helping to protect the personal information we collect.
your dealings with this site, please send us email to firstname.lastname@example.org
or call us +1 (917) 267-7934.
Updated: 24th of June 2020