Privacy

Privacy Policy

Effective 22 May 2026

1. Who we are

Growth Coach is operated by the team behind Growth Coach. Where this policy refers to we, us, or Growth Coach, it means us. Where it refers to you, it means the person or business with an account, the connected accounts you authorize, and the visitors to your site whose behavior we observe on your behalf.

For privacy questions, contact us at hello@grwth.ch.

2. What we collect

Account information

When you sign up, we collect the email address you use to sign in, the display name and slug you choose for your business, and any contact details you enter in the dashboard. Authentication is by email and password (hashed with bcrypt) or by federated sign-in.

Telemetry from your visitors via tracker.js

You install our tracker.js snippet on your website. It collects, per visitor session:

Page views, clicks, scroll depth, and form input events (form values themselves are masked by default — only field types and lengths are recorded)
An rrweb-style DOM-mutation stream so the coach can replay the session visually
A first-party visitor ID stored in a cookie + localStorage so we can recognize returning visitors
Coarse device fingerprint: user-agent string, screen dimensions, time zone, language
IP address (used for geo lookup and bot detection, then stored alongside the session)

This data describes your visitors' behavior on your site. You are the controller of that data; Growth Coach acts as a processor on your behalf.

Data from connected sources

If you connect Google Analytics, Search Console, an ads platform, your CRM, or another supported integration, we read the data you authorize for the purpose of generating recommendations. We never request more scope than the connector needs, and we never use credentials you provide to access anything outside of that connector's documented purpose.

Coach interactions

We store the prompts, responses, and tool-calls that pass between you and the coach so you can revisit past recommendations and so the coach can recall context.

3. How we use it

We use what we collect to:

Operate Growth Coach: render your dashboard, run the weekly coach cycle, generate recommendations, and serve session replays
Maintain a per-customer retrieval-augmented memory (RAG) so the coach can search your historical sessions and content when reasoning about your site — strictly scoped to your tenant
Detect abuse and protect the service from bots and bad actors
Communicate with you about your account, billing, and product changes

We do not sell your data. We do not use it to train generalized AI models that benefit other customers. The coach reads your tenant's data only when running for your tenant.

4. Google user data

When you connect a Google service — Google Analytics, Search Console, Google Ads, or Google Business Profile — Growth Coach's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

In plain language:

We only access Google account data for which you grant explicit consent, scope by scope.
We use Google user data only to provide and improve the user-facing features that you have authorized — i.e., generating coach recommendations and showing analytics in your dashboard.
We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger/acquisition with continuity of this policy.
We do not use Google user data for serving advertisements, including retargeting or interest-based advertising.
We do not allow humans to read Google user data unless: we have your explicit consent for specific data; it's necessary for security or to comply with applicable law; or the data has been aggregated and anonymized for internal operations.
We do not use Google user data to develop, improve, or train generalized machine-learning models. The Growth Coach coach reasons over your tenant's data only when serving your tenant.

Scopes we request

When you connect Google Analytics 4, we request the https://www.googleapis.com/auth/analytics.readonly scope. We use this scope to read daily metric reports across a small set of dimension cuts (date, source/medium, landing page, device, country) for the GA4 property you select. We never write to your Google Analytics account. We do not use this scope to fetch user-level identifiers.

If you connect Google Search Console, Google Ads, or Google Business Profile in the future, additional read-only scopes will be requested at connect time and listed here.

Revoking access

You can disconnect a Google integration from the Growth Coach dashboard at any time, which deletes the OAuth tokens we hold for that integration. You can also revoke our app's access from your Google account at myaccount.google.com/permissions.

We share data only with:

Subprocessors we use to run the service — our hosting provider, our LLM provider for the coach (Anthropic), and our email-delivery provider. Each is bound to confidentiality and acts only on our instructions.
Law-enforcement or legal recipients — only where required by valid legal process, and we will challenge requests we believe overreach.
A successor in a corporate transaction — only if that successor agrees in writing to honor this policy.

We do not share your data with advertisers or data brokers.

6. Retention

We keep account information for as long as your account is active. We keep session replays, analytics, and coach output for as long as your account is active so the coach can reason over your history. If you delete your account, we delete the data within 30 days (sooner if you ask us to), retaining only what we are legally required to keep (such as billing records).

You can request export or deletion at any time by emailing hello@grwth.ch.

7. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete personal data we hold about you, to restrict or object to its processing, or to withdraw consent. We honor these rights for everyone, not just where law requires it. To exercise any of these rights, contact us at hello@grwth.ch.

If you are an end visitor whose behavior was captured by tracker.js on a site running Growth Coach, your rights are exercised through the site owner, who is the controller of that data. We will support the site owner in honoring your request.

8. Security

We encrypt data in transit (TLS 1.2+) and at rest where the storage layer supports it. OAuth tokens are encrypted with a per-deployment key before being written to the database. Each customer's data is isolated at the database row level with PostgreSQL Row-Level Security; queries are restricted to the requesting tenant. We log access for audit. No system is perfectly secure — if we learn of a breach affecting your data, we will notify you without undue delay.

9. Cookies and tracker.js

On the Growth Coach dashboard, we use a small number of cookies for authentication (session token, refresh token, CSRF protection). These are first-party and necessary for the dashboard to function.

On your website, when you install tracker.js, the script sets a first-party cookie and a localStorage entry to recognize returning visitors. You are responsible for telling your visitors about this in your own cookie/privacy notice; if your jurisdiction requires consent before setting non-essential cookies, you should obtain consent before loading tracker.js.

10. Children

Growth Coach is intended for business owners and is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

11. Changes to this policy

We may update this policy from time to time. When we do, we will update the effective date at the top and, for material changes, notify you via email or an in-dashboard notice. Continued use after the effective date constitutes acceptance.

12. Contact

Privacy questions, deletion requests, or anything else: hello@grwth.ch.