Privacy

PRIVACY POLICY

Last Updated: December 2025

Growthifi LLC (“Growthifi,” “we,” “us,” or “our”) is committed to protecting the privacy, security, and integrity of information processed through our SaaS platform, CRM, messaging infrastructure, APIs, AI systems, and agency/consulting services (“Services”). This Privacy Policy explains how we collect, use, disclose, retain, secure, and safeguard information in compliance with U.S. federal and state privacy laws (including CCPA/CPRA, VCDPA, CTDPA, CPA), GDPR/UK GDPR, TCPA, CTIA, carrier regulations, and industry-standard security and data governance practices. By accessing or using the Services, you acknowledge that you have read, understood, and agree to this Privacy Policy.

1. DEFINITIONS

“Client”

A business or organization that uses Growthifi’s Services.

“Client Data”

Personal information processed by Growthifi solely on behalf of a Client.

“Personal Information”

Information that identifies, relates to, describes, or can reasonably be linked to an individual.

“Sensitive Personal Information”

Information defined as sensitive under applicable U.S. state laws and GDPR.

“Processing”

Any operation performed on personal information (e.g., collecting, storing, using, disclosing).

“End User”

An individual whose information is processed on behalf of a Client.

“Services”

Growthifi’s platform, applications, tools, messaging systems, APIs, websites, and professional/agency services.

2. SCOPE OF THIS POLICY

This policy applies to:

  • Growthifi-owned websites, subdomains, and portals
  • CRM, messaging, automation, AI tools, and APIs
  • Support, onboarding, agency, and consulting activities
  • Data processed across SMS, MMS, RCS, WhatsApp, email, voice, and other channels
  • Data processed for Clients and administrative users

This policy does not apply to:

  • Third-party websites or platforms not controlled by Growthifi
  • Data processed where the Client acts as the controller
  • Aggregated, de-identified, or anonymized information
  • Job applicant or employee data

3. OUR ROLE: CONTROLLER VS. PROCESSOR

3.1 When Growthifi Acts as a Processor / Service Provider

Growthifi processes Client Data solely on documented instructions. Client Data may include:

  • Contact lists, numbers, email addresses
  • SMS/MMS, RCS, WhatsApp, or email message content
  • Consent and opt-in/opt-out records
  • Tags, custom fields, workflows, CRM metadata
  • Delivery logs, timestamps, routing data
  • API events and integrations data

Client obligations:

  • Obtain and maintain all required consents (TCPA, CTIA, GDPR, etc.)
  • Provide accurate disclosures to their contacts
  • Ensure lawful data collection and contact permissions
  • Manage End User rights requests

Growthifi is not responsible for misuse, misconfiguration, or unlawful Client processing of Client Data. A separate Data Processing Addendum (DPA) governs controller–processor responsibilities.

3.2 When Growthifi Acts as a Controller

Growthifi acts as the controller for:

  • Website visitor information
  • User accounts
  • Billing and transactional data
  • Security logs and system analytics
  • Marketing preferences and communications
  • Product usage statistics

4. INFORMATION WE COLLECT

4.1 Information You Provide Directly
  • Name, email, mobile number, business information
  • Login credentials and authentication data
  • CRM entries and uploaded content
  • Billing / subscription details (processed by third-party payment processors)
  • Support inquiries and correspondence
4.2 End-User Information (Client Data)
  • Phone numbers and email addresses
  • Message content and attachments
  • Delivery logs, routing details, timestamps
  • Opt-in, opt-out, and double opt-in records
  • Conversation history, tags, custom fields, automation activity
4.3 Automatically Collected Information
  • IP address, approximate geolocation
  • Browser, device, OS, and network metadata
  • Session identifiers, cookies, and tracking technologies
  • API usage logs
  • Security, fraud, and diagnostic logs
4.4 Data From Third-Party Integrations

When Clients connect integrations, we may process:

  • Contacts, events, and activity data
  • Tags and custom fields
  • Conversation logs or triggers
4.5 Aggregated & De-Identified Information

We may generate anonymized or aggregated data that cannot reasonably identify a person. This is not personal information.

5. CONSENT & TELECOMMUNICATION REGULATIONS (TCPA / CTIA)

Growthifi enforces strict first-party consent requirements.

Clients may not upload or contact:

  • Purchased, rented, scraped, or third-party lists
  • Individuals without verifiable opt-in
  • High-risk or restricted content categories (including SHAFT content)

Clients must:

  • Maintain proof of prior express written consent
  • Provide STOP/HELP mechanisms
  • Honor opt-outs immediately
  • Include required TCPA/CTIA disclosures
  • Ensure “Message and data rates may apply” is communicated

Carrier violations may result in suspension or termination.

6. HOW WE USE PERSONAL INFORMATION

6.1 Service Delivery & Operations
  • Authentication and account management
  • CRM operation, workflows, and automation
  • Message routing, deliverability optimization, and carrier compliance
  • Logging, monitoring, diagnostics, and fraud prevention
6.2 Support & Communications
  • Account updates
  • Security alerts and system notifications
  • Technical and customer support
6.3 Analytics, Optimization & AI

We use information to:

  • Improve functionality, performance, and reliability
  • Detect anomalies, fraud, and abuse
  • Train and enhance internal AI systems using anonymized data only

We do not use identifiable Client Data to train AI without explicit authorization. If pseudonymized data is used internally for quality assurance, it is never used to identify an individual. AI outputs may require human review.

6.4 Marketing (Opt-Out Anytime)
  • Email and SMS marketing
  • Retargeting (with consent where required)
  • Webinars, events, and newsletters

You may opt out of marketing communications at any time.

6.5 Legal and Regulatory Compliance
  • Telecommunications laws
  • Carrier audits
  • Fraud investigations
  • Court orders or government requests

7. HOW WE DISCLOSE PERSONAL INFORMATION

We do not sell personal information.

We may share information with:

7.1 Messaging & Telecom Infrastructure

For SMS, MMS, RCS, WhatsApp, email, and voice delivery.

7.2 Cloud Hosting & Security Providers

For storage, encryption, monitoring, logging, and high availability.

7.3 Integration & API Partners

Based on Client-approved configurations.

7.4 Sub-Processors

For billing, analytics, authentication, support, and other operational functions. A list is maintained on our Sub-Processor Disclosure page.

7.5 Business Transfers

Information may be disclosed as part of a merger, acquisition, financing, or sale of assets.

7.6 Legal or Security Requirements

If required by law, subpoena, court order, carrier audit, or fraud investigation.

7.7 Business Continuity

Data may be included in encrypted backups and disaster-recovery systems.

8. DATA SECURITY

Security measures include:

  • Encryption at rest and in transit (TLS)
  • Role-based access control
  • Multi-factor authentication
  • Network and log monitoring
  • Intrusion detection and threat analysis
  • Vulnerability scanning and penetration testing
  • Principle of least privilege

No system can guarantee absolute security.

9. DATA RETENTION

Unless required otherwise by law or carrier policy:

Data Category Retention
Message Content 90 days
Delivery Logs & Routing Metadata 7 years
CRM Contact Records Until Client deletion or account closure
Billing & Transaction Records As required by tax and audit law
Support Tickets Up to 3 years
Backups Deleted on rolling schedules
Security Logs As needed for fraud, legal, or audit purposes

Retention may be extended for ongoing investigations or legal obligations.

10. COOKIES & TRACKING TECHNOLOGIES

We use:

  • Essential cookies
  • Analytics cookies (opt-in where required)
  • Advertising/retargeting pixels
  • Session identifiers

A cookie consent management tool is used where required under GDPR/UK GDPR. Users may manage cookie preferences via browser settings.

11. U.S. STATE PRIVACY RIGHTS (INCLUDING CCPA/CPRA)

11.1 Categories of Personal Information Collected (Past 12 Months)

(CPRA-compliant format)

Category Examples Sold/Shared?
Identifiers Name, email, phone number, IP address No
Customer Records Billing info, account details No
Commercial Info Service usage, subscription records No
Internet Activity Device data, cookies, logs No
Sensitive PI Account login credentials No
Geolocation Approximate IP-based location No
Inferences Internal analytics No
11.2 Rights for California and Other State Residents

You may:

  • Request to know categories or specific pieces of personal information
  • Request correction or deletion
  • Opt out of “sale” or “sharing” (Growthifi does neither)
  • Limit use of Sensitive Personal Information
  • Submit a privacy rights request through our dedicated portal
  • Appeal any denied request
  • Exercise rights without discrimination

Verification Procedures. We verify requests by matching identifying information (e.g., email, phone, account data).

Appeals Process. If your request is denied, you may file an appeal by contacting [email protected]. For Client Data, requests must be directed to the Client.

12. GDPR / UK GDPR RIGHTS

EU/UK residents may:

  • Access, correct, or delete data
  • Restrict or object to processing
  • Withdraw consent at any time
  • Request data portability
  • Lodge complaints with local Data Protection Authorities
  • Request information about automated decision-making

Lawful bases include: Contract, Legitimate Interests, Legal Obligations, and Consent.

13. INTERNATIONAL TRANSFERS

Data may be processed in the U.S. or other countries. Safeguards include:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Additional technical and organizational measures
  • Sub-processor contractual obligations
  • Participation of certain sub-processors in the EU-U.S. Data Privacy Framework (DPF) where applicable

14. AI SYSTEMS & AUTOMATED DECISION-MAKING

Growthifi uses AI for:

  • Workflow automation
  • Message classification
  • Lead scoring
  • Fraud/spam detection
  • Support tools
  • Performance optimization

We do not use AI for automated decision-making that produces legal or similarly significant effects on individuals.

15. HIPAA & MEDICAL DATA

Growthifi is not HIPAA-compliant and does not sign BAAs. Clients may not transmit:

  • PHI
  • Medical records
  • Patient data

Any discovered PHI will be deleted.

16. CHILDREN’S PRIVACY

Our Services are not intended for individuals under 18. We do not knowingly collect information from children under 13 (COPPA). If discovered, data will be deleted promptly.

17. CHANGES TO THIS PRIVACY POLICY

We may update this Policy periodically. Material changes will be communicated via:

  • Email
  • Website banners
  • In-platform notices

18. CONTACT INFORMATION

Growthifi LLC
129 East Maple St
Hegins, PA 17938
Email: [email protected]

Growthifi unifies your CRM, automations, & multi-channel messaging with an AI intelligence layer — creating a high-performance engine built on 10+ years of mobile marketing expertise.

Solutions

All-in-one Growth Platform

Sales Enablement Services

Advertising Services

API Suite

© 2026 Growthifi - All Rights Reserved.