Privacy Policy

10 May 2025

Growzy AI (“Growzy AI”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, disclose, and safeguard the information obtained when you use our GPT Action product (the “Services”). We collect only minimal information from user interactions (such as the text inputs you provide, the outputs we generate, and related usage metadata) and we use it solely to provide and improve our Services. We do not share your data with third parties for any commercial purpose, nor do we use cookies or third-party analytics. This policy applies globally and is designed to comply with relevant data protection laws, including the EU General Data Protection Regulation (GDPR), California’s CCPA/CPRA, and India’s Digital Personal Data Protection Act (DPDP Act)

Our Services are not intended for minors. If you are under the applicable age of consent (under 16 in the EU, under 18 in India), please do not use the Services.

Information We Collect

We collect and process only the information necessary to provide and improve the Services. This includes:

User-Provided Content (Inputs and Outputs): The text, prompts, or files that you submit to our GPT Action product and the corresponding responses or outputs generated by the Service. If you include personal details in your inputs (such as names, contact information, or sensitive data), that information will be processed as part of providing the output. We encourage you to avoid sharing sensitive personal data in your prompts whenever possible.

Usage Metadata: Non-identifying technical information about how you use the Services, such as timestamps of interactions, pages or features accessed, device type, browser type, and IP address or approximate location. We collect this data to monitor usage and improve system performance and reliability.

Optional Contact Information: Only if you choose to contact us (for example, for support or inquiries), we may collect your name, email address, or other contact details to respond to your request.

We do not collect personal identifiers (like your real name, email, or billing information) unless you voluntarily provide them. We also do not use cookies, web beacons, tracking pixels, or any third-party analytics or advertising services on our website or in our Services. We treat all information confidentially and with strong security measures, and we do not share your data with third parties for commercial purposes

How We Use Information

We use the information we collect only for legitimate purposes necessary to operate and improve our Services. In particular, we use your data to:

Provide and maintain the Services: We use your inputs to generate outputs, and we use usage data to ensure our system is working properly. For example, we may monitor for errors or abuse and optimize system performance.

Improve our product: We analyze inputs, outputs, and usage patterns to develop new features, enhance accuracy, and train our models, always focusing on improving user experience.

Security and fraud prevention: We use metadata (like IP addresses or unusual usage patterns) to protect against abuse, unauthorized access, or fraud.

Legal compliance: We may process and retain data as necessary to comply with applicable laws, prevent fraud, or respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We do not use your data for marketing or advertising. We do not sell, rent, or otherwise disclose your personal information to advertisers, marketers, or other unrelated third parties. We do not sell personal data, and we do not engage in “cross-context behavioral advertising.” We will only share your information with third parties in very limited circumstances, such as when required by law or to provide services on our behalf (e.g. cloud hosting providers), and such parties are contractually obligated to protect your data and use it only for the agreed purpose.

Legal Basis for Processing

For users in the European Economic Area (EEA), UK, and other regions governed by GDPR, we process personal data only when we have a valid legal basis. Under GDPR Article 6, lawful bases include consent and performance of a contract. For example, by using our Services you consent to the processing of your inputs and outputs. We may also process data as necessary to fulfill our agreement with you (performance of contract) or for our legitimate interests (such as improving the Services), provided those interests do not override your rights. Under India’s DPDP Act, consent is the primary legal basis for processing personal data. We will obtain your consent to process any personal data, and you are free to withdraw consent at any time. We rely on such consent (and on other legitimate purposes allowed by law) to process data for providing and improving our product. For processing the data of minors (under 18 in India, under 16 in the EU), we will obtain verifiable parental consent beforehand, though our Services are generally not directed at children. In summary, we process your data only when necessary for the Service (contract), with your consent, or under legitimate interests of providing and improving our Services, and always in compliance with applicable law

.

Data Sharing and Disclosure

We do not share your personal data with third parties, except in the following limited cases:

Service Providers: We may engage trusted third-party vendors (such as cloud infrastructure or technical support providers) to assist in operating the Service. These providers are contractually bound to use your data only to provide the requested services and to protect it.

Legal Requirements: We may disclose data if required by law (e.g. in response to a subpoena or lawful government request), to comply with legal processes, or to protect the rights, property, or safety of Growzy AI or others.

Aggregated/Anonymized Data: We may use or share aggregated or de-identified data that cannot reasonably identify you, for research or analysis.

We do not sell, rent, or otherwise commercialize your personal information. We do not share your data with advertisers or social media companies. All data shared with any vendor or authority is limited to what is strictly necessary, and we always require appropriate safeguards. As stated above, “we treat the information you have provided in an absolutely confidential manner” and “we do not share your data with third parties for commercial purposes."

Cookies and Tracking

We do not use cookies or similar tracking technologies on our website or in the GPT Action product. We do not use third-party analytics, advertising networks, or any tools that monitor users beyond our platform. No information is collected via cookies when you use our Services.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes of this policy and to meet legal obligations. Typically, we keep your inputs, outputs, and usage logs for a limited period (for example, up to 12 months) to allow for system improvement and debugging. After such time, we delete or anonymize your data. We also delete your data upon request (see Your Rights below), unless we have a compelling lawful reason to keep it (e.g. to comply with law, resolve disputes, or enforce our agreements). We do not keep data “just in case,” and we regularly purge data that is no longer needed, ensuring processing is “limited to authorized needs”

.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or disclosure. This includes using industry-standard security technologies such as encryption (HTTPS/TLS for data in transit), secure data storage, regular security audits, and strict access controls. Only authorized personnel or service providers have access to personal data, and they are trained to handle it securely. As one policy puts it, we are “committed to the protection and confidentiality of your personal data” and ensure that processing is “lawful, fair, transparent and limited to authorized needs”. While no system is completely secure, we strive to protect your information to the best of our ability. If a security incident affecting your personal data occurs, we will notify you and regulators as required by law.

International Data Transfers

Your data may be stored and processed in countries other than your own (for example, in India or the United States) where our servers or service providers are located. We comply with applicable transfer rules: for EU/EEA users, we will use approved transfer mechanisms such as European Commission Standard Contractual Clauses or rely on an adequacy decision. We will always take steps to ensure that your data remains protected no matter where it is processed. By using our Services, you consent to such transfers.

Children’s Privacy

Our Services are not intended for children. We do not knowingly collect personal data from anyone under the applicable age of consent (under 16 in the EU, under 18 in India). If you are a minor, please do not use our Services or submit any information to us. If we learn that we have collected personal information from a child without verified parental consent, we will delete such information from our systems. Under India’s DPDP Act, a “child” is anyone under 18, and processing a child’s data requires parental consent; we will comply with this requirement. If you believe we might have any information from or about a child, please contact us immediately.

Your Rights

Depending on your location, you have certain rights regarding your personal data. We are committed to helping you exercise these rights. In general, these may include:

Rights of EU/EEA/UK Users (GDPR): You have the right to access the personal data we hold about you, to correct or update it, to erase it (also known as the “right to be forgotten”), to restrict or object to its processing, and to request its portability to another service. You also have the right to withdraw your consent at any time (without affecting the lawfulness of prior processing) and to lodge a complaint with a European data protection authority.

California Consumers (CCPA/CPRA): If you are a California resident, you may request to know the categories of personal information we collect, the sources, purposes, and the recipients of your data, and you may request deletion of your personal information (subject to exceptions). You have the right to correct inaccurate personal information. You may opt out of the “sale” or “sharing” of your personal information; please note we do not sell or share personal information for advertising, so this right does not apply to our Services. We will not discriminate against you for exercising your CCPA/CPRA rights, meaning we will not change the price or quality of our Services if you exercise these rights.

.

Indian Residents (DPDP Act): If you are an Indian resident, you have the right to confirm whether we are processing your data and to access it, as well as to correct, update, complete, or erase it. You have the right to withdraw your consent at any time, and to restrict processing of your data for certain purposes. For detailed guidance, see Section 12 of the DPDP Act.

If you wish to exercise any of these rights, please contact us (see below) with details of your request. We will verify your identity and respond in accordance with applicable law (typically within 30 days). In the EU and India, you may also contact your local data protection authority for assistance.

California Privacy Notice

In compliance with California law, this section outlines specific California privacy rights:

No Sale of Personal Data: We do not sell or share personal information about California residents for monetary compensation or for targeted advertising.

Your Rights: California residents have the rights described above under Your Rights (know, delete, correct, limit, etc.). We provide free methods for submitting requests, as outlined below.

Non-Discrimination: We will not discriminate against you for exercising any privacy rights under California law.

To submit a California data access or deletion request, please contact us as specified below. We will not charge a fee for a verified request, and will respond in accordance with the law.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time (for example, as laws change or our practices evolve). When we do, we will revise the “Effective Date” at the top of this policy. Material changes will be notified by posting the new policy on our website, and if required by law, by other means (such as email). We encourage you to review this policy periodically. Your continued use of the Services after any update means you accept the revised policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your rights (access, correction, deletion, etc.), please contact our Data Protection Officer at:

Email: support@growzy.ai

Company: Growzy AI

Growzy AI (“Growzy AI”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, disclose, and safeguard the information obtained when you use our GPT Action product (the “Services”). We collect only minimal information from user interactions (such as the text inputs you provide, the outputs we generate, and related usage metadata) and we use it solely to provide and improve our Services. We do not share your data with third parties for any commercial purpose, nor do we use cookies or third-party analytics. This policy applies globally and is designed to comply with relevant data protection laws, including the EU General Data Protection Regulation (GDPR), California’s CCPA/CPRA, and India’s Digital Personal Data Protection Act (DPDP Act)

Our Services are not intended for minors. If you are under the applicable age of consent (under 16 in the EU, under 18 in India), please do not use the Services.

Information We Collect

We collect and process only the information necessary to provide and improve the Services. This includes:

User-Provided Content (Inputs and Outputs): The text, prompts, or files that you submit to our GPT Action product and the corresponding responses or outputs generated by the Service. If you include personal details in your inputs (such as names, contact information, or sensitive data), that information will be processed as part of providing the output. We encourage you to avoid sharing sensitive personal data in your prompts whenever possible.

Usage Metadata: Non-identifying technical information about how you use the Services, such as timestamps of interactions, pages or features accessed, device type, browser type, and IP address or approximate location. We collect this data to monitor usage and improve system performance and reliability.

Optional Contact Information: Only if you choose to contact us (for example, for support or inquiries), we may collect your name, email address, or other contact details to respond to your request.

We do not collect personal identifiers (like your real name, email, or billing information) unless you voluntarily provide them. We also do not use cookies, web beacons, tracking pixels, or any third-party analytics or advertising services on our website or in our Services. We treat all information confidentially and with strong security measures, and we do not share your data with third parties for commercial purposes

How We Use Information

We use the information we collect only for legitimate purposes necessary to operate and improve our Services. In particular, we use your data to:

Provide and maintain the Services: We use your inputs to generate outputs, and we use usage data to ensure our system is working properly. For example, we may monitor for errors or abuse and optimize system performance.

Improve our product: We analyze inputs, outputs, and usage patterns to develop new features, enhance accuracy, and train our models, always focusing on improving user experience.

Security and fraud prevention: We use metadata (like IP addresses or unusual usage patterns) to protect against abuse, unauthorized access, or fraud.

Legal compliance: We may process and retain data as necessary to comply with applicable laws, prevent fraud, or respond to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We do not use your data for marketing or advertising. We do not sell, rent, or otherwise disclose your personal information to advertisers, marketers, or other unrelated third parties. We do not sell personal data, and we do not engage in “cross-context behavioral advertising.” We will only share your information with third parties in very limited circumstances, such as when required by law or to provide services on our behalf (e.g. cloud hosting providers), and such parties are contractually obligated to protect your data and use it only for the agreed purpose.

Legal Basis for Processing

For users in the European Economic Area (EEA), UK, and other regions governed by GDPR, we process personal data only when we have a valid legal basis. Under GDPR Article 6, lawful bases include consent and performance of a contract. For example, by using our Services you consent to the processing of your inputs and outputs. We may also process data as necessary to fulfill our agreement with you (performance of contract) or for our legitimate interests (such as improving the Services), provided those interests do not override your rights. Under India’s DPDP Act, consent is the primary legal basis for processing personal data. We will obtain your consent to process any personal data, and you are free to withdraw consent at any time. We rely on such consent (and on other legitimate purposes allowed by law) to process data for providing and improving our product. For processing the data of minors (under 18 in India, under 16 in the EU), we will obtain verifiable parental consent beforehand, though our Services are generally not directed at children. In summary, we process your data only when necessary for the Service (contract), with your consent, or under legitimate interests of providing and improving our Services, and always in compliance with applicable law

.

Data Sharing and Disclosure

We do not share your personal data with third parties, except in the following limited cases:

Service Providers: We may engage trusted third-party vendors (such as cloud infrastructure or technical support providers) to assist in operating the Service. These providers are contractually bound to use your data only to provide the requested services and to protect it.

Legal Requirements: We may disclose data if required by law (e.g. in response to a subpoena or lawful government request), to comply with legal processes, or to protect the rights, property, or safety of Growzy AI or others.

Aggregated/Anonymized Data: We may use or share aggregated or de-identified data that cannot reasonably identify you, for research or analysis.

We do not sell, rent, or otherwise commercialize your personal information. We do not share your data with advertisers or social media companies. All data shared with any vendor or authority is limited to what is strictly necessary, and we always require appropriate safeguards. As stated above, “we treat the information you have provided in an absolutely confidential manner” and “we do not share your data with third parties for commercial purposes."

Cookies and Tracking

We do not use cookies or similar tracking technologies on our website or in the GPT Action product. We do not use third-party analytics, advertising networks, or any tools that monitor users beyond our platform. No information is collected via cookies when you use our Services.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes of this policy and to meet legal obligations. Typically, we keep your inputs, outputs, and usage logs for a limited period (for example, up to 12 months) to allow for system improvement and debugging. After such time, we delete or anonymize your data. We also delete your data upon request (see Your Rights below), unless we have a compelling lawful reason to keep it (e.g. to comply with law, resolve disputes, or enforce our agreements). We do not keep data “just in case,” and we regularly purge data that is no longer needed, ensuring processing is “limited to authorized needs”

.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or disclosure. This includes using industry-standard security technologies such as encryption (HTTPS/TLS for data in transit), secure data storage, regular security audits, and strict access controls. Only authorized personnel or service providers have access to personal data, and they are trained to handle it securely. As one policy puts it, we are “committed to the protection and confidentiality of your personal data” and ensure that processing is “lawful, fair, transparent and limited to authorized needs”. While no system is completely secure, we strive to protect your information to the best of our ability. If a security incident affecting your personal data occurs, we will notify you and regulators as required by law.

International Data Transfers

Your data may be stored and processed in countries other than your own (for example, in India or the United States) where our servers or service providers are located. We comply with applicable transfer rules: for EU/EEA users, we will use approved transfer mechanisms such as European Commission Standard Contractual Clauses or rely on an adequacy decision. We will always take steps to ensure that your data remains protected no matter where it is processed. By using our Services, you consent to such transfers.

Children’s Privacy

Our Services are not intended for children. We do not knowingly collect personal data from anyone under the applicable age of consent (under 16 in the EU, under 18 in India). If you are a minor, please do not use our Services or submit any information to us. If we learn that we have collected personal information from a child without verified parental consent, we will delete such information from our systems. Under India’s DPDP Act, a “child” is anyone under 18, and processing a child’s data requires parental consent; we will comply with this requirement. If you believe we might have any information from or about a child, please contact us immediately.

Your Rights

Depending on your location, you have certain rights regarding your personal data. We are committed to helping you exercise these rights. In general, these may include:

Rights of EU/EEA/UK Users (GDPR): You have the right to access the personal data we hold about you, to correct or update it, to erase it (also known as the “right to be forgotten”), to restrict or object to its processing, and to request its portability to another service. You also have the right to withdraw your consent at any time (without affecting the lawfulness of prior processing) and to lodge a complaint with a European data protection authority.

California Consumers (CCPA/CPRA): If you are a California resident, you may request to know the categories of personal information we collect, the sources, purposes, and the recipients of your data, and you may request deletion of your personal information (subject to exceptions). You have the right to correct inaccurate personal information. You may opt out of the “sale” or “sharing” of your personal information; please note we do not sell or share personal information for advertising, so this right does not apply to our Services. We will not discriminate against you for exercising your CCPA/CPRA rights, meaning we will not change the price or quality of our Services if you exercise these rights.

.

Indian Residents (DPDP Act): If you are an Indian resident, you have the right to confirm whether we are processing your data and to access it, as well as to correct, update, complete, or erase it. You have the right to withdraw your consent at any time, and to restrict processing of your data for certain purposes. For detailed guidance, see Section 12 of the DPDP Act.

If you wish to exercise any of these rights, please contact us (see below) with details of your request. We will verify your identity and respond in accordance with applicable law (typically within 30 days). In the EU and India, you may also contact your local data protection authority for assistance.

California Privacy Notice

In compliance with California law, this section outlines specific California privacy rights:

No Sale of Personal Data: We do not sell or share personal information about California residents for monetary compensation or for targeted advertising.

Your Rights: California residents have the rights described above under Your Rights (know, delete, correct, limit, etc.). We provide free methods for submitting requests, as outlined below.

Non-Discrimination: We will not discriminate against you for exercising any privacy rights under California law.

To submit a California data access or deletion request, please contact us as specified below. We will not charge a fee for a verified request, and will respond in accordance with the law.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time (for example, as laws change or our practices evolve). When we do, we will revise the “Effective Date” at the top of this policy. Material changes will be notified by posting the new policy on our website, and if required by law, by other means (such as email). We encourage you to review this policy periodically. Your continued use of the Services after any update means you accept the revised policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your rights (access, correction, deletion, etc.), please contact our Data Protection Officer at:

Email: support@growzy.ai

Company: Growzy AI