Grow-Vibe ("we", "us", or "our") provides an AI-powered creative operations platform that helps marketing teams analyze performance, monitor trends, and manage production workflows. This Privacy Policy explains how we collect, use, share, and protect information about customers, Authorized Users, and other individuals who interact with the Service. Capitalized terms not defined here have the meaning given in the Terms of Service.
1. Scope and Roles
This Policy applies to our websites, applications, APIs, and related services (collectively, the "Service"). When we process Customer Data submitted by a Customer or collected from an integration on a Customer's behalf, we act as a processor/service provider and process that data under the Customer's instructions. Customers are responsible for providing necessary privacy notices to, and obtaining any required consents from, individuals whose personal data they input into the Service. For data we collect as a controller (such as account data, billing contacts, and site usage), this Policy explains our practices.
2. Information We Collect
2.1 Account and Profile Information: names, job titles, workspace details, email addresses, phone numbers, profile images, authentication credentials (stored as salted and hashed passwords), multifactor authentication secrets, and billing contacts.
2.2 Workspace and Project Content: marketing creatives, briefs, scripts, performance targets, comments, tags, and metadata uploaded by Customers or their Authorized Users.
2.3 Social and Ad Platform Data: usernames, profile URLs, posts, comments, campaign structures, creatives, spend, performance metrics, and other information retrieved from connected accounts (e.g., Meta, TikTok, Google, YouTube, Instagram) via authorized APIs.
2.4 AI Analysis Inputs and Outputs: video files, thumbnails, transcripts, prompts, and model responses processed through third-party AI providers such as Google Vertex AI.
2.5 Technical and Usage Data: event logs, device identifiers, IP addresses, browser type, operating system, timestamps, session metadata, feature usage, queue/job processing records, API calls, error diagnostics, and security telemetry (e.g., login attempts, rate limiting logs).
2.6 Support and Communications: messages sent to our support team, surveys, feedback, community discussions, and related contact details.
2.7 Payment Information: billing amounts, invoicing history, tax IDs, and payment status. Cardholder data is processed by our payment processors; we do not store full payment card numbers.
3. Sources of Information
We collect information directly from Customers and Authorized Users, automatically through the Service, from third-party platforms connected by the Customer, and from publicly available sources when ingesting social content (subject to platform policies).
4. How We Use Information
We use information to:
(a) provide, operate, secure, and support the Service;
(b) authenticate users, manage permissions, and enforce workspace isolation;
(c) process Customer Data and generate Output such as analyses, reports, and notifications;
(d) monitor trends, usage, and performance to improve features and reliability;
(e) provide customer support, training, and onboarding;
(f) send transactional notices, product updates, and security alerts;
(g) detect, investigate, and prevent fraud, abuse, or security incidents;
(h) comply with legal obligations and respond to lawful requests;
(i) conduct research and development, including training and tuning AI models using aggregated or anonymized data;
(j) enforce our agreements and protect our rights.
5. Legal Bases for Processing
Where required by law (e.g., GDPR/UK GDPR), we process personal data on the following legal bases:
- - Contract necessity (to provide the Service and fulfill our agreements);
- - Legitimate interests (e.g., securing the Service, improving features, communicating with Customers);
- - Compliance with legal obligations;
- - Consent, where we rely on it for optional features or marketing communications. Customers are responsible for obtaining consent for Customer Data they submit.
6. How We Share Information
We share information with:
6.1 Service Providers: infrastructure providers (e.g., Google Cloud Platform for hosting and storage, Redis, PostgreSQL, Qdrant, Neo4j), analytics, email delivery, customer support, error monitoring, billing, and security vendors who process data on our behalf under contractual safeguards.
6.2 Third-Party Integrations: when a Customer connects a third-party account, we share and receive data as necessary to enable that integration, subject to the third party's terms.
6.3 AI and Automation Providers: model hosting partners (e.g., Google Vertex AI) for content analysis and generation. We transmit only the data required to perform the requested task and apply access controls to logs and outputs.
6.4 Professional Advisors and Auditors: attorneys, accountants, and auditors under confidentiality obligations.
6.5 Business Transfers: in connection with a merger, acquisition, sale of assets, or reorganization, subject to continuing protections.
6.6 Legal Compliance: to comply with law, regulation, lawful requests, court orders, or to enforce our agreements or protect rights, property, or safety.
We do not sell personal information in the traditional sense. We do not share Customer Data with advertisers.
7. International Data Transfers
We are based in the United States and store data primarily in U.S. regions (including Google Cloud us-central1). If we transfer personal data internationally, we will implement appropriate safeguards such as Standard Contractual Clauses or rely on other lawful transfer mechanisms.
8. Data Retention
We retain Customer Data for the duration of the subscription and as required to provide the Service. After termination, we follow the timelines in the Terms to delete or de-identify Customer Data unless retention is required by law, dispute resolution, or legitimate business purposes (e.g., security logs). Account-level records, contracts, and billing information may be kept for longer periods to comply with legal and financial obligations.
9. Security
We maintain administrative, technical, and physical safeguards designed to protect information, including role-based access controls, row-level security, encryption in transit, hashed credentials, network segmentation, monitoring, and regular vulnerability assessments. No method of transmission or storage is completely secure; Customers are responsible for protecting their own credentials and access tokens.
10. Your Rights
Depending on your location, you may have rights to access, correct, update, export, or delete personal data; to object to or restrict processing; and to withdraw consent where processing is based on consent. California residents may request notice about categories of personal information collected, request access, and request deletion. To exercise these rights, contact us at hello@vibegrow.app or use in-product controls where available. We may need to verify your identity and coordinate with the Customer that controls the relevant workspace. Authorized agents may submit requests subject to applicable requirements.
11. Choices and Controls
11.1 Communications: You can manage marketing email preferences through unsubscribe links or by contacting us. We may still send transactional or security messages.
11.2 Integrations: Administrators can add or revoke third-party connectors at any time within workspace settings. Revoking access may limit features.
11.3 Cookies and Similar Technologies: We use cookies and local storage for authentication, session management, analytics, and feature functionality. Browsers may allow you to control cookies; disabling them may impair the Service.
12. Children's Privacy
The Service is not directed to or intended for individuals under 16. We do not knowingly collect personal data from children. If we learn that a child has provided personal data, we will delete it promptly.
13. Changes to This Policy
We may update this Policy to reflect changes in our practices or legal requirements. Material changes will be communicated through the Service or via email with reasonable advance notice. Continued use of the Service after the effective date signifies acceptance of the updated Policy.
14. Contact Us
If you have questions, concerns, or requests about this Policy or our data practices, contact us at hello@vibegrow.app. You may also write to us at any mailing address listed on an applicable order or contract.
15. Additional Disclosures for EEA/UK/Swiss Individuals
Grow-Vibe is the controller for account-level data described in Section 2. For Customer Data, the Customer acts as controller and we act as processor. You may lodge a complaint with your local supervisory authority if you believe our processing violates applicable law.
16. Additional Disclosures for California Residents
We collect the categories of information described in Section 2 for the business purposes in Section 4. We disclose these categories to service providers and integration partners as described in Section 6. We do not sell or share personal information as defined by the California Consumer Privacy Act. You may designate an authorized agent to submit requests on your behalf, provided the agent offers proof of authorization.
By using the Service, you acknowledge that you have read and understood this Privacy Policy.