Privacy Policy
Owner: Brillmark, LLC, a California limited liability company
Introduction
At Brillmark, LLC ("GrowthAI," "we," "our," or "us"), we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services, including our website, applications, APIs, and AI-powered conversion optimization tools.
This policy complies with applicable privacy laws, including:
- California Consumer Privacy Act (CCPA)
- California Privacy Rights Act (CPRA)
- California Online Privacy Protection Act (CalOPPA)
- General Data Protection Regulation (GDPR)
- UK General Data Protection Regulation (UK GDPR)
Contact Information
Email: privacy@growth.ai
Address: Brillmark, LLC - Privacy Office, 192 Benmore Dr., Hayward, CA 94542
1. Definitions
- Account Holder: The individual or entity legally responsible for a GrowthAI account.
- User: Any person accessing or using our Services.
- Personal Data/Personal Information: Information that directly or indirectly identifies, relates to, describes, or could reasonably be linked with a particular individual or household.
- Services: GrowthAI websites, web applications, mobile applications, APIs, software-as-a-service (SaaS) products, and related services.
- Third Parties: External service providers, vendors, partners, or other entities not owned or controlled by Brillmark, LLC.
- Processing: Any operation performed on personal data, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, or destruction.
2. Information We Collect
2.1 Information You Provide Directly
Account Information:
- Full name, email address, username, and password
- Company name, job title, and business information
- Billing address and payment method details
- Phone number (if provided)
Content and Communications:
- Support requests, feedback, and correspondence
- User-generated content, settings, and preferences
- Survey responses and testimonials
- Files, images, and data uploaded to our Services
2.2 Information We Collect Automatically
Technical Information:
- IP address, device identifiers, browser type and version
- Operating system, screen resolution, and time zone
- Referring website URLs and pages visited
- Date and time of access and session duration
- Click-through rates, conversion data, and usage patterns
Location Information:
- General geographic location based on IP address
- Precise location (only if explicitly permitted)
2.3 Cookies and Similar Technologies
We use cookies, web beacons, pixel tags, and similar tracking technologies to:
- Maintain user sessions and remember preferences
- Analyze website performance and user behavior
- Deliver personalized content and advertisements
- Prevent fraud and enhance security
For detailed information about our cookie practices, please see our Cookie Policy.
2.4 Information from Third-Party Sources
Integration Data:
- Data from connected platforms (Shopify, WooCommerce, Google Analytics, etc.)
- Social media profile information (when you connect social accounts)
- Marketing and advertising platform data
Business Information:
- Publicly available business records and directories
- Professional networking platforms
- Industry databases and market research sources
2.5 Information Collected via Shopify Integration
When you connect your Shopify store to our Services, we access and process data through Shopify APIs including order history, fulfillment status, products, variants, customer information, legal and policy pages, content pages, menus, and shipping methods.
Purpose: This data is accessed solely to enable our AI chatbot to answer customer questions accurately about orders, products, shipping, and store policies.
Data Minimization: We access only the minimum data necessary to provide chatbot functionality. We do not store customer payment information.
3. How We Use Your Information
We process your personal information for the following purposes:
- 3.1 Service Delivery and Account Management: Providing, maintaining, and improving our AI-powered Services; creating and managing user accounts; processing payments and subscriptions; authenticating users and maintaining security.
- 3.2 Communication and Support: Responding to inquiries, sending service notifications, and delivering marketing communications where consent applies.
- 3.3 Analytics and Improvement: Analyzing usage patterns, conducting A/B testing, and developing new features.
- 3.4 Legal and Compliance: Complying with laws, preventing fraud, enforcing policies, and defending legal rights.
- 3.5 Marketing and Advertising: Delivering targeted campaigns, measuring performance, and supporting referral programs.
4. Legal Basis for Processing (GDPR/UK GDPR)
- Contractual Necessity: To perform our contract with you and deliver Services
- Consent: For marketing communications, non-essential cookies, and optional features
- Legitimate Interests: For security, fraud prevention, product improvement, and business operations
- Legal Obligation: To comply with applicable laws, regulations, and legal processes
- Vital Interests: To protect life, health, or safety in emergency situations
5. Data Sharing and Disclosure
We may share your personal information with service providers, in business transfer scenarios, and where legally required.
- 5.1 Service Providers: Cloud providers, payment processors, communication providers, analytics partners, and support systems.
- 5.2 Business Transfers: In connection with mergers, acquisitions, asset sales, or similar transactions.
- 5.3 Legal Requirements: Government agencies, courts, and lawful requests such as subpoenas and court orders.
- 5.4 Protection and Safety: Preventing fraud and protecting rights, property, and safety.
We do not sell personal information to third parties for monetary consideration.
6. International Data Transfers
If you are located in the EEA, UK, or other jurisdictions with data localization requirements, your personal information may be transferred to and processed in countries outside your jurisdiction, including the United States.
We implement safeguards including Standard Contractual Clauses, adequacy decisions, Binding Corporate Rules (where applicable), and other recognized transfer mechanisms.
7. Data Retention
We retain personal information only as long as necessary for Services, compliance, dispute resolution, and operational requirements.
7.1 Typical Retention Periods:
- Account data: Duration of account plus 7 years
- Marketing data: Until consent is withdrawn plus 3 years
- Support communications: 5 years from last contact
- Technical logs: 2 years from creation
- Financial records: 7 years (as required by law)
7.2 Shopify Compliance Webhooks
We subscribe to Shopify mandatory compliance webhooks for customer data access requests, customer data deletion requests, and shop data deletion requests upon app uninstallation. We respond within legally required timeframes.
8. Your Privacy Rights
8.1 California Residents (CCPA/CPRA)
- Right to Know
- Right to Delete
- Right to Opt-Out
- Right to Correct
- Right to Limit
- Right to Non-Discrimination
8.2 EEA/UK Residents (GDPR/UK GDPR)
- Right of Access
- Right to Rectification
- Right to Erasure
- Right to Restrict Processing
- Right to Data Portability
- Right to Object
- Right to Withdraw Consent
- Right to Lodge a Complaint
8.3 Exercising Your Rights
- Email: privacy@growth.ai
- Online form: Link to privacy request form
- Mail: Brillmark, LLC - Privacy Office, 192 Benmore Dr., Hayward, CA 94542
We respond to verified requests within legally required timeframes, typically 30-45 days.
9. Data Security
We implement comprehensive security measures to protect personal information.
9.1 Technical Safeguards
- Encryption in transit and at rest (AES-256)
- Secure Socket Layer (SSL) certificates
- Multi-factor authentication (MFA)
- Regular security assessments and penetration testing
9.2 Administrative Safeguards
- Privacy training for employees and contractors
- Access controls and principle of least privilege
- Data breach response procedures
- Vendor security assessments
9.3 Physical Safeguards
- Secure data centers with restricted access
- Environmental controls and monitoring
- Backup and disaster recovery procedures
No security system is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
10. Children's Privacy
Our Services are not intended for children under 13 years of age (16 in the EEA/UK). We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it promptly.
Parents or guardians who believe we have collected their child information should contact us immediately.
11. Third-Party Links and Services
Our Services may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.
12. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, Services, or legal requirements. Material changes will be communicated through email notification, prominent website notice, or in-app notifications.
Your continued use of our Services after changes take effect constitutes acceptance of the revised policy.
13. Contact Information
For questions, concerns, or requests regarding this Privacy Policy or our privacy practices:
Brillmark, LLC - Privacy Office
- Email: privacy@growth.ai
- Phone: 510-941-4106
- Address: 192 Benmore Dr., Hayward, CA 94542
- Website: https://growth.ai/privacy