Privacy Policy

1. Introduction

GrowOutly ("we," "our," or "us") is committed to protecting your privacy and ensuring transparency in how we handle your data. This Privacy Policy applies to all users of the GrowOutly platform, which provides cold calling, VoIP telephony, email campaigns, SMS messaging, and meeting scheduling services.

By using GrowOutly, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information

When you register and use GrowOutly, we may collect the following personal information:

• Account Information: Name, email address, phone number, company name, and billing information
• Contact Lists: Prospect names, email addresses, phone numbers, and any additional information you upload to our platform
• Communication Data: Call logs, SMS messages, email content, and meeting notes created within our platform
• Usage Information: Login activity, feature usage, IP addresses, browser type, and device information

2.2 Google User Data

When you choose to connect your Google Calendar to GrowOutly, we access and use the following Google user data:

• Google Calendar Events: We request limited access to view and edit calendar events only (calendar.events scope). This allows us to view your calendar availability and create meeting invitations
• Event Operations: We can create, view, update, and delete calendar events that we create on your behalf when you schedule meetings with prospects
• Email Address: Your Google account email address for authentication and calendar integration purposes (userinfo.email scope)

Important Limitations: We use the minimum Google Calendar permissions (calendar.events scope) necessary for meeting scheduling. We cannot and do not:

• Delete or modify your entire calendar
• Change calendar settings or sharing permissions
• Create or manage secondary calendars
• Access any other Google services beyond Calendar and basic profile information

3. How We Use Your Information

3.1 General Data Usage

We use the information we collect to:

• Provide and maintain the GrowOutly platform and its features
• Process and complete transactions, including billing and payment processing
• Enable VoIP calling, SMS messaging, and email campaign functionality
• Provide customer support and respond to your inquiries
• Improve our services, develop new features, and enhance user experience
• Send administrative information, service updates, and security alerts
• Analyze usage patterns and generate analytics for platform optimization
• Comply with legal obligations and enforce our Terms of Service

3.2 Google Calendar Data Usage

We use your Google Calendar data exclusively for the following purposes:

• Meeting Scheduling: To create calendar events with Google Meet links when you schedule meetings with prospects through our platform
• Meeting Invitations: To send calendar invitations to your prospects via email with meeting details
• Event Management: To update or cancel calendar events that were created through our platform when you modify or reschedule meetings

Scope Permissions: We only request https://www.googleapis.com/auth/calendar.events which provides the minimum permissions needed to create and manage calendar events. We do NOT request the broader calendar scope that would allow us to delete your entire calendar or modify calendar settings.

We do NOT:

• Read, analyze, or process the content of your existing calendar events beyond what's necessary for meeting scheduling
• Delete, modify, or access calendar events that you created outside of GrowOutly
• Share your Google Calendar data with any third parties for marketing or advertising purposes
• Use your calendar data to train AI models or for any automated decision-making
• Access your calendar data when you are not actively using the scheduling feature
• Modify calendar sharing settings, permissions, or create/delete secondary calendars

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We may share your information with trusted third-party service providers who assist us in operating our platform. These providers include:

• Cloud Hosting Services: For secure data storage and platform infrastructure (e.g., Microsoft Azure, AWS)
• VoIP Service Providers: For telephone calling functionality (e.g., Twilio)
• Email Service Providers: For email delivery services (e.g., Azure Email Services, Resend)
• Payment Processors: For billing and payment processing (e.g., Stripe)
• SMS Providers: For SMS messaging functionality
• Analytics Services: For usage analytics and performance monitoring (e.g., Google Analytics)

All third-party service providers are contractually obligated to maintain the confidentiality and security of your information and are prohibited from using your data for any purpose other than providing services to GrowOutly.

4.2 Google Calendar Data Sharing

Your Google Calendar data is NEVER shared with third parties except in the following limited circumstances:

• Meeting Invitations: When you schedule a meeting with a prospect, we send a calendar invitation to the prospect's email address that you provide. This invitation contains only the specific meeting details (date, time, location, description) that you choose to share
• Legal Compliance: If required by law, court order, or governmental regulation

We do NOT sell, rent, trade, or otherwise disclose your Google Calendar data to any third parties for marketing, advertising, or any other commercial purposes.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our platform before your data is transferred and becomes subject to a different privacy policy.

4.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, or government agencies).

5. Data Storage and Security

5.1 Storage Practices

Your data is stored securely using industry-standard practices:

• Cloud Infrastructure: We use enterprise-grade cloud hosting services (Microsoft Azure and AWS) with built-in redundancy and backup systems
• Database Security: All data is stored in encrypted databases with restricted access controls
• Geographic Location: Data is primarily stored in secure data centers located in the United States and may be replicated to other regions for redundancy
• Google Calendar Data: We do not permanently store your Google Calendar data on our servers. Calendar information is accessed in real-time when you use the scheduling feature and is only temporarily cached during active sessions

5.2 Security Measures

We implement comprehensive security measures to protect your information:

• Encryption: All data transmission is encrypted using TLS/SSL protocols. Sensitive data at rest is encrypted using AES-256 encryption
• Access Controls: Strict role-based access controls ensure that only authorized personnel can access your data
• Authentication: Multi-factor authentication (MFA) is available and encouraged for all user accounts
• OAuth 2.0: Google Calendar integration uses OAuth 2.0 for secure, token-based authentication without storing your Google password
• Regular Audits: We conduct regular security audits and vulnerability assessments
• Monitoring: Continuous monitoring for suspicious activity and unauthorized access attempts
• Employee Training: All employees undergo security awareness training and are bound by confidentiality agreements

While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to protect your information.

6. Data Retention and Deletion

6.1 Retention Period

We retain your information for different periods depending on the type of data:

• Account Information: Retained for the duration of your active account and for up to 90 days after account deletion to allow for account recovery
• Contact Lists and Communication Data: Retained while your account is active and for up to 30 days after account deletion
• Call Logs and Analytics: Retained for up to 12 months for reporting and analytics purposes
• Billing Information: Retained for 7 years to comply with financial regulations and tax requirements
• Google Calendar Access: We do not retain your Google Calendar data. Access tokens are revoked immediately when you disconnect your Google Calendar integration

6.2 Data Deletion

You have the right to request deletion of your data at any time:

• Google Calendar Disconnection: You can revoke GrowOutly's access to your Google Calendar at any time through your Google Account settings (myaccount.google.com/permissions) or through the GrowOutly platform settings. Upon revocation, we immediately stop accessing your calendar data and delete any cached calendar information
• Account Deletion: You can request account deletion by contacting our support team. Upon account deletion, we will:
  • Immediately revoke all Google Calendar access
  • Delete your account information and contact lists within 30 days
  • Anonymize or delete call logs and communication data within 30 days
  • Retain only billing records as required by law
• Specific Data Deletion: You can request deletion of specific contact lists, call logs, or other data by contacting support

6.3 Legal Retention

Some data may be retained for longer periods if required by law, for legitimate business purposes, or to resolve disputes. We will inform you if we need to retain specific data beyond the standard retention period.

7. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Data Portability: Request a copy of your data in a machine-readable format
• Objection: Object to certain processing of your personal information
• Restriction: Request restriction of processing in certain circumstances
• Revoke Consent: Withdraw consent for Google Calendar access at any time

To exercise any of these rights, please contact us using the information provided in Section 13 (Contact Information).

8. Google API Services User Data Policy Compliance

GrowOutly's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Requested Google Scopes:

• https://www.googleapis.com/auth/calendar.events - To view and edit calendar events for meeting scheduling
• https://www.googleapis.com/auth/userinfo.email - To identify your connected Google account

Limited Use Compliance:

• We only request the minimum Google Calendar permissions necessary for meeting scheduling functionality
• We use the calendar.events scope (not the broader calendar scope) to ensure we can only access individual events, not calendar settings or entire calendars
• Google user data is used exclusively for creating meeting invitations as explicitly disclosed to users
• We do not transfer Google user data to third parties except as necessary to send meeting invitations to prospects (which is the core purpose of the feature)
• We do not use Google user data for serving advertisements
• We do not allow humans to read Google user data unless expressly permitted by the user for specific purposes (e.g., customer support with explicit permission)
• We do not store Google Calendar data permanently on our servers; access is real-time via OAuth tokens

9. Cookies and Tracking Technologies

9.1 What Are Cookies

Cookies are small text files placed on your computer or mobile device when you visit a website. They help websites work more efficiently and provide information to website owners.

9.2 How We Use Cookies

GrowOutly uses cookies for the following purposes:

• Essential Cookies: Required for the platform to function properly (e.g., authentication, session management)
• Performance Cookies: Help us understand how users interact with our platform by collecting anonymous analytics
• Functional Cookies: Enable enhanced functionality and personalization
• Authentication Tokens: OAuth tokens for Google Calendar integration are stored securely

9.3 Third-Party Cookies

We may use third-party services such as Google Analytics that place cookies on your device to help us analyze platform usage and performance.

9.4 Managing Cookies

Most web browsers allow you to control cookies through settings preferences. However, disabling certain cookies may limit platform functionality.

10. Children's Privacy

GrowOutly is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your country. We ensure that appropriate safeguards are in place to protect your information when it is transferred internationally, including:

• Standard contractual clauses approved by regulatory authorities
• Compliance with data protection frameworks (e.g., EU-U.S. Data Privacy Framework)
• Ensuring third-party service providers implement adequate security measures

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you via email to the address associated with your account
• Display a prominent notice on the GrowOutly platform
• For changes affecting Google Calendar data usage, request your explicit consent before implementing the changes

We encourage you to review this Privacy Policy periodically. Your continued use of GrowOutly after any modifications indicates your acceptance of the updated Privacy Policy.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all privacy-related inquiries within 30 days.