Legal

Privacy Policy

Last updatedApril 28, 2026 ControllerGrowthOS, Lda. NIF519 178 220

1. Data Controller

This Privacy Policy applies to the processing of personal data carried out by GrowthOS, Lda. (hereinafter "GrowthOS"), with registered office at Rua Dom Jerónimo Osório, No. 23, 2nd Floor Right, 1400-120 Lisbon, Portugal, Tax ID (NIF) 519 178 220, accessible through the website growthos.biz and the GrowthOS technology platform (hereinafter "Platform").

Data protection contact: start@growthos.biz

2. Scope

This policy applies to:

  • Visitors to the growthos.biz website
  • Users of the GrowthOS Platform (clients and their team members)
  • Contacts and leads whose data is processed through the Platform on behalf of clients
  • Participants in diagnostics, contact forms, and meetings

3. Personal Data Collected

3.1 Data provided directly

  • Name, email address, company, and message (contact and meeting booking forms)
  • Platform registration and authentication data (name, email, encrypted password)
  • Company and professional role data (in the context of THINK, BUILD, and RUN services)
  • Commercial information shared during diagnostic and consulting sessions

3.2 Data collected automatically

  • Browsing data: IP address, device type and browser, pages visited, visit duration
  • Cookies and similar technologies (see Section 10)
  • Platform usage data: actions performed, cadences executed, emails sent

3.3 Third-party data processed on behalf of clients

In the context of commercial prospecting services (RUN) and Platform operation, GrowthOS processes professional contact data (leads) on behalf of its clients. This data may include:

  • Name, job title, company, professional email, professional phone number, LinkedIn profile
  • Enrichment data obtained from public sources and third-party tools
  • Commercial interaction history (email opens, replies, meetings)

In this context, GrowthOS acts as a Data Processor under the GDPR, with the client being the Data Controller. Processing is governed by a specific Data Processing Agreement (DPA) entered into with each client.

4. Purposes and Legal Basis for Processing

Purpose Data used Legal basis
Responding to contact requests and meeting bookings Name, email, company, message Consent / Pre-contractual measures
Delivery of THINK, BUILD, and RUN services Registration data, company data, commercial data Performance of contract
Platform operation and CRM features Usage data, cadences, metrics Performance of contract
Commercial prospecting on behalf of clients (SDR/BDR) Professional lead data Legitimate interest of client / Consent
AI-powered content generation Commercial context data (ICP, personas, messaging) Performance of contract
Sending GrowthOS marketing communications Name, email Consent
Service improvement and performance analysis Browsing and usage data Legitimate interest
Compliance with legal and tax obligations Billing and identification data Legal obligation

5. Use of Artificial Intelligence

GrowthOS uses artificial intelligence models (provided by Anthropic, specifically the Claude model) for:

  • Commercial content generation (prospecting emails, outreach messages)
  • Contact data analysis and enrichment
  • Interpretation of consulting notes and population of strategic frameworks
  • Assistance in building ICPs, personas, and value propositions

Data processed by AI models is transmitted via secure API and is not used to train the models. GrowthOS does not send sensitive personal data (health, ethnic origin, sexual orientation) for AI processing.

In compliance with the European AI Act, GrowthOS is committed to maintaining transparency about the use of AI and ensuring that automated decisions are always supervised by human operators.

6. Sharing Data with Third Parties

GrowthOS may share personal data with the following categories of entities, exclusively for the purposes described:

  • Technology infrastructure providers: Supabase (database and authentication), Lovable (Platform hosting)
  • AI providers: Anthropic (natural language processing via Claude API)
  • Email marketing and outreach providers: Instantly (email campaign delivery)
  • Analytics providers: web analytics tools (where applicable)
  • Public authorities: when required by law or court order

GrowthOS does not sell or transfer personal data to third parties for third-party direct marketing purposes.

International data transfers (particularly to US-based providers) are carried out on the basis of the European Commission's Standard Contractual Clauses or the EU-US Data Privacy Framework, as applicable.

7. Data Retention

Personal data is retained only for as long as necessary:

  • Contact form data: 12 months after the last contact, unless a contractual relationship exists
  • Client and Platform usage data: for the duration of the contract and 5 years after its termination (tax obligations)
  • Lead data processed on behalf of clients: according to client instructions, with deletion within 30 days after the end of the contract
  • Browsing data and cookies: in accordance with the cookie policy (Section 10)

8. Data Subject Rights

Under the GDPR, users have the following rights:

  • Right of access: obtain confirmation that their data is being processed and access it
  • Right to rectification: correct inaccurate or incomplete data
  • Right to erasure: request deletion of data, subject to legal retention obligations
  • Right to restriction of processing
  • Right to object to processing based on legitimate interest
  • Right to data portability
  • Right to withdraw consent at any time
  • Right to lodge a complaint with the CNPD (Portuguese Data Protection Authority)

Requests should be sent to start@growthos.biz and will be responded to within a maximum of 30 days.

9. Data Security

GrowthOS implements appropriate technical and organizational measures, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication with Row Level Security (RLS) policies on the database
  • Role-based access control (RBAC) on the Platform
  • Edge Function protection with token validation
  • Periodic security audits

10. Cookies

The growthos.biz website uses cookies for:

  • Strictly necessary cookies: website functionality and forms
  • Analytical cookies: traffic and browsing behavior analysis (anonymized where possible)
  • Preference cookies: remembering user settings

Users may configure their browser to refuse cookies or be notified of their use. Refusing non-essential cookies may limit some website features.

11. Changes to this Privacy Policy

GrowthOS reserves the right to amend this policy at any time. Significant changes will be communicated through the website or by email to registered users. The last update date is indicated at the top of this document.

12. Contact

For any questions regarding this Privacy Policy or the exercise of your rights:

GrowthOS, Lda.
AddressRua Dom Jerónimo Osório, No. 23, 2nd Floor Right, 1400-120 Lisbon, Portugal Tax IDNIF 519 178 220 Emailstart@growthos.biz Websitegrowthos.biz