Privacy Policy

Last updated: December 13, 2025

1. Introduction

Welcome to GoGrowth. We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

GoGrowth is operated by Rosbech Media Consult ApS (CVR: 39337975), a company registered in Denmark. We comply with the General Data Protection Regulation (GDPR), the Danish Data Protection Act (Databeskyttelsesloven), and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Rosbech Media Consult ApS

CVR: 39337975

Email: joceprod@gmail.com

If you have any questions about this Privacy Policy or our data practices, please contact us at the email address above.

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Account Information

  • Full name - To personalize your experience
  • Email address - For account authentication and communication
  • Password - Securely hashed and stored for account access

3.2 Payment Information

When you make a purchase, payment processing is handled by Stripe. We do not store your full credit card details. We receive limited transaction information from Stripe, including:

  • Transaction ID and status
  • Amount paid and currency
  • Last four digits of payment card (for reference)

For more information about how Stripe processes your data, please see Stripe's Privacy Policy.

3.3 Usage Data (Analytics)

With your consent, we collect analytics data using PostHog to understand how visitors use our website. This may include:

  • Pages visited and interactions
  • Device type and browser information
  • Approximate location (country/region level)
  • Referral source
  • Session duration

Analytics data is only collected if you consent via our cookie banner. You can withdraw consent at any time by clicking "Cookie Preferences" in our website footer.

3.4 Technical Data

We automatically collect certain technical data necessary for the operation of our service:

  • IP address (for security and fraud prevention)
  • Browser type and version
  • Device information

4. Legal Basis for Processing

Under GDPR, we must have a legal basis for processing your personal data. We rely on the following legal bases:

4.1 Contract Performance (Article 6(1)(b) GDPR)

We process your account and payment data to:

  • Create and manage your account
  • Process your purchases and deliver tokens/services
  • Provide customer support

4.2 Legitimate Interests (Article 6(1)(f) GDPR)

We process certain data based on our legitimate business interests:

  • Fraud prevention and security monitoring
  • Improving our services and user experience
  • Administrative purposes and record-keeping

4.3 Consent (Article 6(1)(a) GDPR)

We only process certain data with your explicit consent:

  • Analytics cookies (PostHog)
  • Marketing communications (if you opt-in)

You can withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4.4 Legal Obligations (Article 6(1)(c) GDPR)

We may process your data to comply with legal obligations such as:

  • Tax and accounting requirements
  • Responding to lawful requests from authorities

5. How We Use Your Data

We use your personal data for the following purposes:

  • Account Management: Creating and managing your GoGrowth account
  • Service Delivery: Processing purchases, managing tokens, providing access to premium content
  • Communication: Sending transactional emails, responding to inquiries
  • Analytics: Understanding how our service is used to make improvements (with consent)
  • Security: Protecting against fraud, abuse, and unauthorized access

6. Third-Party Service Providers

We use trusted third-party service providers to help operate our business. These providers process personal data on our behalf under Data Processing Agreements (DPAs):

ProviderPurposeLocation
SupabaseDatabase hosting, authenticationUSA (with SCCs)
StripePayment processingUSA/Ireland
PostHogAnalytics (with consent)USA (with SCCs)
NetlifyWebsite hostingUSA (with SCCs)

SCCs = Standard Contractual Clauses, which provide appropriate safeguards for international data transfers as required by GDPR.

7. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), primarily in the United States. When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): EU-approved contractual terms that require the recipient to protect your data
  • EU-US Data Privacy Framework: Where applicable, certified under the framework

8. Data Retention

We retain your personal data only for as long as necessary:

  • Account data: For as long as your account is active, plus up to 5 years after deletion for legal/accounting purposes
  • Transaction records: 5 years (Danish bookkeeping law requirement)
  • Analytics data: Anonymized or deleted within 24 months
  • Communication records: Up to 3 years for support and quality purposes

9. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Request limited processing of your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at joceprod@gmail.com. We will respond to your request within one month.

10. Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet):

Datatilsynet

Carl Jacobsens Vej 35

2500 Valby, Denmark

Website: www.datatilsynet.dk

11. Cookies

We use cookies and similar technologies on our website. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

12. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure password hashing
  • Access controls and authentication
  • Regular security reviews

While we strive to protect your personal data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

13. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Rosbech Media Consult ApS

CVR: 39337975

Email: joceprod@gmail.com