Legal
Privacy Policy
Effective date: May 16, 2026
GrowDeck ("we", "our", or "us") is an autonomous SEO platform operated by PandaStack. This Privacy Policy explains what information we collect when you use growdeck.ai, how we use it, and what rights you have over it. Please read it carefully.
1. Information we collect
Account information
When you create an account we collect your name, email address, and a hashed password. If you sign up via Google OAuth we receive your name, email, and profile photo from Google.
Website data you provide
To run our SEO pipeline you provide us with a website URL. We crawl that URL and its sub-pages, storing page content, metadata, and structural information in order to generate keyword opportunities and landing pages on your behalf.
Third-party integration tokens
When you connect Google Search Console, GitHub, Vercel, or Slack, we store the OAuth access and refresh tokens necessary to access those services on your behalf. Tokens are encrypted at rest and never shared with other users.
Usage and log data
We collect standard server logs including IP addresses, browser type, pages visited, and timestamps. This data is used for security, debugging, and service improvement and is retained for 30 days.
Payment data
Billing is handled by Stripe. We store your Stripe customer ID and subscription status but never store raw card numbers or sensitive payment details on our servers.
2. How we use your information
- To provide, operate, and improve the GrowDeck service โ including crawling your site, generating SEO content, and deploying pages at your instruction.
- To communicate with you about your account, new features, and service updates. You may opt out of marketing emails at any time.
- To process payments and manage your subscription via Stripe.
- To detect, investigate, and prevent fraudulent transactions and abuse.
- To comply with applicable laws and respond to lawful requests from public authorities.
We do not sell your personal data. We do not use your website content or SEO data to train AI models beyond what is required to generate output for your own account.
3. Google user data
When you connect Google Search Console or Google Analytics, GrowDeck requests read-only access to your search performance data (webmasters.readonly and analytics.readonly scopes).
- We only access data for sites you have explicitly connected.
- Google data is used solely to surface SEO insights within your GrowDeck dashboard.
- We do not share Google user data with any third party.
- You can revoke access at any time from your GrowDeck integrations settings or directly at myaccount.google.com/permissions.
- Our use and transfer of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.
4. Data sharing and sub-processors
We share data only with the following sub-processors, each bound by their own privacy policies and data processing agreements:
| Sub-processor | Purpose |
|---|---|
| Supabase | Authentication and database hosting |
| OpenAI | AI content generation (keyword analysis, page writing) |
| Stripe | Payment processing |
| Search Console & Analytics API access (with your consent) | |
| Vercel / GitHub | Page deployment (when you configure a deploy target) |
| Cloudflare | CDN, DDoS protection, DNS |
5. Data retention
We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for fraud-prevention purposes. Crawled page content and generated SEO pages tied to your site are deleted when you remove the site from your account.
6. Cookies and tracking
We use strictly necessary cookies to maintain your authenticated session. We do not use advertising cookies or third-party tracking pixels. You can disable cookies in your browser settings, but doing so will prevent you from logging in.
7. Security
We apply industry-standard security measures: data encrypted in transit (TLS 1.2+) and at rest (AES-256), OAuth tokens stored encrypted, access controls limiting which employees can reach production data, and regular dependency audits. No system is perfectly secure โ if you discover a vulnerability please contact us at [email protected].
8. Your rights
Depending on your jurisdiction you may have the right to access, correct, export, or delete the personal data we hold about you. To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
9. Children
GrowDeck is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes we will notify you by email or by displaying a prominent notice in the dashboard. Continued use of GrowDeck after the effective date constitutes acceptance of the updated policy.
11. Contact
Questions about this policy? Contact us at [email protected].