Privacy Policy

GrowMe (A Product of NextNova)

Last Updated: February 2026

1. Scope

This Privacy Policy explains how GrowMe (“we”, “us”, “our”) collects, uses, processes, stores, and protects Personal Data when you access our website or platform, use our CRM, messaging, automation, or AI services, or interact with our support or communications. By using the Services, you confirm that you have read and accepted this Privacy Policy.

2. Definitions

  • Personal Data: Any information relating to an identifiable individual
  • Service Data: Data processed on behalf of users (e.g., customer messages, contacts)
  • Platform Data: Data collected directly by GrowMe (e.g., account, billing, analytics)

3. Roles & Responsibilities

GrowMe operates in dual roles: as a Data Controller for Platform Data and as a Data Processor for Service Data. Users act as Data Controllers for all Service Data.

GrowMe does not own Service Data and processes it only per user instructions. Users are responsible for legal data collection, customer consent, and compliance with applicable laws.

4. Data Ownership

All Service Data remains the sole property of the user. GrowMe does not sell, rent, or claim ownership of user or customer data.

5. Data We Collect

  • Account Data: Name, email, phone, company details, login credentials
  • Usage Data: IP address, device info, logs, session activity
  • Service Data: Messages, contacts, files, customer interactions
  • Payment Data: Billing details (processed by secure third-party providers)
  • Marketing Data: Preferences, engagement metrics
  • Cookies & Tracking: Session cookies, analytics tools

6. Data Accuracy

Users must ensure that all Personal Data provided is accurate and up to date.

7. Legal Basis

We process data based on:

  • Contractual necessity
  • Legitimate interests
  • Consent
  • Compliance with laws (Kuwait CITRA, UAE PDPL, Saudi PDPL)

8. How We Use Data

  • Provide CRM, messaging, and automation services
  • Enable AI workflows
  • Improve platform performance
  • Process payments
  • Ensure security and fraud prevention
  • Communicate updates and marketing

9. AI & Automated Processing

GrowMe may use AI and automation. Outputs are for assistance only and do not constitute professional advice. Users remain responsible for decisions. No automated decisions with legal impact are made without human oversight.

10. AI Training Transparency

Customer data is not used for global AI training unless explicitly approved.

11. User Responsibility for Customer Consent

Users must obtain lawful consent before messaging customers, running campaigns, or processing personal data. GrowMe is not liable for misuse.

12. WhatsApp & Third-Party Platform Compliance

GrowMe integrates with third-party platforms such as WhatsApp (Meta). Processing may be subject to third-party policies, and Meta may independently process data. GrowMe is not responsible for platform bans or restrictions, policy changes, or service interruptions.

13. Messaging Data Handling

GrowMe may store message metadata (timestamps, delivery status). Content retention depends on user settings and third-party policies.

14. Sharing & Disclosure

We may share data with:

  • Sub-processors (AWS, OpenAI, Stripe, etc.)
  • Integration partners
  • Authorities when legally required
  • Buyers in case of business transfer

We do NOT sell Personal Data.

15. Sub-Processors

All sub-processors are contractually bound. List available upon request.

16. International Transfers

Data may be processed in the GCC and EU. Transfers are protected by Standard Contractual Clauses and security safeguards.

17. Data Retention

  • Account data: duration + 3 years
  • Service Data: configurable (0–36 months)
  • Financial data: 7 years

18. Account Termination & Deletion

Upon termination, data is deleted or returned within 30–60 days. Legal retention exceptions apply.

19. Data Security

We implement TLS encryption, AES-256 storage, access controls, and security monitoring. We notify affected users of any breach without undue delay. No system is 100% secure.

20. Service Availability

We do not guarantee uninterrupted service.

21. Data Backup & Loss

Users are responsible for backups.

22. User Rights

Users may request access, correction, deletion, restriction, or portability of their data. Contact us at privacy@growme-crm.com. Response within 30 days.

23. Cookies & Tracking

We use essential and analytics cookies. “Do Not Track” may not be supported.

24. Marketing Communications

Sent only with consent.

25. Children's Privacy

Not intended for users under 18.

26. Device Permissions

Mobile features may require access to:

  • Contacts
  • Media
  • Camera

27. Platform Misuse & Abuse

We may restrict or suspend accounts for spam, fraud, or policy violations.

28. Public Data

Users are responsible for any data shared publicly.

29. Third-Party Links

We are not responsible for external platforms.

30. Interaction Monitoring

We may record support interactions for quality and security.

31. Aggregated Data Use

We may use anonymized data for analytics and improvement.

32. Legal Disclosure

We may disclose data to comply with law, prevent fraud, or protect rights.

33. Business Transfers

Data may be transferred under confidentiality in mergers.

34. Limitation of Liability

To the extent permitted by law, GrowMe is not liable for indirect damages, data loss, or third-party issues.

35. Changes to Policy

Updates notified 15 days in advance.

36. Governing Law

State of Kuwait

37. Contact

privacy@growme-crm.com