Home → Privacy Policy

Privacy Policy

How we collect, use, store, and protect your data.

Effective Date: 23 March 2026  ·  Last Updated: 23 March 2026

Product Growth AI ("we," "us," "our") operates the website productgrowth.in and associated products and services (collectively, the "Platform"). This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our Platform, including any features that integrate with Google APIs or process payments through Razorpay.

By accessing or using the Platform, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our Platform.

Table of Contents

  1. Information We Collect
  2. Google User Data
  3. How We Use Your Information
  4. Data Sharing & Third Parties
  5. Payment Data & Razorpay
  6. Data Storage & Security
  7. Data Retention & Deletion
  8. Cookies & Tracking Technologies
  9. Your Rights
  10. Children's Privacy
  11. International Users
  12. Changes to This Policy
  13. Contact Us

1. Information We Collect

1.1 Information You Provide Directly

When you interact with our Platform — for example by booking a meeting, purchasing a service, filling out a form, or contacting us — we may collect:

  • Full name and email address
  • Phone number (if provided)
  • Company name, job title, and industry
  • Messages, feedback, and communication content you send us
  • Billing information (processed securely via Razorpay — see Section 5)

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information:

  • IP address, browser type, operating system, and device information
  • Pages visited, time spent, referral source, and click patterns
  • Cookies and similar tracking identifiers (see Section 8)

1.3 Information from Third-Party Services

If you choose to authenticate or connect a third-party account (such as Google), we receive certain data from that service as described in Section 2 below.

2. Google User Data

This section specifically addresses how our application accesses, uses, stores, and shares data obtained through Google APIs, in compliance with the Google API Services User Data Policy and Google APIs Terms of Service.

2.1 Data Accessed

When you sign in or connect your Google account to our Platform, we may request access to the following types of Google user data depending on the features you use:

  • Basic profile information: Your name, email address, and profile picture (via Google Sign-In / OpenID Connect scopes).
  • Email (Gmail API): If you use features that involve sending or reading emails (such as the Inbox advisory product), we may request access to read, compose, or send emails on your behalf. We only request the minimum scopes necessary for the feature you are using.
  • Calendar (Google Calendar API): If you use scheduling features, we may access your calendar to create, view, or manage events related to advisory sessions or meetings.

We only request scopes that are necessary for the specific features you choose to use. You will see the exact scopes listed on the Google OAuth consent screen before granting access.

2.2 How We Use Google User Data

Google user data is used solely to provide and improve the user-facing features of our Platform that you have chosen to use. Specifically:

  • Authentication: To verify your identity and sign you in to the Platform.
  • Email-based advisory: To read incoming advisory queries and send AI-generated responses via the Inbox product, only when you opt in to this feature.
  • Meeting scheduling: To create or manage calendar events for booked advisory sessions.
  • Personalization: To display your name and profile picture within the Platform for a personalized experience.
We do NOT use Google user data for:
  • Advertising, ad targeting, or ad profiling
  • Selling or sharing data with data brokers
  • Training machine learning or AI models (except for the specific advisory features you opt in to, and only using your own data in your own session)
  • Any purpose unrelated to providing or improving user-facing features of our Platform

2.3 How We Store Google User Data

  • OAuth tokens (access and refresh tokens) are stored in encrypted form in our secure database (Supabase) with row-level security enabled.
  • Email and calendar content is processed in real-time and is not permanently stored on our servers unless explicitly required for the feature. Any stored content is encrypted at rest.
  • Basic profile data (name, email) is stored in your user account record for authentication and display purposes.
  • All data transmission occurs over HTTPS/TLS encryption.

2.4 Sharing of Google User Data

We do not sell, rent, lease, or trade your Google user data to any third party. Google user data is shared only in the following limited circumstances:

  • AI Processing: When you use advisory features, your query content may be sent to AI service providers (such as Anthropic's Claude API or OpenAI) solely to generate a response for you. These providers process data according to their own privacy policies and do not retain your data for training purposes under our agreements.
  • Infrastructure Providers: Our hosting and database providers (Netlify, Supabase) may process data as part of providing their services to us. They act as data processors under our instructions and do not use your data for independent purposes.
  • Legal Requirements: We may disclose data if required by law, regulation, legal process, or governmental request.

2.5 Revoking Access

You can revoke our access to your Google account data at any time by:

Upon revocation, we will delete or anonymize all Google user data associated with your account within 30 days, except where retention is required by law.

3. How We Use Your Information

  • To provide, operate, and maintain the Platform and its features
  • To process transactions and send related information (invoices, receipts)
  • To respond to your inquiries, support requests, and advisory queries
  • To send you updates, newsletters, or marketing communications (only with your consent; you can opt out at any time)
  • To personalize your experience and deliver content relevant to your interests
  • To analyse usage patterns, monitor performance, and improve the Platform
  • To detect, prevent, and address fraud, abuse, or technical issues
  • To comply with legal obligations and enforce our Terms of Service

4. Data Sharing & Third Parties

We do not sell your personal data. We may share information with third parties only in the following circumstances:

Third PartyPurposeData Shared
RazorpayPayment processingName, email, payment instrument details
SupabaseDatabase & authenticationAccount data, encrypted tokens
NetlifyWebsite hostingServer logs, IP addresses
Anthropic (Claude API)AI response generationQuery content (not retained)
ElevenLabsVoice/audio generationText content for audio conversion
SimliAI video avatarSession interaction data
Google APIsAuth, email, calendarOAuth tokens, profile data
Google AnalyticsWebsite analyticsAnonymized usage data

All third-party providers are contractually bound to use your data solely for the purposes specified and in accordance with applicable data protection laws.

5. Payment Data & Razorpay

We use Razorpay as our payment gateway. When you make a payment:

  • Payment instrument details (credit/debit card numbers, UPI IDs, net banking credentials) are collected and processed directly by Razorpay. We do not store your full card number or financial credentials on our servers.
  • We receive from Razorpay: transaction ID, payment status, amount paid, payment method type, and a masked reference (e.g., last 4 digits of card).
  • Razorpay is a PCI-DSS compliant payment aggregator authorized by the Reserve Bank of India (RBI).
  • All payment data is transmitted over secure, encrypted connections (TLS 1.2+).

For more information, see Razorpay's Privacy Policy and Razorpay's Terms of Service.

5.1 Invoicing & Financial Records

We generate and store invoices for completed transactions as required under the Goods and Services Tax (GST) Act and applicable Indian tax laws. Invoices may include your name, email, billing address, GST number (if provided), service description, amount, and tax details. These records are retained for the period required by law (minimum 8 years under the Income Tax Act).

6. Data Storage & Security

  • Encryption in transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS.
  • Encryption at rest: Sensitive data (including OAuth tokens and user credentials) is encrypted at rest in our database.
  • Access controls: Access to user data is restricted to authorized personnel on a need-to-know basis with role-based access controls and audit logs.
  • Infrastructure security: Our database is hosted on Supabase (built on AWS infrastructure) with row-level security (RLS) policies. Our website is hosted on Netlify with automated SSL certificates.
  • Regular reviews: We periodically review our security practices and update them to address new threats.

While we strive to use commercially acceptable means to protect your data, no method of transmission or storage is 100% secure. We commit to promptly notifying affected users in the event of a data breach as required by applicable law.

7. Data Retention & Deletion

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Data TypeRetention Period
Account & profile dataUntil you request deletion or close your account
Google OAuth tokensUntil you revoke access or delete your account
Google user data (email/calendar)Real-time processing; logs up to 90 days then deleted
Transaction & invoice records8 years (Indian tax law requirement)
Website analytics & logs12 months, then anonymized or deleted
Communication records3 years from last interaction

7.1 Requesting Data Deletion

You may request deletion of your personal data at any time by emailing hello@productgrowth.in with the subject line "Data Deletion Request." We will:

  • Acknowledge your request within 48 hours
  • Delete or anonymize your data within 30 days
  • Notify you once deletion is complete
  • Retain only what is required by law (e.g., tax records), and inform you of exceptions

You may also revoke Google data access at Google Account Permissions.

8. Cookies & Tracking Technologies

  • Essential cookies: Required for the Platform to function (session management, authentication). Cannot be disabled.
  • Analytics cookies: Help us understand how visitors interact with the Platform. Used to improve performance and content.
  • Preference cookies: Remember your settings and choices.

We do not use advertising or retargeting cookies. You can manage cookie preferences through your browser settings.

9. Your Rights

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Correction: Request correction of inaccurate or incomplete data.
  • Right to Deletion: Request deletion of your personal data (subject to legal retention requirements).
  • Right to Data Portability: Request your data in a structured, machine-readable format.
  • Right to Withdraw Consent: Withdraw consent for data processing at any time.
  • Right to Grievance Redressal: File a complaint with us or with the relevant data protection authority.

9.1 For Indian Users (DPDPA 2023)

If you are a resident of India, your rights under the Digital Personal Data Protection Act, 2023 (DPDPA) include the right to access, correction, erasure, and grievance redressal. You may exercise these rights by contacting our Grievance Officer (see Section 13).

9.2 For Users in the European Economic Area (EEA)

If you are located in the EEA, your data is processed under the lawful bases of consent, contract performance, and legitimate interest as applicable under the GDPR. You have additional rights including the right to restrict processing and to lodge a complaint with your local data protection authority.

10. Children's Privacy

Our Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will delete it promptly. Contact us at hello@productgrowth.in if you believe a child has provided us with personal data.

11. International Users

Our Platform is operated from India. If you access the Platform from outside India, your data may be transferred to and processed in India. By using the Platform, you consent to such transfer. We ensure that all data transfers are conducted with appropriate safeguards in compliance with applicable data protection laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify you via email or a prominent notice on the Platform if the changes significantly affect how we handle your data
  • Seek your renewed consent if required for any new use of Google user data

Your continued use of the Platform after changes take effect constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

We will respond to all privacy-related inquiries within 48 hours and resolve them within 30 days.

Google API Services Disclosure: Product Growth AI's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.