Website Privacy Policy
GrowthCode LLC — Version 2.3 — Effective April 1, 2026
Who this notice is for: This Privacy Notice applies to individuals: website visitors, business contacts, job applicants, and consumers seeking to exercise data rights. If you are a publisher, SSP, DSP, identity partner, or other business counterparty, see the GrowthCode Platform Privacy Policy.
1. Who We Are
GrowthCode LLC is a New York-incorporated data infrastructure company. We help publishers create, manage, and optimize first-party data signals, and we help buyers build and maintain their own identity solutions. We operate as an independent data controller. We are not a processor or service provider for the personal data described in this notice.
GrowthCode meets the definition of a “data broker” under California Civil Code § 1798.99.80 (the California Delete Act) and the California Consumer Privacy Act (CCPA) as amended by CPRA. GrowthCode is in the process of completing registration with the California Privacy Protection Agency (CPPA). Until registration is complete, consumers may submit deletion and opt-out requests directly to GrowthCode using the process in Section 7.
2. Scope of This Notice
This notice applies to individuals worldwide. The rights available to you depend on your location. EU and UK residents have rights under GDPR. US residents have rights under CCPA, state privacy laws, and the California Delete Act as applicable. This notice covers three categories of individuals and their data:
| Who you are | What this notice covers |
|---|---|
| Website visitor | Data collected when you visit growthcode.io |
| Business contact | Professional contact data collected through sales, marketing, and events |
| Consumer (data subject) | Personal data processed through GrowthCode's identity infrastructure, including your rights as a data subject and data broker opt-out rights |
| Job applicant | Application data collected through our careers process |
3. Data We Collect and Why
3.1 Website Data
When you visit growthcode.io, we collect:
- IP address, browser type, operating system, referring URL, and pages viewed
- Cookie identifiers and session data
- Form submissions, including demo requests and newsletter sign-ups
We use this data to operate and improve the website, respond to inquiries, and measure traffic. We do not use website analytics data to build advertising profiles or to enrich our identity graph.
Analytics and tracking on growthcode.io:
- Google Analytics:traffic measurement and site performance. Data is processed under Google's terms. You can opt out at tools.google.com/dlpage/gaoptout.
- HubSpot: CRM and marketing automation. Data collected through forms is stored in HubSpot and used for sales follow-up and marketing communications.
3.2 Business Contact Data
When you interact with GrowthCode as a business contact — by filling out a contact form, downloading a resource, attending an event, or speaking with our sales team — we collect your name, employer, job title, email address, and phone number. We use this data to respond to your inquiry, conduct sales outreach, and send marketing communications you can opt out of at any time.
We do not sell business contact data. We share it with HubSpot (our CRM provider) and with other vendors listed in Section 6. We retain business contact data for three years from the date of last interaction, unless you request deletion earlier.
3.3 Consumer Identity Data (Data Broker Processing)
GrowthCode operates as an independent data controller of pseudonymous identity data. This includes:
- GrowthCode Identity IDs (GCIDs) — pseudonymous identifiers generated from hashed email addresses and device signals
- Universal ID partner signals received from publishers and ID partners (including UID2, RampID, Yahoo ConnectID, and others listed in the GrowthCode Platform Privacy Policy)
- Hashed email addresses (HEMs) received from publishers or derived from publisher first-party data
- Behavioral and contextual signals associated with pseudonymous identifiers
We use this data to provide identity resolution and signal enrichment services to our publisher and demand-side clients. We do not use this data to build consumer credit files, insurance profiles, or employment screening reports. We do not process health data, government identification numbers, or financial account numbers.
3.4 Job Applicant Data
If you apply for a position at GrowthCode, we collect the information you provide in your application, including your resume, contact information, and employment history. We use this data only to evaluate your application and to communicate with you about the hiring process. We do not share applicant data with third parties other than our applicant tracking system provider. We retain applicant data for two years from the date of application.
4. Legal Basis for Processing
For US residents, we process personal data as described in this notice, with rights as specified in Section 7. For individuals in the EU, UK, or other jurisdictions with formal legal basis requirements, our basis for each processing activity is:
| Processing activity | Legal basis |
|---|---|
| Website analytics | Legitimate interests (site operation and improvement); consent for non-essential cookies |
| Business contact data | Legitimate interests (sales and marketing); contract performance for existing clients |
| Consumer identity data (pseudonymous) | Consent under TCF v2.2 where required; legitimate interests for frequency capping and fraud prevention where permitted |
| Job applicant data | Pre-contractual steps at your request |
5. Cookies and Tracking on growthcode.io
We use the following categories of cookies on growthcode.io:
| Category | Purpose | Examples |
|---|---|---|
| Essential | Required for the site to function. Cannot be disabled. | Session management, security tokens |
| Analytics | Count visits and measure site performance. | Google Analytics |
| Functional / CRM | Enable CRM integration and personalized follow-up. | HubSpot |
You can manage cookie preferences using our consent tool. You can also opt out of Google Analytics at tools.google.com/dlpage/gaoptout. We honor the Global Privacy Control (GPC) signal. When we detect a GPC signal from your browser, we treat it as an opt-out of analytics and functional cookies on growthcode.io.
We do not use advertising or retargeting cookies on growthcode.io.
6. How We Share Data
6.1 Service Providers
We share personal data with service providers who process it on our behalf under contractual restrictions. Current providers include:
- Google LLC — analytics (Google Analytics)
- HubSpot, Inc. — CRM and marketing automation
- DigitalOcean, LLC — cloud infrastructure (US East Coast, primary)
- Atlassian Pty. Ltd. — project management and collaboration tools
- Google LLC — productivity suite (Google Workspace)
6.2 Consumer Identity Data Sharing
GrowthCode shares pseudonymous consumer identity data (GCIDs and associated signals) with publisher clients, demand-side partners, and Universal ID partner networks as part of our identity resolution services. This sharing constitutes a “sale” or “sharing” of personal data under CCPA and similar state laws. You have the right to opt out. See Section 7 for how to exercise that right.
We do not share consumer identity data with data brokers for purposes unrelated to advertising and identity resolution. We do not share consumer identity data with government agencies except as required by law.
6.3 Business Transfers
If GrowthCode is involved in a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction. We will notify affected individuals as required by applicable law.
6.4 Legal Compliance
We may disclose personal data when required by law, court order, or regulatory demand, or when we believe disclosure is necessary to protect the rights, property, or safety of GrowthCode or others.
7. Your Rights
7.1 Rights Available to All US Residents
Regardless of your state of residence, you may:
- Opt out of the sale or sharing of your personal data
- Use the Global Privacy Control signal to exercise your opt-out automatically
To opt out of the sale or sharing of your personal data, email privacy@growthcode.io with the subject line “Do Not Sell or Share My Personal Information.” These rights apply to all US residents, regardless of state.
7.2 Rights Available to Residents of States with Comprehensive Privacy Laws
Residents of California, Colorado, Connecticut, Virginia, Texas, Oregon, Montana, and other states with comprehensive privacy laws have additional rights, which may include:
- Right to know what personal data we hold about you
- Right to access a copy of your personal data
- Right to correct inaccurate personal data
- Right to delete your personal data
- Right to data portability
- Right to appeal our decision on a rights request
7.3 California-Specific Rights
California residents have rights under CCPA as amended by CPRA, including the right to opt out of the sale or sharing of personal data, the right to limit use of sensitive personal information, and the right to non-discrimination for exercising your rights.
GrowthCode meets the California data broker definition under Civil Code § 1798.99.80 and is completing registration with the CPPA. During the registration period, you may submit deletion and opt-out requests directly to GrowthCode using the process in Section 7.4.
7.4 How to Submit a Rights Request
| Channel | Details |
|---|---|
| privacy@growthcode.io | |
| Web portal | Portal coming soon; email requests accepted in the interim |
| Authorized agent | Requests submitted by an authorized agent must include written authorization signed by you. Email the signed authorization with the request. |
We respond to verified requests within 45 days. If we need more time (up to 90 days total), we will notify you within the initial 45-day window. We will not discriminate against you for exercising any right under this notice.
7.5 Global Privacy Control (GPC)
GrowthCode honors the Global Privacy Control signal. When we detect a GPC signal from your browser on growthcode.io, we treat it as a valid opt-out of the sale or sharing of your personal data and disable non-essential analytics and functional cookies for that session.
8. Sensitive Data
GrowthCode does not intentionally process the following categories of sensitive personal data:
- Health or medical data
- Financial account numbers or credit data
- Government-issued identification numbers (SSN, driver's license, passport)
- Precise geolocation data
- Biometric data
- Immigration status
- Data about children under 13
9. Data Retention
| Data type | Retention period |
|---|---|
| Website analytics (Google Analytics) | Up to 26 months (per Google Analytics default retention) |
| Business contact data (HubSpot) | 3 years from last interaction, or until deletion request |
| Consumer identity data (GCIDs, HEMs, signals) | 90 days from last active use |
| Job applicant data | 2 years from application date |
| Rights request records | 5 years (compliance obligation) |
10. Cross-Border Data Transfers
GrowthCode is headquartered in the United States. Our primary infrastructure is hosted in the US East Coast region (DigitalOcean). If you are located outside the United States, your personal data may be transferred to and processed in the United States.
For personal data received from the EU, UK, or other opt-in jurisdictions, GrowthCode relies on Standard Contractual Clauses (Module One, controller-to-controller) as the transfer mechanism. We do not rely on the EU-US Data Privacy Framework.
11. Security
GrowthCode maintains technical and organizational measures designed to protect personal data against unauthorized access, loss, or disclosure. These measures include encryption in transit and at rest, role-based access controls, security monitoring, and incident response procedures. Security documentation is available under NDA upon request for qualified counterparties.
12. Children
GrowthCode's services are not directed at children under 13. We do not knowingly collect personal data from children under 13. If we learn that we have received personal data from a child under 13, we will delete it promptly. Contact privacy@growthcode.ioif you believe we have received a child's data.
13. Updates to This Notice
We update this notice when our data practices change or when legal requirements change. The effective date at the top of this document reflects the most recent revision. Material changes will be communicated by posting an updated notice and, where required, by direct notification.
14. Contact
Privacy Officer: privacy@growthcode.io
Phone: +16074142633
Mailing address: GrowthCode LLC, 47 East 88th Street, New York, New York 10128
GrowthCode LLC | Privacy Notice | Version 2.3 | Effective April 1, 2026