growth/v0.1

Privacy · last updated 2026-04-27

What we do with your data

Plain language. No dark patterns.

What we collect

  • Account — email, hashed password (bcrypt cost 12), name. Used for sign-in and sending verification / digest emails.
  • Project events — what you send via the SDK. Event name, distinct_id (your user id, opaque to us), timestamp, source, properties (you control what goes here). Stored in ClickHouse.
  • OpenRouter API key — only if you provide one. AES-256-GCM encrypted at rest with a per-deployment master key derived from AUTH_SECRET. Never logged.
  • Webhook secrets — Stripe / GitHub signing secrets, same AES-256-GCM encryption.

What we NEVER collect

  • Email addresses, phone numbers, or payment details inside event properties. The SDK strongly discourages this; the /init skill enforces it.
  • Cookies for ad-tech, fingerprinting, or third-party analytics.
  • Your code. Claude Code runs locally; we don’t see your repository.

Where data lives

  • EU + US regions (your choice on signup; defaults to your IP region).
  • Self-hosted? Nothing leaves your infra. The hosted version is convenience; the open-source code is the same.

Retention

  • Events: 13 months by default, configurable per project.
  • Strategic sessions (growth engineer): 12 months.
  • Email verification tokens: 24 hours.
  • Sessions cookies: 30 days idle, refreshed on activity.

LLM usage

When you ask the growth engineer something, we send the conversation + your project snapshot to OpenRouter (which routes to Anthropic / OpenAI / Meta / Google depending on model). We never send raw user PII — only aggregate metrics and the events you chose to log. If you provide your own OpenRouter key, the request stays under your billing.

Subprocessors

  • OpenRouter (LLM routing) — only if you use the AI features
  • Stripe (billing) — only if you upgrade beyond free tier
  • An email provider (Postmark / SES) — verification + digest emails
  • AWS / GCP / DO — depending on region you choose at signup

Your rights

Email privacy@growth-loop.dev to: export everything we have, delete your account, or opt-out of any subprocessor. We respond within 7 days.

Changes

When this page changes, we email account holders 14 days in advance unless the change is purely editorial.