§ 01
Overview
Growth Rhino ("we", "us", "our") provides B2B go-to-market engine design, build, and operations services through our websites and engagements. This policy explains what information we collect, how we use it, and the choices you have.
We aim for legible, honest data practices. Where we say "minimum needed", we mean it — we don't sell data, and we don't enrich visitors with third-party identity graphs.
§ 02
Data we collect
We collect three categories of data:
- Account & engagement data — name, work email, company, role, and information you submit through forms, audits, or active engagements.
- Usage data — anonymized page views, referrers, device class, and country. See the Cookie policy for details.
- Operational data — emails, call notes, and shared documents created in the course of a client engagement.
§ 03
How we use it
We use the data above to deliver our services, respond to inquiries, operate our website, and meet legal obligations. We do not use website behavioural data for advertising profiles or sell it to data brokers.
For active engagements, we use shared client data strictly to design, build, and run the agreed system. Access is limited to the engagement pod and our infrastructure providers.
§ 04
Legal basis (GDPR)
For EU and UK residents, we process data under one of: (a) performance of a contract, (b) our legitimate interests in operating and improving our services, or (c) your consent (for marketing cookies and email subscriptions). You may withdraw consent at any time without affecting prior processing.
§ 06
Retention
We retain account and engagement data for the duration of our relationship plus a reasonable period required for legal, accounting, and dispute-resolution purposes (typically up to 7 years). Anonymous analytics data is retained on a rolling 14-month window.
§ 07
Your rights
You can request access, correction, deletion, restriction, or portability of your personal data, and you can object to certain processing. We respond within 30 days.
To exercise any of these rights, contact us via the address below. EU residents have the right to lodge a complaint with their local supervisory authority.
§ 08
International transfers
Some of our subprocessors are located outside the EU/UK. Where this is the case, we rely on Standard Contractual Clauses (SCCs) and equivalent safeguards to ensure your data continues to be protected at the level required by applicable law.
§ 09
Security
We use SSO, hardware-key MFA, encrypted storage, least-privilege access, and audited backups. No engine is perfect — if you believe you've found a vulnerability, please report it to security@growthrhino.com.
§ 10
Changes to this policy
We may update this policy as our practices evolve. Material changes will be noted at the top of the page and, where appropriate, communicated by email.