Privacy Policy

Effective Date: August 14th, 2023

Welcome to Growee, an innovative Enterprise Resource Planning (ERP) application that provides comprehensive leave, employee, document, and evaluation management solutions. At Growee, we value your privacy and are committed to protecting your personal information. This Privacy Policy outlines how we collect, use, disclose, and protect the data you provide while using our services.

1. Information We Collect

1.1 Personal Information

When you sign up for Growee and use our services, we may collect certain personal information from you, such as your name, email address, contact details, and other necessary information required for managing employee records, leave requests, document handling, and evaluations. Note that additional information we might collect such as employee salary information is totally optional in Growee at this point. We do encrypt end to end sensitive information such as passwords, salary information and bank details.

1.2 Payment Information

For users who choose to subscribe to our premium services, we may collect payment information, including credit card details and billing address. Please note that we do not store payment card information on our servers. Instead, this information is processed and securely stored by our trusted third-party payment processor, Stripe.

1.3 Usage and Analytics Data

To improve our services and user experience, we utilize Google Analytics and Hotjar to collect information about how you interact with our website and application. This may include data on page visits, session duration, device information, and more. This information is aggregated and anonymized to protect your privacy.

1.4 Error Monitoring

To ensure the stability and reliability of our services, we employ the services of Flareapp.io for error monitoring. This helps us identify and rectify any technical issues you may encounter while using Growee.

1.5 Document Signing

When using our document management features, we may integrate with SignRequest to facilitate secure and efficient document signing. Personal information collected during this process is subject to SignRequest's own privacy policy.

1.6 Social Login

For your convenience, we offer the option to log in to Growee using your Google credentials. When you choose this method, we will collect the necessary information from the Google Auth API to authenticate your account.

2. How We Use Your Information

We use the information collected for the following purposes:

• Providing and improving our services
• Processing payments and subscriptions
• Analyzing website and application usage for enhancement
• Monitoring errors and technical issues
• Facilitating document signing
• Enabling social login

3. Data Sharing with Third Parties

We may share your personal information with the following trusted third-party service providers:

• Stripe: For payment processing and subscription management.
• Google Analytics: For website and application analytics.
• Hotjar: For monitoring and improving user experience.
• Flareapp.io: For error monitoring and issue resolution.
• SignRequest: For document signing purposes.
• Amazon Web Services: For deployments and document storage.
• Google Auth (opt in): For handling social login.
• Google Calendar (opt in): For syncing events such as holidays. “(App’s) use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
• Slack (opt in): For notifications such as holiday requests, evaluation notifications.

These third parties are contractually obligated to use your information only as necessary to provide their respective services and are required to maintain the confidentiality and security of your data.

4. Data Security

At Growee, we take data security very seriously and have implemented robust measures to safeguard your personal information from unauthorized access, disclosure, or alteration. We are committed to maintaining the confidentiality and integrity of the data you entrust to us. Here are some key aspects of our data security practices:

1. Encryption: All data transmitted between your devices and our servers is encrypted using industry-standard encryption protocols, such as TLS (Transport Layer Security). This ensures that any information exchanged during communication remains confidential and cannot be intercepted by malicious entities.
2. Access Controls: Access to your personal information is limited to authorized personnel with a legitimate need to access it for the provision of our services. We maintain strict access controls, including unique login credentials and role-based permissions, to prevent unauthorized access to sensitive data.
3. Secure Infrastructure: Our servers and infrastructure are hosted on reputable cloud service providers like Amazon Web Services (AWS), which adhere to industry-leading security standards and compliance frameworks. AWS employs advanced security measures, such as firewalls, intrusion detection systems, and regular security audits to protect data stored on their platform.
4. Regular Security Audits: We conduct regular security assessments and audits of our systems to identify and address potential vulnerabilities. This helps us stay vigilant and ensures that our security practices are up-to-date with evolving threats.
5. Data Minimization: We only collect and retain the personal information necessary to provide our services to you. We follow the principle of data minimization, which means we do not store or process more data than is required for the intended purpose.
6. Data Anonymization: When possible, we anonymize or pseudonymize your data to further protect your privacy. Aggregated and anonymized data is used for statistical analysis and reporting, ensuring that no individual can be identified.
7. Employee Training: Our team members undergo regular training and awareness programs on data security and privacy best practices. We emphasize the importance of handling data responsibly and maintaining the highest level of confidentiality.
8. Incident Response: In the unlikely event of a data breach or security incident, we have established incident response procedures to promptly identify, contain, and mitigate the impact. If required by applicable laws, we will notify you and the relevant authorities about the incident and take appropriate actions to rectify the situation.
9. Third-Party Vetting: Before engaging with third-party service providers, such as Stripe and SignRequest, we conduct thorough vetting and due diligence to ensure they maintain high-security standards and comply with relevant data protection regulations.

Despite our best efforts, it is essential to recognize that no method of data transmission or storage is entirely foolproof. Therefore, we continually monitor and enhance our security measures to stay ahead of emerging threats and maintain the trust you place in us.

If you have any security-related concerns or suspect any unauthorized activity on your account, please contact us immediately at support@growee.net. We value your partnership in keeping your data secure and appreciate your support in maintaining a safe environment for all our users.

5. Your Choices

You have the right to review, update, and delete your personal information from Growee's database. If you wish to exercise any of these rights or have concerns about your data privacy, please contact us at support@growee.net.

6. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal and regulatory reasons. Any revisions will be posted on this page, and the effective date will be updated accordingly.

7. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, please contact us at support@growee.net

By using Growee's services, you acknowledge that you have read and understood this Privacy Policy and agree to our collection, use, and disclosure of your information as described herein.