Privacy Policy
Company & Contact
Company Legal Name: Strategrow LLC
Doing Business As: Brand Strategy Playbook (“BSP”, “we”, “us”)
Registered Address: 1814 Fenwood Dr., Knoxville, TN 37918 United States
Contact Email: [email protected]
Effective Date: 9/20/2025
Last Updated: 9/20/2025
1) Scope
This Privacy Policy explains how BSP collects, uses, shares, and safeguards personal information when you use the Service or interact with us.
2) Roles
For account/profile data and platform activity, BSP is a data controller (GDPR/UK GDPR).
For customerprovided content you input to generate Deliverables (which may contain personal data of your end users or clients), BSP acts as a data processor on your behalf. We may use Deliverables you generate (with personal identifiers removed) for our own promotional purposes, including showcasing examples on our website or marketing materials. Company names may be displayed. We are not obligated to retain or delete Deliverables except as set forth in the Terms and Data Retention section. A Data Processing Agreement (DPA) is available upon request.
3) Information We Collect
3.1 You Provide
Identifiers & Profile: name, email address, role/title, company/brand name, and business profile fields entered into forms.
Content & Inputs: answers to prompts/questionnaires, uploaded assets (e.g., logos), and other materials used to generate Deliverables.
3.2 Collected Automatically
Usage & Device Data: IP address, device type, operating system, browser, pages/features used, time stamps, and performance logs.
Cookies & Similar Technologies: firstparty cookies for authentication and session integrity; local storage; and (if enabled) analytics cookies/pixels.
We do not knowingly collect sensitive data (e.g., health, biometric, precise geolocation) via the Service.
4) Purposes & Legal Bases (GDPR/UK GDPR)
Provide the Service & Support: create/manage accounts; generate Deliverables; respond to requests. Legal basis: performance of a contract.
Improve & Secure the Service: troubleshooting, analytics, usage diagnostics, preventing abuse. Legal basis: legitimate interests (to improve and protect our Service).
Communications: servicerelated notices; product updates. Legal basis: performance of a contract/legitimate interests. For marketing emails, we rely on consent where required.
Compliance & Enforcement: comply with legal obligations; enforce Terms. Legal basis: legal obligation/legitimate interests.
5) Cookies & Analytics
We use strictly necessary cookies for authentication and core functionality.
🚩 We may use analytics (e.g., privacy-centric analytics or GA4) to understand feature usage and improve the Service. Our Service is not directed to users in the EU or UK, and we do not target those regions. Accordingly, EU/UK cookie consent requirements are not applicable. If our targeting or operations expand to those regions, we will update this Policy and implement the appropriate consent mechanisms.
🚩 At this time, our business does not fall within the thresholds of the CCPA/CPRA and is therefore not required to honor Global Privacy Control (GPC) signals. Should our obligations change in the future, we will update this Policy accordingly.
🚩 We may “share” personal information as that term is defined under the CCPA/CPRA (for example, in connection with cross-context behavioral advertising). At this time, our business does not meet the thresholds for CCPA/CPRA applicability. If our obligations change, we will update this Policy and provide the appropriate opt-out mechanisms.
6) Disclosures & Recipients
We share personal information with:
Service Providers / Subprocessors (acting on our behalf): hosting and infrastructure, automation, document generation, email, analytics, and payments. We may rely on thirdparty service providers (subprocessors) for hosting, infrastructure, document generation, payments, analytics, and related services. A current list of subprocessors is available upon request.
Affiliates: entities under common control, for purposes consistent with this Policy.
Legal/Compliance: to comply with law, respond to lawful requests, or protect rights, safety, or property.
Business Transfers: in connection with a merger, financing, or acquisition.
🚩We do not sell personal information, and we do not share it for crosscontext behavioral advertising as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA). If this changes, we will update this Policy and provide required optout mechanisms.
7) International Data Transfers
If you are in the EU/UK, your data may be transferred to countries with different data protection laws (e.g., the United States). We use appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) and the UK Addendum, as applicable.
8) Data Retention
We retain:
Account & Billing Records: for the life of the account and up to 24 months after closure (or longer as required by law).
Usage Logs: up to 12 months for security, troubleshooting, and analytics.
Generated Deliverables: stored in our connected Google account. You should download Deliverables to your own device promptly after generation to ensure you retain access. If retained on our systems for regeneration convenience, we keep them for up to 12 months after the License Term unless you request removal of personal identifiers. We may anonymize data for longerterm purposes, including analytics, product development, marketing, or other business uses
9) Security
We implement reasonable technical and organizational safeguards appropriate to the risk (e.g., encryption in transit, access controls, rolebased permissions). No system is 100% secure; you are responsible for maintaining the confidentiality of your credentials.
10) Your Rights
EU/UK (GDPR)
You may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to processing based on legitimate interests. Where processing is based on consent, you may withdraw consent at any time.
California (CCPA/CPRA)
California residents may request: (i) access/know; (ii) deletion; (iii) correction; and (iv) information about disclosures. We do not sell or share personal information. We do not use sensitive personal information for inferring characteristics. We do not permit the use of authorized agents to submit requests; requests must be made directly by the individual.
How to Submit a Request: Fill out the Privacy Request Form. We will respond within the time frames required by law.
11) Children
The Service is intended for business users ages 18+ and is not directed to children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us data, contact us to request deletion.
12) ThirdParty Links & Services
The Service may link to thirdparty services. Their privacy practices govern those services.
13) Changes to this Policy
We may update this Policy from time to time. Material changes will be posted via the Service (for example, a notice on our website or within your account). We do not commit to providing individual email updates unless required by law. Your continued use after changes take effect indicates acceptance.