Privacy Policy

1. About Groth Platform

Groth Platform ("Groth," "we," "us," or "our") is a commercial brand intelligence SaaS product built and operated by Tonic Worldwide, Mumbai, India, available at app.grothplatform.ai.

Groth is a multi-tenant platform used by brand managers and marketing teams to analyse brand performance across AI models and organic search channels. Users connect their own Google Analytics 4 and Google Search Console accounts to power these analyses. Each user accesses only their own brand data — no data is shared between accounts.

2. Information We Collect

• Account information: Your name and email address when you register. Passwords are stored as one-way hashes and are never stored in plain text.
• Brand configuration: Brand names, keywords, and settings you configure to run analyses. Used solely to power your account's intelligence features.
• Google Analytics 4 data: Sessions, engagement rate, and source/medium data — accessed read-only via OAuth with your explicit consent.
• Google Search Console data: Clicks, impressions, CTR, position, and query data — accessed read-only via OAuth with your explicit consent.
• Uploaded assets: Ad images or videos you upload for creative analysis. Stored securely and associated with your account.
• Usage logs: IP address, browser type, and access timestamps, used solely for security monitoring and platform stability.

3. How We Use Your Data

All data collected is used solely to provide and operate the Groth Platform features you use. We do not use your data for advertising. We do not sell, rent, or share your data with advertisers or data brokers.

• Google data is fetched in real time when you run an analysis and used exclusively to generate your performance dashboard and intelligence insights within your account.
• AI processing: To generate analysis insights, your data may be processed by third-party AI services. This is done solely to produce your analysis. These providers do not retain your data beyond the duration of a single API call.
• Security: Usage logs are reviewed to detect and prevent unauthorised access.

4. Google API — Limited Use Disclosure

Groth Platform's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• Google data is used only to generate the performance analysis you request within your account. It is never used for advertising, to build user profiles, or shared with third parties beyond the AI processing described in Section 3.
• You can disconnect your Google account at any time from within the Groth dashboard. Upon disconnection, your OAuth tokens are permanently and immediately deleted from our systems.
• You can also review and revoke access at any time from your Google Account permissions page.

5. Data Retention & Deletion

• Account data is retained while your account is active.
• Google OAuth tokens are retained in encrypted form while your Google connection is active and deleted immediately upon disconnection or account deletion.
• Analysis results are stored so you can access historical analyses. They are deleted when you close your account.
• Usage logs are retained for up to 90 days for security purposes, then deleted.
• Account deletion: Email groth@tonicworldwide.com to request deletion of your account and all associated data. We will delete everything within 30 days and confirm by email.

6. Data Security

• Google OAuth tokens are encrypted at rest using AES-256-GCM encryption.
• All data in transit is protected by HTTPS/TLS.
• Every API request is authenticated. Brand data is verified against your user ID on every operation — no user can access another user's data.
• Passwords are hashed with bcrypt. Plain-text passwords are never stored or logged.
• Server access is restricted to authorised Tonic Worldwide engineers only.

7. Third-Party Services

Groth uses the following third-party services to operate. In each case, only the minimum data necessary is shared.

• AI processing providers — for generating analysis insights. Data is not retained by these providers beyond a single API call.
• Search data providers — for keyword and SEO signal data. Only non-personal keyword strings are processed.
• Social media public APIs — publicly available content relevant to your brand keywords only. No private user data from these platforms is accessed.
• Cloud hosting provider — platform infrastructure hosted in Mumbai, India.

8. Your Rights

You have the right to access, correct, export, or delete your personal data at any time. To exercise any of these rights, email groth@tonicworldwide.com. We will respond within 30 days.

9. Cookies

Groth stores only a session authentication token in your browser's local storage. We do not use advertising cookies, tracking pixels, or third-party analytics scripts.

10. Changes to This Policy

We will notify active users by email at least 14 days before any material changes to this policy take effect. The Effective Date at the top of this page will be updated accordingly.

11. Contact Us

For privacy questions or data requests, contact us at groth@tonicworldwide.com. We aim to respond within 5 business days.

Tonic Worldwide  ·  Mumbai, Maharashtra, India  ·  grothplatform.ai