Privacy Policy

1) Who we are (Controller)

The Growth Motion

Legal entity: The Growth Motion
Address: Outshoornlaan 4, 1222 LL Hilversum, Netherlands
Email: hello@thegrowthmotion.com
KvK: 98656333
VAT: 568712687B01

If you have questions, contact us at hello@thegrowthmotion.com.

Client work (Processor role): When we provide services to a business client and process personal data on their behalf (e.g., customer lists, analytics exports, user research data, platform access logs), we may act as a data processor, while the client acts as the controller. In those cases, our processing is governed by the applicable agreement with the client and, where required, a Data Processing Agreement (DPA).

2) What data we collect

Depending on how you interact with us, we may collect:

A) Data you provide

• Contact details: name, email, phone, company, role
• Inquiry details: message content, project information, goals, budgets
• Purchases: billing name, billing address, purchase details, invoice data
• Account info (if applicable): login/email/password (hashed)
• Client/project content: scripts, brand assets, footage, channel details, thumbnails, production files, briefs, feedback
• YouTube/social access data (if you choose to provide it): channel URLs, handle(s), analytics exports, permissions, or access tokens (see Section 6)
• Product and user research data (if provided): interview notes, survey results, personas, customer feedback, feature requests
• Business systems exports (if provided): CRM/export files, analytics exports, user lists (minimized where possible)

B) Data collected automatically

• Usage data: pages viewed, clicks, referring pages, time spent
• Device & technical data: IP address, browser type, device identifiers, OS, approximate location
• Cookie data: cookie identifiers and consent preferences

C) Data from third parties

• Payment processors: confirmation of payment, last 4 digits, transaction IDs—not full card details
• Analytics/advertising platforms: aggregated performance data
• Social platforms: e.g., YouTube embed interactions, if enabled

3) Why we use your data (purposes)

We process personal data to:

• Respond to inquiries and communicate with you
• Provide consulting/production services (strategy, creative direction, production)
• Deliver digital products (downloads, templates, courses, memberships—if any)
• Process payments and prevent fraud
• Improve our website and offerings (analytics, troubleshooting)
• Market our services (with consent where required)
• Comply with legal obligations (tax, accounting)
• Protect our rights (contracts, claims, security)

4) Legal bases (GDPR)

We rely on one or more of the following legal bases:

• Contract: to deliver services and digital products you purchase or request
• Legitimate interests: improving services, securing the website, business operations (balanced with your rights)
• Consent: cookies/marketing emails where required
• Legal obligation: tax and accounting compliance

5) Cookies and tracking

We use cookies and similar technologies. Depending on your settings, we may use:

• Strictly necessary cookies: site functionality, security
• Preferences cookies: language/region settings
• Analytics cookies: site measurement and improvements
• Marketing cookies: ads and retargeting, if used

You can manage cookie preferences at any time via our cookie banner/settings (where available) and through your browser settings. Where required by law, we only place non-essential cookies (analytics/marketing) after you provide consent.

6) YouTube / social media data (important)

If you hire us for YouTube strategy/production, you may provide:

• Channel URLs, handles, video lists, or exports (e.g., CSVs)
• Analytics screenshots/exports
• Optional access permissions (e.g., adding us as manager/editor in YouTube Studio)

We recommend granting access via role-based permissions (Manager/Editor) instead of sharing passwords. If temporary credentials are shared, you agree to do so securely and revoke/rotate them after the project.

We use this data only to perform the services you requested and to communicate recommendations, deliverables, and reporting.

7) Sharing your data (processors & third parties)

We share personal data only when necessary. To ensure transparency, we list the primary third-party tools (processors) we use to operate our business and deliver services:

Payments & Operations

• Paddle: Our Merchant of Record for processing payments and handling tax compliance.
• Google Workspace (Gmail, Drive, Sheets): Used for email communication, file storage, and project management.
• N8N: Used for workflow automation.

Analytics

• Google Analytics: To measure website traffic and performance.
• Fathom Analytics: A privacy-focused analytics alternative.

AI & Creative Tools

We may use the following AI tools to assist in strategy, drafting, and creative production. We do not use client data to train public models unless explicitly agreed.

We minimize the personal data shared with AI tools and, where possible, use anonymized or summarized inputs. We do not intentionally submit highly sensitive personal data (e.g., health, government IDs, payment card data) to AI tools. If a client requires stricter controls, we can agree additional measures in writing.

• ChatGPT (OpenAI) & Claude (Anthropic): For copywriting, strategy brainstorming, and script assistance.
• Gemini (Google): For data analysis and content drafting.
• Nano Banana (Google): For advanced image generation and processing.
• Higgsfield: For video/creative generation.
• Adobe Creative Suite: For visual design, video editing, and creative production.
• ElevenLabs: For AI voice generation.

Professional service providers (only when needed for your project)

We may share limited project data with vetted contractors and professional providers (e.g., software developers, security advisors, designers) only to deliver the services you request. Where required, we put appropriate contractual safeguards in place (confidentiality and data protection terms).

We require processors to protect data and use it only for the contracted purpose.

8) International transfers

Some vendors (e.g., Google, OpenAI, Anthropic) may process data outside the European Economic Area (EEA), specifically in the United States. Where that happens, we rely on appropriate safeguards such as the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs).

The specific safeguard depends on the vendor and service used (e.g., adequacy decision/framework participation where applicable, and/or Standard Contractual Clauses).

9) Data retention

We keep personal data only as long as necessary to fulfill the purposes for which it was collected:

• Inquiries (non-clients): Retained for 3 years after the last contact, to maintain context for future opportunities.
• Client Project Data: Retained for 3 years after project completion for support, portfolio, and legal liability purposes.
• Invoices/accounting: Retained for 7 years as strictly required by Dutch tax law.

10) Security

We use reasonable technical and organizational measures such as:

• Access controls and least-privilege permissions
• Secure storage and encrypted connections where possible
• Vendor due diligence and processor agreements
• Staff confidentiality where applicable

No method of transmission/storage is 100% secure, but we work to protect your data.

In the event of a data incident affecting personal data, we will take reasonable steps to investigate and, where legally required, notify affected parties and/or relevant authorities.

11) Your rights (EEA/UK)

You may have the right to:

• Access your data
• Correct inaccurate data
• Delete data (in some cases)
• Restrict processing
• Object to processing (including marketing)
• Data portability (where applicable)
• Withdraw consent (where we rely on consent)

To exercise rights, email hello@thegrowthmotion.com.

If we process data on behalf of a client: If your personal data was provided to us by one of our business clients (e.g., as part of their product or operations), please contact that client directly to exercise your rights. We will support the client in responding to requests as required by applicable law.

12) Complaints

If you’re in the Netherlands, you can lodge a complaint with the Dutch Data Protection Authority: Autoriteit Persoonsgegevens.

13) Children

Our site and services are not intended for children under 16. We do not knowingly collect data from children.

14) Changes to this policy

We may update this Privacy Policy from time to time. We’ll post the updated version and revise the “Last updated” date.

15) Contact

For privacy questions: hello@thegrowthmotion.com