Privacy Policy

1. Introduction

Welcome to ReddGrow (“we,” “our,” or “us”). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome extension and related services (collectively, the “Service”).

By using ReddGrow, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide to Us

• Account Information: When you create an account, we collect your email address, username, and password.
• Reddit Account — No Server-Side Storage: ReddGrow does not collect, store, or transmit your Reddit username, password, OAuth tokens, session cookies, or any other Reddit authentication credentials to its servers. The ReddGrow Chrome extension operates entirely within your own browser and uses your existing authenticated Reddit session — the same session you use when visiting Reddit directly. Reddit credentials never leave your device.
• Draft Content: We store the posts and comments you create within ReddGrow for scheduling and posting purposes.
• Payment Information: When you subscribe to a paid plan, our payment processor (Stripe) collects your payment card information. We do not store complete payment card numbers on our servers.

2.2 Information Automatically Collected

• Usage Data: We collect information about how you interact with our Service, including features used, clicks, and time spent.
• Device Information: We collect information about your device, including browser type, operating system, and Chrome version.
• Log Data: Our servers automatically record information created by your use of the Service, including IP address, access times, and pages viewed.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to track activity on our Service and store certain information.

2.3 Reddit-Related Data

ReddGrow performs Reddit operations through your locally installed Chrome extension, which acts on your existing authenticated Reddit session running in your browser. Reddit credentials never reach ReddGrow servers.

Stays on your device (not transmitted to ReddGrow):

• Your Reddit username, password, OAuth tokens, and session cookies
• Private messages, inbox content, and account settings
• Your complete Reddit browsing history

Transmitted to ReddGrow servers only when you initiate the action:

• Subreddit names and post URLs you target for discovery or monitoring
• Aggregate post performance metrics (e.g., upvote count, comment count) used to populate your analytics dashboard
• Brand mention text and associated post metadata when you enable brand monitoring features
• Draft content you create, save, or schedule within ReddGrow

3. How We Use Your Information

We use the collected information for various purposes:

• Service Delivery: To provide, maintain, and improve our Service, including AI-assisted comment drafting and Reddit engagement tools.
• Account Management: To manage your account, process subscriptions, and provide customer support.
• Personalization: To personalize your experience and provide content recommendations.
• Communication: To send you service updates, security alerts, and promotional materials (with your consent).
• Analytics: To analyze usage patterns and improve our Service’s performance and features.
• Security: To detect, prevent, and address technical issues, fraud, and violations of our Terms of Use.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers (Subprocessors): We share information with third-party service providers who perform services on our behalf, such as payment processing, data analysis, email delivery, and hosting services. Our current key service providers include: Stripe (payments), Supabase (database/auth), PostHog (analytics), Resend (email), and Google Cloud (infrastructure). A full subprocessor list is available at /legal/subprocessors and we notify users of material additions at least 30 days in advance, providing an opportunity to object.
• Reddit Platform: When you post content through ReddGrow, that content is shared with Reddit according to your posting instructions and is subject to Reddit’s own privacy policy.
• Legal Requirements: We may disclose your information if required by law, court order, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
• With Your Consent: We may share your information with third parties when you give us explicit consent to do so.

5. Data Retention

We retain your personal information for as long as necessary to provide you with our Service and for legitimate business purposes, such as complying with legal obligations, resolving disputes, and enforcing our agreements.

• Account Data: Retained while your account is active and for 12 months after account closure, after which it is deleted or anonymized unless a longer retention period is required by law.
• Draft Content: Retained until you delete it or close your account, then deleted within 30 days of account closure.
• Usage Data: Typically retained for up to 24 months for analytics purposes, then aggregated or deleted.
• Payment Records: Retained for 7 years as required by tax and accounting regulations.
• Reddit-Related Data: Subreddit targets, post metrics, and brand-mention data are retained for the duration of your subscription and deleted within 30 days of account closure.

6. Data Security

We implement reasonable technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using SSL/TLS protocols
• Encryption of sensitive data at rest
• Regular security assessments and updates
• Access controls limiting employee access to personal information
• Secure authentication mechanisms

However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access: You can request a copy of the personal information we hold about you.
• Correction: You can update or correct inaccurate personal information through your account settings.
• Deletion: You can request deletion of your personal information, subject to certain legal exceptions.
• Data Portability: You can request a copy of your data in a structured, machine-readable format.
• Opt-Out: You can opt out of promotional emails by following the unsubscribe instructions in those emails.
• Cookie Management: You can manage your cookie preferences through our cookie consent banner, which appears on your first visit. You can change your preferences at any time by clicking the cookie icon on our website.

To exercise these rights, please contact us at [email protected].

8. International Data Transfers

Your information may be transferred to and maintained on servers located outside your country of residence, including in the United States.

For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States, we rely on the European Commission’s Standard Contractual Clauses (June 2021 version) as the legal transfer mechanism. For UK-originating data, we additionally use the UK International Data Transfer Addendum to the EU SCCs. Where applicable, we supplement these mechanisms with technical safeguards including encryption in transit and at rest and access controls.

If you are located in the EEA or UK, you may request a copy of the applicable transfer mechanism by contacting [email protected].

9. Children’s Privacy

Our Service is not intended for users under the age of 18. We do not knowingly collect personal information from individuals under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

10. Third-Party Services

Our Service may contain links to third-party websites, services, or applications that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party services. We encourage you to review the privacy policies of any third-party services you visit.

11. Analytics, Visitor Identification, and AI-Assisted Features

Analytics: We use PostHog and Google Analytics to help us understand how users interact with our Service. These services collect pseudonymous identifiers and usage data. For users subject to GDPR or ePrivacy requirements, these tools are activated only after you provide consent via our cookie banner.

Visitor Identification (RB2B and Retention.com): When you visit our marketing website, we use RB2B — a B2B identity resolution service — which may match your anonymous visit data to an identified business contact (such as a name, company, and business email address) using third-party data sources. This match occurs server-side at RB2B; the cookies themselves do not store personally identifiable information. We may use the resolved identity to send you marketing communications. This practice may constitute “sharing” personal information under the California Consumer Privacy Act (CPRA).

• To opt out of marketing emails sent via Retention.com: https://app.retention.com/optout
• To opt out of RB2B data collection: https://www.rb2b.com/rb2b-gdpr-opt-out
• For EEA/UK visitors, RB2B identity resolution operates only with your explicit consent (opt-in via cookie banner).

AI-Assisted Features: ReddGrow uses AI models to generate draft content suggestions, subreddit recommendations, and brand analysis. These features do not make solely automated decisions with legal or similarly significant effects on you within the meaning of GDPR Article 22. All final posting and publishing decisions are made by you.

We do not currently display third-party advertising within our Service, but we reserve the right to do so in the future. If we implement advertising, we will update this Privacy Policy accordingly.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

12.1 Categories of Personal Information Collected (last 12 months)

Category	Examples	Collected
Identifiers	Email address, account ID, IP address	Yes
Internet/network activity	Pages visited, features used, click data	Yes
Commercial information	Subscription plan, payment history	Yes
Geolocation data	Approximate location inferred from IP	Yes
Professional/employment information	Company name (via RB2B resolution)	Yes (marketing site only)
Inferences	Usage patterns, product preferences	Yes

Sources: Directly from you; automatically from your device and browser; from third parties (RB2B identity resolution for marketing site visitors).

Business purposes: Service delivery, account management, security, analytics, marketing communications.

Third parties we share with: Service providers (Stripe, Supabase, PostHog, Resend, Google Cloud); identity resolution (RB2B); legal compliance.

12.2 Your Rights

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, the purposes, and the third parties we share with.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions (legal obligations, security, etc.).
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell your personal information. We may “share” personal information for cross-context behavioral advertising purposes via RB2B (see Section 11). You may opt out by: (a) using the opt-out link in Section 11; (b) enabling a Global Privacy Control (GPC) signal in your browser; or (c) contacting [email protected].
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond those permitted by CPRA.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

To exercise these rights, contact us at [email protected]. We will acknowledge receipt within 10 business days and respond substantively within 45 calendar days (extendable by 45 days with notice).

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and applicable national implementing laws.

13.1 Lawful Basis for Processing

We process your personal information on the following legal bases:

Purpose	Lawful Basis
Account creation and service delivery	Performance of a contract (Art. 6(1)(b))
Payment processing	Performance of a contract (Art. 6(1)(b))
Security, fraud prevention, abuse detection	Legitimate interests (Art. 6(1)(f))
Marketing emails (with your consent)	Consent (Art. 6(1)(a))
Analytics (PostHog, Google Analytics)	Consent (Art. 6(1)(a))
Legal obligations (tax records, compliance)	Legal obligation (Art. 6(1)(c))
Dispute resolution and enforcement	Legitimate interests (Art. 6(1)(f))

13.2 Your GDPR Rights

• Right to access: Obtain a copy of your personal data.
• Right to rectification: Correct inaccurate data.
• Right to erasure: Request deletion of your data, subject to legal retention obligations.
• Right to restriction: Restrict processing in certain circumstances.
• Right to data portability: Receive your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
• Right to lodge a complaint: File a complaint with your local supervisory authority (e.g., the Irish Data Protection Commission for EEA matters, or the UK ICO for UK matters).

13.3 Data Controller and Data Processor Roles

You are the data controller for any content you post, submit, or publish to Reddit or any other third-party platform through the Service. You determine the purposes and means of processing any personal data contained in that content and are responsible for ensuring it complies with applicable data protection laws.

ReddGrow does not act as a data processor for your Reddit account data. Because Reddit credentials, tokens, and session cookies never reach ReddGrow’s servers — all Reddit operations occur locally within your Chrome extension on your device — ReddGrow does not “process” your Reddit account data within the meaning of GDPR Article 4(8).

ReddGrow is an independent data controller for personal data we collect about your use of our own Service (account email, subscription and billing records, usage analytics, drafts you store in our dashboard, and other data described in Section 2). For this data, we determine the purposes and means of processing and are responsible for compliance with applicable law.

13.4 EU/UK Representative

If you are located in the EEA or UK, you may contact us directly at [email protected] for any data protection inquiries. We are evaluating the appointment of an EU/UK representative under GDPR Article 27 and will update this section when appointed.

13.5 Data Protection Contact

ReddGrow has assessed that appointment of a Data Protection Officer is not required under GDPR Article 37. For data protection inquiries, contact [email protected]. We aim to respond to all requests within the statutory timeframe.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated Privacy Policy on our website
• Updating the “Effective Date” at the top of this policy
• Sending you an email notification to your registered email address at least 30 days before material changes take effect

In the event of a personal data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Where a breach is likely to result in a high risk to your rights and freedoms, we will also notify affected users without undue delay and in accordance with applicable law.

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: [email protected] Address: ReddGrow, Inc., 1111B S Governors Ave # 89342, Dover, DE 19904

For California residents exercising CCPA/CPRA rights: Email: [email protected]

We will respond to your inquiry within a reasonable timeframe as required by applicable law.

---

Last Updated: May 8, 2026 (v1.5)

Thank you for trusting ReddGrow with your information. We are committed to protecting your privacy and providing transparency about our data practices.