Privacy Policy

1. Overview and Roles

Summary: ScaleBotik is the Australian white‑label reseller and marketer. GrowBotik is the U.S. developer, platform operator, and the party that hosts customer accounts, processes payments, and delivers the GrowBotik AI marketing services. All customer account, billing, and service data are created, stored and processed in GrowBotik’s platform and database in the United States.

Who does what

  • ScaleBotik (reseller / marketer): markets the platform, brings businesses and marketers to the GrowBotik platform, and provides minor phone onboarding and triage support. ScaleBotik does not collect or store customer accounts or billing information, but does have access to the platform usage data.
  • GrowBotik (developer / platform operator): operates the GrowBotik AI platform, runs the automated signup and subscription flow, hosts the customer database in the U.S., executes the suite of online business marketing services (discovery, gap analysis, growth planning, campaign execution, tracking and reporting), and handles technical support beyond ScaleBotik’s minor phone support.

2. Payments and Billing

Automated Stripe payments

  • All subscription signups and payments for use of the GrowBotik platform are processed automatically by GrowBotik through the integrated Stripe payment system. Customers sign up and pay directly through GrowBotik’s Stripe flow; ScaleBotik does not process, transmit, or store payment card data. GrowBotik retains billing and transaction records required for accounting, tax, fraud prevention and legal compliance.

Billing inquiries and disputes

  • ScaleBotik may triage customer billing questions but will refer payment disputes and refunds to GrowBotik billing for resolution. GrowBotik is the authoritative record holder for all payment transactions.

3. Data Collection, Storage and Minimisation

Data held by GrowBotik (authoritative source)

  • GrowBotik collects and stores account registration details, authentication credentials, usage telemetry, service logs, platform analytics, support tickets, and billing/transaction records (via Stripe). These data are used to deliver the Services, operate automated onboarding, run analytics and lead‑generation features, prevent fraud, and provide technical support. GrowBotik’s platform includes automated discovery, gap analysis, growth planning and campaign execution features that generate and rely on these data.

ScaleBotik data handling

  • ScaleBotik only collects marketing lead and referral metadata necessary to introduce potential clients to the GrowBotik platform. ScaleBotik does not retain customer account, billing, or platform usage data. Any lead information passed to GrowBotik is limited to the minimum required to enable the prospect to evaluate, sign up and pay on GrowBotik’s platform.

4. Marketing Communications and Consent

Explicit opt‑ins and recordkeeping

  • Marketing communications (email and SMS) require separate, explicit opt‑ins presented at the point of referral or signup. Consent records (user id; consent text; checkbox state; timestamp; IP; consent source) are stored in GrowBotik’s platform. For U.S. recipients GrowBotik will maintain TCPA consent records where required. For Australian recipients ScaleBotik will ensure marketing practices comply with the Spam Act and the APPs.

Unsubscribe and STOP

  • Reply STOP to SMS or use the unsubscribe link in emails. GrowBotik will promptly process STOP requests and confirm unsubscription. ScaleBotik will cease outreach to unsubscribed contacts.

5. Cross‑Border Transfers, Security and Subprocessors

Cross‑border transfers

  • Customer data collected and stored in GrowBotik’s U.S. database are transferred to and processed in the United States. Transfers are governed by a Data Processing Addendum (DPA) that includes Standard Contractual Clauses (SCCs) or equivalent safeguards where required by law.

Security measures

  • GrowBotik implements technical and organisational safeguards including TLS for data in transit, encryption at rest, role‑based access controls, multi‑factor authentication for privileged access, logging and vulnerability management. GrowBotik maintains a security program aligned with recognized standards and provides attestations on request.

Subprocessors

  • GrowBotik will maintain and publish a subprocessors register. Stripe is the payment processor used for automated payments. New subprocessors that will process ScaleBotik customer data require prior notice to ScaleBotik and, where required, ScaleBotik approval.

6. Data Subject Rights, Retention and Breach Response

Exercising rights

  • Data subject requests (access, correction, deletion, portability, objection) should be submitted to the contacts below. ScaleBotik will triage requests it receives and, where data are held by GrowBotik, will instruct GrowBotik to assist in fulfilling the request. Reasonable identity verification will be required. Responses will be provided within applicable statutory timeframes.

Retention

  • Retention periods for account, billing and transactional data are documented in the DPA and customer agreements. Billing records required for legal or tax compliance will be retained by GrowBotik as permitted by law. Data no longer required will be securely deleted or irreversibly anonymised.

Breach notification

  • GrowBotik will notify ScaleBotik of confirmed incidents affecting ScaleBotik customer data without undue delay and, where feasible, within 72 hours of discovery. ScaleBotik will notify affected individuals and regulators in Australia or the U.S. as required by applicable law and will coordinate communications with GrowBotik.

7. Transparency, Notices and Contacts

Operational contacts

  • ScaleBotik privacy enquiries: support@scalebotik.com
  • ScaleBotik support (marketing referrals and minor phone onboarding): support@scalebotik.com
  • GrowBotik data processing and billing: privacy@growbotik.com