Privacy Policy
This Privacy Policy explains how letsgrow.cloud ("we", "us", "our") collects, uses, and protects the personal information of users of the Shopify Growth Intelligence audit tool (the "Service"). It applies to information we collect through the Service and the letsgrow.cloud website.
We are based in Australia and comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
For questions or requests about your data, contact hello@letsgrow.cloud.
1. What information we collect
When you use the Service, we collect:
Information you provide
- Your work email address
- The Shopify storefront URL you submit for audit
- Optional feedback text you submit after the audit
- Optional agency or client name fields, if you fill them in
Information generated automatically
- Audit metadata: timestamp, duration, finding count, estimated cost
- Access events: when you submit the form, when you complete an audit, when your submission is rejected (and why)
- Email delivery status: whether your audit report was delivered successfully
Analytics
We use Umami, a privacy-focused, cookieless analytics tool that we self-host on our own server (not a third-party analytics provider). It records aggregate, anonymized usage — including page views, referring sites, approximate country, device and browser type, and key events such as starting an audit and completing an audit. Umami does not use cookies, does not track you across other websites, and does not build advertising profiles. IP addresses are processed transiently to derive approximate location and are not stored.
We do not collect
- Your name, phone number, or physical address
- Payment information (the Service is free)
- Third-party marketing or advertising tracking pixels
- Cookies, beyond the session cookies Streamlit uses to keep your session active
2. How we use your information
We use the information we collect to:
- Operate the Service: run the audit on the URL you submit and deliver the report to your email
- Enforce access controls: ensure each email gets one free audit, prevent abuse, monitor cost caps
- Follow up with you: we may email you to ask for feedback, share product updates, or respond to inquiries
- Improve the Service: review aggregate usage patterns and feedback to make the tool better
- Comply with legal obligations: if required by law to disclose information
We do not use your data for:
- Selling to third parties (we do not sell user data, period)
- Advertising or behavioral targeting
- Training AI models (your data is sent to OpenAI for audit generation only — see Section 3)
3. Third-party services that process your data
To operate the Service, we share specific data with the following third parties:
| Service | Location | What we share | Purpose |
|---|---|---|---|
| OpenAI | United States | Audit content (page snippets from your URL, finding text) | Generating audit findings and action plan text |
| Resend | United States | Your email, your audit report (PDF + Word) | Delivering the report to your inbox |
| Google PageSpeed Insights | United States | The URL you submit | Fetching performance metrics |
| Hostinger | Lithuania / EU | Server logs, database (emails, audits, feedback) | Hosting the Service infrastructure |
| Cloudflare (R2) | United States / global | Encrypted database backups (emails, audits, feedback) | Off-site backup and disaster recovery |
We also run Umami analytics, which is self-hosted on our own server (located with Hostinger) rather than provided by a third party. It is described in Section 1.
Each of the third-party providers above operates under its own privacy policy. By using the Service, you consent to the transfer and processing of your data in the United States and the European Union (where Hostinger operates), and on Cloudflare's infrastructure, in addition to Australia.
Note on cross-border data transfer: Under Australian Privacy Principle 8, we take reasonable steps to ensure overseas recipients comply with the APPs. The providers listed above are major commercial services with their own privacy commitments. We are not responsible for their conduct beyond our control.
4. How long we keep your data
We retain your data for 12 months from your last interaction with the Service. After that period, we delete:
- Your email address
- Your submitted URL
- Audit reports stored on our servers
- Feedback you submitted
Encrypted backups are retained on Cloudflare R2 for up to 90 days, after which they are automatically deleted. Deleting your data from our primary database does not immediately remove it from existing backups, but those backups expire within 90 days.
We may retain anonymized usage statistics (e.g., total audits run per month, aggregate Umami analytics) indefinitely for product improvement purposes, but these contain no personal information.
You can request earlier deletion at any time — see Section 6.
5. How we protect your data
We take reasonable steps to protect your data:
- All data transmission uses HTTPS encryption
- Our database is hosted on a private server with restricted access
- Backups stored on Cloudflare R2 are transmitted over encrypted connections
- API keys and credentials are stored in environment variables, never in code or version control
- Email is sent through Resend's encrypted infrastructure
- Audit reports are temporarily generated and not stored long-term on our servers (your inbox is the canonical copy)
However: no internet service is 100% secure. If we become aware of a breach affecting your data, we will notify you and the Office of the Australian Information Commissioner (OAIC) as required by Australia's Notifiable Data Breaches scheme.
6. Your rights
Under Australian privacy law (and similar laws elsewhere), you have the right to:
- Access the personal information we hold about you
- Correct information that is inaccurate or out of date
- Request deletion of your information
- Withdraw consent for processing (which will result in your access being terminated)
- Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we've mishandled your data
To exercise any of these rights, email us at hello@letsgrow.cloud. We aim to respond within 30 days. You may need to verify your email address before we process certain requests.
If you're in the EU, UK, or California, you have similar rights under GDPR, UK GDPR, or CCPA. Email us with your request and we'll respond accordingly.
7. Children's privacy
The Service is not intended for users under 18. We do not knowingly collect data from minors. If we discover that we've collected data from a minor, we will delete it. If you believe a minor has used the Service, please contact us.
8. Changes to this Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this document indicates the most recent change. Material changes will be flagged via the email address on file when possible.
9. Contact us
For privacy questions, deletion requests, or any concerns about your data, contact:
Email: hello@letsgrow.cloud
Operator: letsgrow.cloud, based in Australia
If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
By using the Service, you confirm you have read and understood this Privacy Policy.