1. Information We Collect

We collect the following categories of information:

a) Information You Provide

• Personal details: name, email, phone number, business details (if applicable)
• Google Authentication Data: When you sign in with Google, we collect your Google account email address, name, and profile picture (if available) for authentication and account creation purposes only
• Payment details: handled securely by third-party providers (Paystack, Flutterwave). We do not store full card or banking information
• Submissions: contacts you provide when joining pools

b) Automatically Collected Data

• IP address, device information, browser type, operating system
• Activity logs (pages visited, campaigns joined, referrals used)
• Cookies and tracking data for authentication, fraud prevention, and analytics
• Google Analytics data (anonymized) for website performance and user behavior analysis

c) Third-Party Data

• OTP verification services (Termii or equivalent)
• Payment confirmations from payment processors
• Google OAuth authentication data (email, name, profile picture)

2. How We Use Your Information

We use your information for the following purposes:

• To operate and maintain the Service
• To verify your identity (via email/phone OTP and Google OAuth)
• To create and manage your user account
• To process payments and subscriptions
• To compile and share campaign contact pools with other participants
• To send transactional emails (payment confirmations, pool results, reminders)
• To detect, prevent, and investigate fraud, abuse, or illegal activity
• To improve our platform through analytics and feedback
• To comply with Google API Services User Data Policy and other legal obligations

3. Data Sharing

We may share your information as follows:

• With other pool participants: your name, email, and phone number are shared with others in the same campaign pool
• With service providers: for payment processing, OTP verification, email delivery, analytics, hosting, and Google OAuth authentication
• With Google: when you use Google OAuth, we share authentication data with Google as required for the OAuth process
• With authorities: if required by law, regulation, or to protect our rights

We do not sell personal data to third parties.

4. Legal Basis for Processing (GDPR/UK GDPR)

For users in the EU/UK, we process your data based on:

• Consent (when you provide contacts for a pool)
• Contract (to deliver services you pay for)
• Legitimate interests (fraud prevention, service improvement)
• Legal obligations (tax, compliance)

5. Data Retention

• Contact data: kept until the campaign concludes and results are delivered
• Account data: retained while your account is active
• Payment records: retained as required by financial regulations
• We may anonymize and retain aggregated data for analytics

6. Data Security

We implement industry-standard measures to protect your data, including:

• End-to-end encryption for sensitive data transmission
• HTTPS encryption for all web communications
• Secure access controls and authentication
• Secure hosting infrastructure (Neon Tech PostgreSQL, Vercel)
• Regular security audits and updates
• Data backup and recovery procedures

However, no system is 100% secure. You use the Service at your own risk.

7. International Data Transfers

Your data may be stored and processed outside your country of residence, including in the United States, European Union, and Africa. By using the Service, you consent to such transfers.

We ensure that international transfers comply with GDPR/CCPA requirements.

8. Your Rights

Depending on your location, you may have rights including:

• Access: request a copy of your personal data
• Correction: request updates to incorrect information
• Deletion: request deletion of your account/data (except where legally required). You can delete your account directly from your profile page by typing "DELETE" to confirm. This permanently removes all your data including profile information, campaign submissions, payment history, and referral data.
• Objection/Restriction: object to certain processing
• Data Portability: request a portable copy of your data
• Opt-out: opt out of marketing emails

To exercise these rights, contact us at support@listgrow.app.

9. Google OAuth & API Services Compliance

When you use Google OAuth to sign in to our service:

• We only access the minimum Google account information necessary for authentication (email, name, profile picture)
• We comply with Google's API Services User Data Policy
• We do not access or store your Google account password or other sensitive Google data
• You can revoke our access to your Google account at any time through your Google account settings
• We use Google OAuth data solely for authentication and account management purposes

10. Children's Privacy

ListGrow is not intended for use by individuals under 18. We do not knowingly collect data from children. If you believe a minor has provided data, contact us and we will delete it.

11. No Refund Policy & Data

As stated in our Terms:

• Payments are non-refundable
• If you request account deletion after joining a campaign, we cannot retract data already distributed in pool exports

12. Changes to Privacy Policy

We may update this Privacy Policy at any time. Updates will be posted on this page with the "Last Updated" date. Continued use of the Service constitutes acceptance.

13. Contact Us

If you have questions or requests regarding this Privacy Policy, please contact us: