Growth Compass LLC ("Growth Compass," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at getgrowthcompass.com, complete an assessment hosted on our platform, or interact with us in any other way.
1. Scope
This Privacy Policy applies to:
- The Growth Compass website at getgrowthcompass.com and all related subdomains
- Assessment landing pages hosted on client subdomains (e.g., [client].getgrowthcompass.com)
- Admin dashboards provided to our subscribing clients
- Any other interactions with Growth Compass, including email communications and support requests
This policy does not apply to third-party websites or services linked from our site. We encourage you to review the privacy policies of any third-party sites you visit.
2. Information We Collect
2.1 Information You Provide Directly
| Category |
Examples |
When Collected |
| Contact Information |
Name, email address, company name, phone number, job title |
Assessment submissions, contact forms, scheduling a call, subscribing to communications |
| Assessment Responses |
Answers to assessment questions, self-reported ratings, selections |
When you complete a diagnostic assessment on our platform |
| Account Information |
Login credentials, company details, billing information |
When a client subscribes to the Growth Compass platform |
| Communication Data |
Email content, support requests, feedback |
When you contact us directly |
2.2 Information Collected Automatically
| Category |
Examples |
| Device & Browser Data |
IP address, browser type and version, operating system, device type, screen resolution |
| Usage Data |
Pages visited, time on page, click patterns, referring URL, UTM parameters |
| Assessment Metadata |
Submission timestamp, completion duration, session identifiers |
3. How We Use Your Information
We use the information we collect for the following purposes:
- Deliver the Service: Process assessment submissions, compute scores, generate personalized reports, and display results on client dashboards
- Platform Operations: Monitor system performance, detect errors, maintain security, and optimize infrastructure
- Technical Support: Diagnose and resolve issues reported by clients or detected through monitoring
- Product Improvement: Analyze de-identified, aggregated data to improve scoring algorithms, benchmarks, and platform features
- Communications: Respond to inquiries, send service-related notices, and provide information you have requested
- Compliance & Security: Maintain audit logs, enforce our terms of service, and comply with legal obligations
We do not sell your personal information. We do not use your personal information for automated decision-making that produces legal or similarly significant effects.
4. Legal Basis for Processing
We process personal information on the following bases:
- Consent: When you voluntarily submit an assessment or provide your contact information through our forms
- Contractual Necessity: When processing is necessary to fulfill our obligations under a subscription agreement with our clients
- Legitimate Interest: When processing is necessary for platform operations, security, fraud prevention, and product improvement, balanced against your privacy rights
- Legal Obligation: When processing is required to comply with applicable law
5. How We Share Your Information
We share personal information only in the following circumstances:
- With the Client Who Deployed the Assessment: When you complete an assessment hosted on a client's subdomain, your responses, scores, and contact information are shared with that client through their admin dashboard. The client is the data controller for that assessment, and their use of your data is governed by their own privacy practices.
- Service Providers (Sub-processors): We use trusted third-party services to operate our platform:
| Provider |
Purpose |
Data Location |
| Amazon Web Services (AWS) |
Cloud infrastructure: compute, database, storage, email delivery, content delivery |
United States |
| Stripe, Inc. |
Payment processing for client subscriptions |
United States |
- Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request
- Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify affected parties of any change in ownership or use of personal information.
We do not share individual-level assessment data between clients. Each client sees only the data from their own assessment instance.
6. Assessment Data & Client Relationship
When you complete an assessment on a [client].getgrowthcompass.com subdomain, the client who deployed that assessment is the data controller. Growth Compass acts as a data processor on that client's behalf, subject to a Data Processing Agreement.
This means:
- The client determines what questions are asked and what contact information is collected
- Your responses and results are provided to the client who deployed the assessment
- Growth Compass processes your data to deliver the assessment service (scoring, report generation, dashboard display)
- Growth Compass maintains operational access to all assessment data for platform operations, technical support, and security monitoring — all such access is logged
- To exercise your data rights (access, correction, deletion) regarding assessment data, contact the organization that directed you to the assessment. You may also contact Growth Compass directly and we will route your request appropriately.
7. Cookies & Tracking
Our website uses the following types of cookies and similar technologies:
- Essential Cookies: Required for basic site functionality such as session management and security. These cannot be disabled.
- Analytics Cookies: Help us understand how visitors interact with our website so we can improve the experience. These are loaded only with your consent where required by applicable law.
We do not use advertising cookies or third-party ad tracking on our website or assessment pages. Assessment landing pages use only essential cookies required for session management and form submission.
You can control cookies through your browser settings. Disabling essential cookies may affect site functionality.
8. Data Retention
- Website visitor data: Aggregated analytics data is retained indefinitely. Individual IP addresses and session data are retained for up to 12 months.
- Assessment data: Retained for the duration of the client's subscription. Upon termination, client data is available for export for 30 days, deleted from active systems, and purged from backups within 90 days, except where retention is required by law.
- Client account data: Retained for the duration of the subscription and for up to 12 months thereafter for tax, audit, and legal purposes.
- Audit logs: Super-admin access logs are retained for a minimum of 12 months.
- Aggregate data: De-identified, aggregated data that cannot reasonably identify any individual may be retained indefinitely for benchmarking and product improvement.
9. Data Security
We implement commercially reasonable administrative, physical, and technical safeguards to protect your information, including:
- Encryption of data in transit (TLS) and at rest (AWS-managed encryption)
- Serverless architecture (AWS Lambda, API Gateway, DynamoDB) with no persistent servers to compromise
- Role-based access controls with logical tenant isolation between client instances
- Audit logging of all administrative access to assessment data
- Regular security monitoring and infrastructure patching
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.
10. Your Rights
Depending on your location and applicable law, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information, subject to legal retention requirements
- Portability: Request a copy of your data in a structured, machine-readable format
- Restriction: Request that we limit the processing of your information in certain circumstances
- Objection: Object to processing based on legitimate interests
To exercise any of these rights, contact us at privacy@getgrowthcompass.com. We will respond to verified requests within 30 days.
For assessment respondents: If you completed an assessment on a client's subdomain, please contact that organization first, as they are the data controller. You may also contact us directly and we will assist in routing your request.
11. Children's Privacy
Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child under 16, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@getgrowthcompass.com.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page. For significant changes that affect how we handle your data, we will provide prominent notice on our website.
We encourage you to review this Privacy Policy periodically.
If you have questions about this Privacy Policy, your data, or our privacy practices, contact us at:
Growth Compass LLC
Oklahoma City, OK
Email: privacy@getgrowthcompass.com
Web: www.getgrowthcompass.com