quickGrowth Privacy Policy

GLOBAL PRIVACY POLICY AND PERSONAL DATA PROCESSING

QuickGrowth 

Version 1.1 Effective from June 12, 2025

•  IDENTIFICATION OF THE CONTROLLER

• Controller / Operator: IXL Center, Inc.
• Registered Address: 82 Bates Road, Arlington, MA 02474, USA

          Representatives and Contacts:

• quickgrowth@ixl-center.net (support)
• quickgrowth@ixl-center.net (legal)

• TERRITORIAL SCOPE AND REGULATORY FRAMEWORK

QuickGrowth complies with the GDPR, UK GDPR, CPRA, LGPD, PIPEDA, APPI, POPIA, PIPL and any other local laws that impose stricter requirements.

 

Regulation	Región/País	Key Compliance Measures
GDPR General Data Protection Regulation (Reg. 2016/679)	European Union / EEA	EU representative (IXL Center Europe BV) Appointed DPO & data‑subject portal (30 days) RoPA & annual DPIA 2021 SCCs + TIAs Breach notification ≤ 72 h AES‑256 at rest / TLS 1.3 in transit
UK  GDPR + Data Protection Act 2018	United Kingdom	Representative UK (IXL Center UK Ltd.) IDTA/UK-SCC para transferencias Registro ICO y pago anual fee
CPRA California Privacy Rights Act	California, USA	“Notice at Collection” during onboarding “Do Not Sell/Share My Personal Information” button Service‑Provider contracts §1798.140 Annual cybersecurity risk assessments
LGPD Lei Geral de Proteção de Dados	Brazil	Legal basis mapping (art. 7) ANPD model clauses for sub‑processors Data‑subject service channel (30 days, PT‑BR)
PIPEDA Personal Information Protection and Electronic Documents Act	Canada	Bilingual privacy policy (EN/FR) Record of cross‑border transfers Confidentiality agreements with Canadian vendors
APPI   Act on the Protection of Personal Information	Japón	Article 28 clauses for “third‑party provision overseas” “Joint use” notice (kyōdō riyō) where applicable
POPIA Protection of Personal Information Act	South Africa	Information Officer registration Section 57 impact assessments where required Breach notification under Section 22
PIPL Personal Information Protection Law	Mainland China	Optional Beijing hosting for CN customers CAC model contract + security assessment for transfers Internal PIPL compliance office

 

• PRINCIPLES

Lawfulness, fairness, transparency, data minimisation, accuracy, storage limitation, integrity/confidentiality and proactive accountability..

•  DATA WE COLLECT 

1. 1. Identification: name, e‑mail, country.
   2. Professional: job title, industry sector.
   3. Usage: visited modules, session duration.
   4. Device: IP address, browser.
   5. Billing: card token (Stripe).

QuickGrowth does not collect special categories of personal data.

• PURPOSES AND LEGAL BASES

1. 1. Create and manage the account.
   2. Generate dashboards and reports.
   3. Internal analytics.
   4. Marketing communications.
   5. Legal compliance and anti-fraud.

The table below links each processing purpose with its corresponding legal basis (GDPR art. 6) and the activities involved.

 

Legal Basis  (GDPR art. 6)	Purpose	Activities Included
6 (1)(b) Contract performance	Create and manage the account	Initial registration Authentication & MFA Credential management Account support
6 (1)(b) Contract performance	Generate dashboards and personalised reports	Processing of responses Metric calculation Dashboard visualisation Export of reports (PDF, CSV, JSON)
6 (1)(f) Legitimate interest (balance test)	Internal analytics and product improvement	Aggregate usage measurement A/B testing Bottleneck identification Development of new features
6 (1)(a) Explicit consent	Marketing communications	Newsletter delivery Promotions & launches Event invitations Satisfaction surveys
6 (1)(c) Legal obligation (and 6 (1)(f) anti‑fraud)	Legal compliance, audit and anti‑fraud	KYC / KYB checks (where applicable) Fraud prevention and detection Accounting / tax retention Reports to competent authorities

 

•  RETENTION

• Account data: while the account remains active plus an additional 12 months.
• Billing records: 7 years (statutory tax requirements).
• Security logs: 12 months.

•  INTERNATIONAL TRANSFERS

QuickGrowth relies on the 2021 Standard Contractual Clauses for EU–US transfers, the UK International Data Transfer Agreement (IDTA), and ANPD model clauses under the LGPD. Primary hosting for EU clients is located in AWS Frankfurt. Data are encrypted with AES‑256 at rest and TLS 1.3 in transit.

• DATA SUBJECT RIGHTS 

Access, rectification, erasure, restriction, portability, objection, and the right to opt‑out of data “sale”. Requests should be sent to dpo@quickgrowth.app. We respond within 30 days.

•  SUB‑PROCESSORS

Current sub‑processors include AWS, Auth0, Stripe, and Intercom. The full, up‑to‑date list is available at quickgrowth.app/subprocessors. QuickGrowth will provide 30 days’ prior notice before adding new sub‑processors.

• SECURITY MEASURES

ISO 27001 certification, SOC 2 Type II reports, end‑to‑end encryption, role‑based access control (RBAC), multi‑factor authentication, and semi‑annual penetration testing.

• MINORS

The Service is not directed to individuals under 18 years of age without verifiable parental consent.

•  COOKIES

Essential cookie (`qg_session`) and anonymised analytics cookie (`_ga`). Consent is managed through an IAB TCF v2.2 compliant Consent Management Platform (CMP).

• AUTOMATED DECISION‑MAKING

QuickGrowth does not take decisions with significant legal effects on users without human involvement.

• SECURITY BREACHES

QuickGrowth notifies supervisory authorities and affected data subjects within 72 hours in accordance with GDPR Articles 33 and 34 and CPRA §1798.150.

• CHANGES TO THE POLICY

Substantial changes to this Policy will be announced at least 15 days in advance via e‑mail and an in‑app banner.

• SUPERVISORY AUTHORITIES

EU – local Data Protection Authority; United Kingdom – ICO; California – CPPA; Brazil – ANPD; Canada – OPC; Japan – PPC; Australia – OAIC.

 

End of the Privacy Policy.