Privacy Policy

Growth Anchors Ltd ("Growth Anchors", "we", "us", "our") is an AI-native digital marketing agency headquartered in Dubai, UAE, with registered operations in England & Wales. We provide digital marketing services including SEO, paid media, content marketing, AI & automation, and analytics to businesses worldwide.

We operate the website at growthanchors.com (the "Site") and various client portals, reporting dashboards, and communication tools (collectively the "Services").

Contact Details

Data Controller: Growth Anchors Ltd
Registered Address: Dubai, United Arab Emirates
UK Address: London, England
Email: privacy@growthanchors.com
General Enquiries: hello@growthanchors.com

Information You Provide Directly

• Contact form submissions — name, work email, phone number, company name, website URL, project description, budget range
• Account registration — username, password (hashed), billing information
• Service delivery — business credentials, ad account access, analytics access, CRM data, and other information necessary to provide our Services
• Communications — emails, Slack messages, video call recordings (where consent is given), and support tickets
• Survey and feedback responses — satisfaction scores, feature requests, testimonials

Information We Collect Automatically

• Usage data — pages visited, time on page, click paths, referral sources
• Device and technical data — IP address, browser type, operating system, screen resolution, language settings
• Cookies and tracking technologies — see our Cookies section below
• Analytics data — aggregated behavioural patterns collected via Google Analytics 4, and similar tools

Information from Third Parties

• Data enrichment services (e.g. Clearbit, Apollo) to understand the companies contacting us
• LinkedIn Lead Gen Forms and similar paid media lead capture tools
• Integration platforms (Zapier, HubSpot, etc.) when you connect them to our services
• Publicly available information, including company websites and LinkedIn profiles, used for business development purposes

We do not sell your personal data. We do not use your personal data for automated decision-making that produces legal or similarly significant effects without human review.

Under UK/EU GDPR, we rely on the following lawful bases for processing personal data:

• Consent (Article 6(1)(a)) — for marketing emails, cookies that are not strictly necessary, and recording of calls. You may withdraw consent at any time.
• Contract performance (Article 6(1)(b)) — where processing is necessary to provide the services you have engaged us for, or to take steps prior to entering a contract.
• Legal obligation (Article 6(1)(c)) — where we must process data to comply with a legal requirement (e.g. tax records, anti-money laundering checks).
• Legitimate interests (Article 6(1)(f)) — for purposes such as improving our services, preventing fraud, operating our business, and conducting B2B outreach where a genuine interest exists. We have conducted legitimate interest assessments (LIAs) for all such processing.

We share your data only when necessary and only with parties who are contractually bound to protect it. We never sell data. Categories of recipients include:

• Service providers and subprocessors — cloud hosting (AWS, Google Cloud), CRM software (HubSpot), project management tools (Notion, ClickUp), analytics (Google Analytics), email platforms (Mailchimp/ActiveCampaign), video conferencing (Zoom, Google Meet)
• Advertising platforms — when managing paid media campaigns on your behalf, we necessarily interact with Google Ads, Meta, LinkedIn, and similar platforms using your business data
• Professional advisors — lawyers, accountants, and auditors under obligations of confidentiality
• Regulators and authorities — where required by law, court order, or to protect our legal rights
• Business transfers — in the event of a merger, acquisition, or sale of assets, with prior notice to affected individuals

All subprocessors are assessed for GDPR compliance. A full list of our subprocessors is available on request at privacy@growthanchors.com.

We use cookies and similar technologies. When you first visit our Site, you will be presented with a cookie consent banner allowing you to accept or decline non-essential cookies.

You can change your cookie preferences at any time by clicking the "Cookie Settings" link in the footer. You can also control cookies through your browser settings — see allaboutcookies.org for guidance.

We retain personal data for no longer than necessary for the purpose for which it was collected, taking into account legal obligations.

• Client and contract data — 7 years after contract end (UK/UAE statutory requirement)
• Prospect and lead data — 24 months from last meaningful engagement, then deleted or anonymised
• Marketing list data — until you unsubscribe or withdraw consent, plus 30 days for backup deletion
• Website analytics — 26 months (Google Analytics default), aggregated data retained indefinitely
• Financial records — 7 years (UK Companies Act / UAE Commercial Transactions Law)
• Job applicant data — 12 months after role filled unless you consent to a longer period
• Call recordings — 6 months unless you request earlier deletion

Under UK GDPR, EU GDPR, and applicable data protection laws, you have the following rights:

• Right of access — request a copy of the personal data we hold about you (a Subject Access Request, or SAR)
• Right to rectification — ask us to correct inaccurate or incomplete data
• Right to erasure ("right to be forgotten") — ask us to delete your data where there is no compelling reason to continue processing
• Right to restriction — ask us to pause processing of your data in certain circumstances
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests or direct marketing
• Rights related to automated decision-making — not to be subject to solely automated decisions that significantly affect you
• Right to withdraw consent — at any time, without affecting the lawfulness of prior processing

If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority: the UK Information Commissioner's Office (ICO) at ico.org.uk, or your local EU data protection authority.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include:

• TLS 1.2+ encryption for all data in transit
• Encryption at rest for databases and file storage
• Role-based access controls — minimum necessary access for all team members
• Multi-factor authentication enforced on all internal systems
• Regular security assessments and penetration testing
• Staff data protection training and confidentiality obligations
• Incident response plan and data breach notification procedures

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by law.

Growth Anchors operates globally with offices in the UAE, UK, India, Australia, USA, and Canada. This means your data may be transferred to and processed in countries outside the UK and EEA.

Whenever we transfer personal data internationally, we ensure a similar degree of protection by relying on one or more of the following safeguards:

• Adequacy decisions — transfers to countries that the UK or EU has deemed adequate (e.g. UK–EU adequacy, Canada PIPEDA adequacy)
• Standard Contractual Clauses (SCCs) — the UK IDTA or EU SCCs for transfers to countries without adequacy decisions
• Binding Corporate Rules (BCRs) — where applicable for transfers within our corporate group
• Explicit consent — where appropriate and you have been fully informed

Our Services are directed to businesses and professional individuals. We do not knowingly collect personal data from children under the age of 16 (or such higher age as required by local law).

If you believe a child has provided us with personal data, please contact us at privacy@growthanchors.com and we will delete the data promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will indicate the date of the most recent update at the top of this page.

For material changes — those that significantly affect your rights or the way we process your data — we will provide prominent notice on the Site and, where appropriate, notify you directly by email.

Continued use of our Site or Services after a material change constitutes acceptance of the updated policy. If you disagree, please discontinue use and contact us to delete your data.

If you have any questions about this Privacy Policy, wish to exercise your rights, or have a complaint, please contact us:

• Email: privacy@growthanchors.com
• General: hello@growthanchors.com
• Post: Data Privacy Team, Growth Anchors Ltd, Dubai, UAE

We aim to respond to all privacy enquiries within 5 working days and to resolve them within 30 days.