Back to home

Privacy Policy

Last updated: 26 June 2026

Silk Growth is committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and what rights you have under the UK GDPR and the EU General Data Protection Regulation (GDPR). Please read it carefully.

1. Who We Are (Data Controller)

Silk Growth Ltd ("we", "us", or "our") is the data controller responsible for your personal data. Silk Growth Ltd is a company registered in England and Wales (company number 17316780), with its registered office at 86-90 Paul Street, London, EC2A 4NE. We operate the Silk Growth platform at silkgrowth.com.

Contact details

Company number: 17316780 (England and Wales)

Registered office: 86-90 Paul Street, London, EC2A 4NE

Email: info@silkgrowth.com

Website: silkgrowth.com

2. Data We Collect

We collect the following categories of personal data:

Account information

Name, email address, and password (stored as a one-way hash using bcrypt). Collected at registration.

Subscription and billing data

Plan type, trial start/end dates, and billing history. Payment card details are processed directly by Stripe and are never stored on our servers.

Usage data

Features you use, pages you visit within the app, actions taken (e.g. leads added, scripts generated), and usage counters (AI generations per month). Used to provide the Service and enforce plan limits.

Lead and pipeline data

Names, contact details, and outreach notes you enter about your business contacts (your leads). You are the data controller for this data; we process it on your behalf as a data processor.

Integration credentials

API keys, App Passwords, and tokens you provide when connecting Gmail, Outlook, Shopify, Twilio, Resend, WhatsApp, Google Calendar, Zapier, or Calendly. These are encrypted at rest using AES-256 and used solely to provide the integration functionality you configure.

Communications

Messages you send us via our contact form or email, including any support enquiries.

Technical data

IP address, browser type, device type, and server logs. Retained for up to 90 days for security and debugging purposes.

Cookie data

Session identifiers and preference cookies. See Section 9 (Cookies) for full details.

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data on the following legal bases:

Contractual necessity (Art. 6(1)(b)): Processing your account, managing your subscription, enforcing plan limits, and delivering the core Service.
Legitimate interests (Art. 6(1)(f)): Security monitoring, fraud prevention, product improvement, debugging, and sending service-related communications (e.g. billing alerts, feature changes).
Consent (Art. 6(1)(a)): Sending marketing emails and newsletters. You can withdraw consent at any time by unsubscribing or contacting us.
Legal obligation (Art. 6(1)(c)): Retaining billing records and responding to lawful requests from regulatory authorities.

4. How We Use Your Data

We use your personal data to:

  • Create and manage your account and provide access to the Service.
  • Process your Subscription and manage billing via Stripe.
  • Deliver AI-generated content (scripts, hooks, strategies) using your niche and preferences.
  • Sync and display data from connected integrations (email, CRM, SMS, calendar).
  • Send transactional emails (registration confirmation, trial expiry notice, billing receipts).
  • Send product updates and outreach guides where you have opted in.
  • Enforce plan limits (lead count, AI generation quotas).
  • Detect, investigate, and prevent fraudulent or unlawful activity.
  • Improve and develop the Service based on aggregate, anonymised usage analytics.
  • Comply with legal obligations.

We do not use your data to train AI models. We do not sell, rent, or trade your personal data to any third party for marketing purposes.

5. Data Sharing and Third Parties

We do not sell your personal data. We share it only with trusted third-party service providers who process it on our behalf under appropriate data processing agreements:

StripeUSA / EEA (SCCs in place)

Payment processing and subscription management.

Neon (PostgreSQL hosting)EU

Database hosting for all Service data.

OpenAIUSA (SCCs in place)

AI generation of scripts, hooks, and strategies. Prompts include your niche and business preferences but not lead contact details.

ResendUSA (SCCs in place)

Transactional email delivery (if configured).

Vercel / ReplitUSA / EEA

Application hosting and deployment infrastructure.

We may also disclose your data where required by law, court order, or regulation, or to protect the rights, property, or safety of Silk Growth, our users, or others.

6. Data Retention

We retain your personal data for the following periods:

Data typeRetention period
Account and profile dataDuration of account + 30 days after deletion request
Lead and pipeline dataDuration of account + 30 days after deletion request
Billing records7 years (UK legal requirement)
Integration credentialsUntil you disconnect the integration or delete your account
AI usage logs12 months rolling
Server and access logs90 days
Support communications3 years after last contact
Newsletter subscriptionUntil you unsubscribe

7. Your Rights Under GDPR

If you are located in the UK or European Economic Area, you have the following rights under data protection law. To exercise any of these rights, contact us at info@silkgrowth.com. We will respond within 30 days.

Right of access

You have the right to request a copy of the personal data we hold about you and information about how we process it.

Right to rectification

You have the right to ask us to correct inaccurate or incomplete personal data we hold about you.

Right to erasure ('right to be forgotten')

You have the right to request deletion of your personal data where there is no compelling reason for us to continue processing it.

Right to restriction

You have the right to request that we restrict the processing of your personal data in certain circumstances.

Right to data portability

You have the right to receive personal data you have provided to us in a structured, commonly used, machine-readable format, and to transmit that data to another controller.

Right to object

You have the right to object to processing of your personal data where we rely on legitimate interests as our legal basis.

Right to withdraw consent

Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing before withdrawal.

Right to lodge a complaint

You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, or your local supervisory authority in the EU.

8. International Transfers

Some of our third-party service providers (including Stripe, OpenAI, and Resend) are based in the United States. Where we transfer personal data outside the UK or EEA, we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK ICO or European Commission, or equivalent mechanisms.

9. Cookies

Silk Growth uses a small number of cookies and browser storage mechanisms to make the Service function correctly. We do not use advertising or cross-site tracking cookies.

Name / KeyPurposeDuration
silk_tokenAuthentication bearer token (localStorage)30 days
silk_themeDark/light mode preference (localStorage)Persistent
silk_currencyCurrency preference (localStorage)Persistent
silk_langLanguage preference (localStorage)Persistent
silk_cookie_consentRecords your cookie consent choice (localStorage)1 year

All storage listed above is functional and strictly necessary for the Service to operate. No third-party tracking or advertising cookies are set. You can clear all of the above at any time via your browser's "Clear site data" function.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include:

  • HTTPS (TLS 1.2+) for all data in transit.
  • AES-256 encryption for all integration credentials at rest.
  • Bcrypt hashing (cost factor 12) for all passwords — we never store plain-text passwords.
  • Token-based authentication with 30-day expiry and server-side revocation on logout.
  • Row-level data isolation: every data query is scoped to your user ID.
  • Access to production systems is restricted to authorised personnel only.

Despite our efforts, no system is 100% secure. If you discover a security vulnerability, please report it responsibly to info@silkgrowth.com.

11. Children's Privacy

The Service is not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, where the changes are material, notify you by email or in-app notice at least 14 days before they take effect.

Your continued use of the Service after the effective date of any change constitutes your acceptance of the updated policy.

13. How to Contact Us or Make a Complaint

To exercise your rights, ask questions about this policy, or raise a concern, please contact us:

Silk Growth Ltd — Data Privacy

Company number: 17316780 (England and Wales)

Registered office: 86-90 Paul Street, London, EC2A 4NE

Email: info@silkgrowth.com

Response time: Within 30 days

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113