Privacy Policy
Last updated: 26 June 2026
Silk Growth is committed to protecting your personal data. This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and what rights you have under the UK GDPR and the EU General Data Protection Regulation (GDPR). Please read it carefully.
1. Who We Are (Data Controller)
Silk Growth Ltd ("we", "us", or "our") is the data controller responsible for your personal data. Silk Growth Ltd is a company registered in England and Wales (company number 17316780), with its registered office at 86-90 Paul Street, London, EC2A 4NE. We operate the Silk Growth platform at silkgrowth.com.
Contact details
Company number: 17316780 (England and Wales)
Registered office: 86-90 Paul Street, London, EC2A 4NE
Email: info@silkgrowth.com
Website: silkgrowth.com
2. Data We Collect
We collect the following categories of personal data:
Account information
Name, email address, and password (stored as a one-way hash using bcrypt). Collected at registration.
Subscription and billing data
Plan type, trial start/end dates, and billing history. Payment card details are processed directly by Stripe and are never stored on our servers.
Usage data
Features you use, pages you visit within the app, actions taken (e.g. leads added, scripts generated), and usage counters (AI generations per month). Used to provide the Service and enforce plan limits.
Lead and pipeline data
Names, contact details, and outreach notes you enter about your business contacts (your leads). You are the data controller for this data; we process it on your behalf as a data processor.
Integration credentials
API keys, App Passwords, and tokens you provide when connecting Gmail, Outlook, Shopify, Twilio, Resend, WhatsApp, Google Calendar, Zapier, or Calendly. These are encrypted at rest using AES-256 and used solely to provide the integration functionality you configure.
Communications
Messages you send us via our contact form or email, including any support enquiries.
Technical data
IP address, browser type, device type, and server logs. Retained for up to 90 days for security and debugging purposes.
Cookie data
Session identifiers and preference cookies. See Section 9 (Cookies) for full details.
3. Legal Basis for Processing (GDPR Article 6)
We process your personal data on the following legal bases:
4. How We Use Your Data
We use your personal data to:
- Create and manage your account and provide access to the Service.
- Process your Subscription and manage billing via Stripe.
- Deliver AI-generated content (scripts, hooks, strategies) using your niche and preferences.
- Sync and display data from connected integrations (email, CRM, SMS, calendar).
- Send transactional emails (registration confirmation, trial expiry notice, billing receipts).
- Send product updates and outreach guides where you have opted in.
- Enforce plan limits (lead count, AI generation quotas).
- Detect, investigate, and prevent fraudulent or unlawful activity.
- Improve and develop the Service based on aggregate, anonymised usage analytics.
- Comply with legal obligations.
We do not use your data to train AI models. We do not sell, rent, or trade your personal data to any third party for marketing purposes.
5. Data Sharing and Third Parties
We do not sell your personal data. We share it only with trusted third-party service providers who process it on our behalf under appropriate data processing agreements:
Payment processing and subscription management.
Database hosting for all Service data.
AI generation of scripts, hooks, and strategies. Prompts include your niche and business preferences but not lead contact details.
Transactional email delivery (if configured).
Application hosting and deployment infrastructure.
We may also disclose your data where required by law, court order, or regulation, or to protect the rights, property, or safety of Silk Growth, our users, or others.
6. Data Retention
We retain your personal data for the following periods:
| Data type | Retention period |
|---|---|
| Account and profile data | Duration of account + 30 days after deletion request |
| Lead and pipeline data | Duration of account + 30 days after deletion request |
| Billing records | 7 years (UK legal requirement) |
| Integration credentials | Until you disconnect the integration or delete your account |
| AI usage logs | 12 months rolling |
| Server and access logs | 90 days |
| Support communications | 3 years after last contact |
| Newsletter subscription | Until you unsubscribe |
7. Your Rights Under GDPR
If you are located in the UK or European Economic Area, you have the following rights under data protection law. To exercise any of these rights, contact us at info@silkgrowth.com. We will respond within 30 days.
Right of access
You have the right to request a copy of the personal data we hold about you and information about how we process it.
Right to rectification
You have the right to ask us to correct inaccurate or incomplete personal data we hold about you.
Right to erasure ('right to be forgotten')
You have the right to request deletion of your personal data where there is no compelling reason for us to continue processing it.
Right to restriction
You have the right to request that we restrict the processing of your personal data in certain circumstances.
Right to data portability
You have the right to receive personal data you have provided to us in a structured, commonly used, machine-readable format, and to transmit that data to another controller.
Right to object
You have the right to object to processing of your personal data where we rely on legitimate interests as our legal basis.
Right to withdraw consent
Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing before withdrawal.
Right to lodge a complaint
You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk, or your local supervisory authority in the EU.
8. International Transfers
Some of our third-party service providers (including Stripe, OpenAI, and Resend) are based in the United States. Where we transfer personal data outside the UK or EEA, we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK ICO or European Commission, or equivalent mechanisms.
9. Cookies
Silk Growth uses a small number of cookies and browser storage mechanisms to make the Service function correctly. We do not use advertising or cross-site tracking cookies.
| Name / Key | Purpose | Duration |
|---|---|---|
| silk_token | Authentication bearer token (localStorage) | 30 days |
| silk_theme | Dark/light mode preference (localStorage) | Persistent |
| silk_currency | Currency preference (localStorage) | Persistent |
| silk_lang | Language preference (localStorage) | Persistent |
| silk_cookie_consent | Records your cookie consent choice (localStorage) | 1 year |
All storage listed above is functional and strictly necessary for the Service to operate. No third-party tracking or advertising cookies are set. You can clear all of the above at any time via your browser's "Clear site data" function.
10. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include:
- HTTPS (TLS 1.2+) for all data in transit.
- AES-256 encryption for all integration credentials at rest.
- Bcrypt hashing (cost factor 12) for all passwords — we never store plain-text passwords.
- Token-based authentication with 30-day expiry and server-side revocation on logout.
- Row-level data isolation: every data query is scoped to your user ID.
- Access to production systems is restricted to authorised personnel only.
Despite our efforts, no system is 100% secure. If you discover a security vulnerability, please report it responsibly to info@silkgrowth.com.
11. Children's Privacy
The Service is not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, where the changes are material, notify you by email or in-app notice at least 14 days before they take effect.
Your continued use of the Service after the effective date of any change constitutes your acceptance of the updated policy.
13. How to Contact Us or Make a Complaint
To exercise your rights, ask questions about this policy, or raise a concern, please contact us:
Silk Growth Ltd — Data Privacy
Company number: 17316780 (England and Wales)
Registered office: 86-90 Paul Street, London, EC2A 4NE
Email: info@silkgrowth.com
Response time: Within 30 days
If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):