Growth Labs

Data Processing Addendum

Last updated: May 30, 2026

This Data Processing Addendum (“DPA”) describes how Growth Labs (“Growth Labs,” “we”) processes personal data on behalf of its business customers (“Customer,” “you”) in connection with the Growth Labs client hub. It forms part of, and is governed by, our Terms of Service.

Note: This page summarises our standard data processing terms. If your organisation requires a countersigned DPA (for example to meet GDPR Article 28 obligations), contact privacy@trygrowthlabs.io and we will provide an executable copy.

1. Roles

For personal data you provide or that is processed on your behalf through the Service, you act as the data controller and Growth Labs acts as a data processor. Growth Labs processes such data only on your documented instructions, which include using the Service as intended and delivering the agreed services.

2. Scope of processing

  • Subject matter: provision of the Growth Labs client hub and related marketing services.
  • Duration: for the term of your agreement, plus any limited retention required by law.
  • Nature and purpose: hosting, storing, organising, and displaying your business data to deliver the Service.
  • Categories of data: account and contact details, business and marketing materials you provide, and content created for you.
  • Data subjects: your authorised users and the individuals referenced in the materials you provide.

3. Our obligations

  • Process personal data only on your documented instructions.
  • Ensure personnel authorised to process the data are bound by confidentiality.
  • Implement appropriate technical and organisational security measures (see our Privacy Policy for our security posture).
  • Assist you, taking into account the nature of processing, with data-subject requests and security/breach obligations.
  • Delete or return personal data at the end of the engagement, subject to legal retention requirements.
  • Make available information reasonably necessary to demonstrate compliance.

4. Subprocessors

You authorise Growth Labs to engage the subprocessors listed on our Subprocessors page to process personal data. Each subprocessor is bound by data-protection obligations consistent with this DPA. We remain responsible for their performance.

5. International transfers

Where personal data is transferred across borders, we rely on appropriate safeguards (such as our providers’ Standard Contractual Clauses) as described in our Privacy Policy.

6. Security incidents

We will notify you without undue delay after becoming aware of a personal-data breach affecting your data, and provide information reasonably available to help you meet your notification obligations.

7. Contact

To request a signed copy of this DPA or to discuss your data-protection requirements, contact privacy@trygrowthlabs.io.