Privacy Policy

Last Updated: 15 November 2025

Privacy Policy Summary

We take your privacy seriously. This policy explains how Handshake collects, uses, and protects personal data when you use our AI-powered outreach automation platform. Key points:

  • We process prospect data on behalf of our clients to deliver qualified meetings
  • We use AI and psychometric profiling to personalise outreach messaging
  • We integrate with LinkedIn and email platforms to automate communications
  • We implement strong security measures and only retain data as long as necessary
  • You have rights to access, correct, and delete your personal data
  • We comply with UAE data protection laws, GDPR, and international standards

1. Introduction

Grow Digital Services DMCC ("we", "us", "our", or "Handshake") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you:

  • Use our website and platform
  • Engage our services as a client or partner
  • Interact with outreach communications sent through our platform
  • Contact us for support or enquiries

Company Details:

Grow Digital Services DMCC

Dubai, United Arab Emirates

Email: contact@grow.ae

Website: www.grow.ae

This Privacy Policy should be read in conjunction with our Terms and Conditions.

2. Information We Collect

2.1 Information You Provide Directly

When you use our services, we collect information that you provide directly to us, including:

Account Information:

  • Name, email address, phone number
  • Company name and job title
  • Billing and payment information
  • LinkedIn profile and credentials
  • Email account credentials or API access tokens

Campaign Information:

  • Target audience criteria and preferences
  • Messaging templates and content
  • Campaign objectives and parameters
  • Meeting qualification criteria

Communication Data:

  • Messages sent to and from prospects via our platform
  • Support enquiries and correspondence
  • Feedback and survey responses

2.2 Prospect Data (Processed on Your Behalf)

When you use our platform to conduct outreach, we process personal data about your prospects, including:

  • Name, job title, company, industry
  • LinkedIn profile information (publicly available data)
  • Business email addresses
  • Professional background and experience
  • Engagement history (messages opened, clicked, replied to)
  • Meeting scheduling information
  • Psychometric profile indicators derived from publicly available professional information

Important: For prospect data, we act as a data processor on behalf of our clients (data controllers). Our clients are responsible for ensuring they have a lawful basis for collecting and processing this data.

2.3 Automatically Collected Information

We automatically collect certain information when you access our platform:

  • IP address and location data
  • Device and browser information
  • Usage data (features used, pages viewed, time spent)
  • Log files and technical data
  • Cookies and similar tracking technologies

2.4 Data from Third-Party Platforms

We receive data from integrated platforms such as:

  • LinkedIn: Profile data, connection information, messaging activity
  • Email Providers: Email sending/receiving data, delivery status, engagement metrics
  • Calendar Systems: Meeting availability and scheduling data

3. How We Use Your Information

3.1 Service Delivery

We use your information to:

  • Provide, maintain, and improve our AI-powered outreach platform
  • Generate and send personalised outreach messages
  • Conduct psychometric profiling for message optimisation
  • Manage prospect conversations and responses
  • Schedule and qualify meetings
  • Process payments and manage billing
  • Provide customer support and technical assistance

3.2 AI and Machine Learning

We use artificial intelligence and machine learning to:

  • Analyse publicly available professional data to create psychometric profiles
  • Generate personalised messaging based on prospect characteristics
  • Optimise message timing and sequence
  • Evaluate conversation quality and routing decisions
  • Improve response rates and meeting qualification accuracy
  • Train and refine our AI models (using anonymised and aggregated data)

3.3 Platform Improvement and Analytics

We use information to:

  • Monitor platform performance and identify technical issues
  • Analyse usage patterns to improve features
  • Conduct research and development
  • Generate anonymised statistics and insights

3.4 Communication

We may use your contact information to:

  • Send transactional messages (account updates, campaign notifications)
  • Provide customer support responses
  • Send service announcements and updates
  • Share marketing communications (with your consent, where required)

3.5 Legal and Security Purposes

We process data to:

  • Comply with legal obligations
  • Protect our rights and enforce our Terms and Conditions
  • Prevent fraud, abuse, and security threats
  • Respond to lawful requests from authorities

4. Legal Basis for Processing

We process personal data based on the following legal grounds:

Processing PurposeLegal Basis
Service delivery to clientsContractual necessity
Payment processingContractual necessity
Prospect outreach (on client's behalf)Legitimate interests / Client's lawful basis
Platform improvement and analyticsLegitimate interests
Marketing communicationsConsent (where required) / Legitimate interests
Security and fraud preventionLegitimate interests
Legal complianceLegal obligation

5. How We Share Your Information

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

5.2 Service Providers

We share information with trusted third-party service providers who assist us in operating our platform, including:

  • Cloud hosting providers (data storage and processing)
  • Payment processors
  • Email delivery services
  • Analytics providers
  • Customer support tools
  • AI and machine learning infrastructure providers

These providers are contractually obligated to protect your data and use it only for specified purposes.

5.3 Third-Party Platforms

We integrate with and share data with platforms necessary for service delivery:

  • LinkedIn: To send messages and access profile data
  • Email Providers: To send and receive emails on your behalf
  • Calendar Systems: To schedule meetings

Your use of these platforms is also governed by their respective privacy policies and terms of service.

5.4 Business Partners

If you are an End User of one of our Partners (agencies using our white-label services), we share your data with that Partner as necessary to deliver services.

5.5 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders)
  • Law enforcement requests
  • Protection of our rights, property, or safety
  • Emergency situations involving danger to persons

5.6 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have.

6. International Data Transfers

We are based in the United Arab Emirates, but our services are used globally. Your data may be transferred to, stored in, and processed in countries other than your own, including:

  • United Arab Emirates
  • European Union
  • United States
  • Other countries where our service providers operate

When we transfer data internationally, we implement appropriate safeguards, including:

  • Standard contractual clauses approved by relevant data protection authorities
  • Adequacy decisions recognising equivalent data protection standards
  • Other lawful transfer mechanisms as appropriate

GDPR Compliance: For European Economic Area (EEA) residents, we comply with GDPR requirements for international data transfers and ensure appropriate safeguards are in place.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations.

7.1 Retention Periods

Data TypeRetention Period
Account informationDuration of account + 2 years
Campaign and messaging dataDuration of campaign + 1 year
Prospect conversation historyDuration of active outreach + 6 months
Financial and billing records7 years (legal requirement)
Support communications3 years after closure
Analytics and aggregated dataIndefinitely (anonymised)

7.2 Deletion Upon Request

You may request deletion of your data at any time, subject to our legal obligations to retain certain records. Upon account termination, we will delete or anonymise your data in accordance with these retention periods unless longer retention is required by law.

8. Data Security

We implement comprehensive security measures to protect your data against unauthorised access, alteration, disclosure, or destruction:

8.1 Technical Security

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure database storage with access controls
  • Regular security audits and vulnerability assessments
  • Network security monitoring and intrusion detection
  • Secure API authentication and authorisation

8.2 Organisational Security

  • Limited access to personal data (need-to-know basis)
  • Employee confidentiality agreements
  • Regular security training for staff
  • Incident response and breach notification procedures

8.3 Third-Party Security

  • Due diligence on service providers' security practices
  • Contractual security obligations for processors
  • Regular review of third-party compliance

Important: While we implement robust security measures, no system is completely secure. You are responsible for maintaining the security of your account credentials and should notify us immediately of any suspected unauthorised access.

9. Your Rights and Choices

9.1 Access and Portability

You have the right to:

  • Access your personal data we hold
  • Request a copy of your data in a portable format
  • Obtain information about how we process your data

9.2 Correction and Updating

You can:

  • Update your account information at any time through your account settings
  • Request correction of inaccurate or incomplete data

9.3 Deletion and Erasure

You have the right to request deletion of your data, subject to:

  • Completion of any active campaigns or contractual obligations
  • Legal requirements to retain certain records
  • Legitimate business needs (e.g., fraud prevention, financial records)

9.4 Objection and Restriction

You can:

  • Object to processing based on legitimate interests
  • Request restriction of processing in certain circumstances
  • Opt out of marketing communications at any time

9.5 Withdrawal of Consent

Where processing is based on your consent, you may withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

9.6 Automated Decision-Making

Our platform uses AI to generate messages and evaluate conversations. You have the right to:

  • Be informed about automated decision-making
  • Request human intervention in significant decisions
  • Challenge decisions made solely by automated means

9.7 Complaints

If you have concerns about how we handle your data, you have the right to lodge a complaint with:

  • Our Data Protection Officer (contact details below)
  • The relevant data protection authority in your jurisdiction
  • For EEA residents: Your local supervisory authority

9.8 Exercising Your Rights

To exercise any of these rights, please contact us at: contact@grow.ae

We will respond to requests within one month (or as required by applicable law). We may need to verify your identity before fulfilling certain requests.

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

Our website and platform use cookies and similar tracking technologies:

Cookie TypePurposeDuration
Essential CookiesRequired for platform functionality, authentication, securitySession / Persistent
Analytics CookiesUsage statistics, performance monitoringUp to 2 years
Functional CookiesRemember preferences, settingsUp to 1 year
Marketing CookiesTrack effectiveness of campaigns (with consent)Up to 1 year

10.2 Managing Cookies

You can control cookies through:

  • Your browser settings (block or delete cookies)
  • Our cookie preference centre (where available)
  • Opt-out mechanisms for specific tracking technologies

Note: Blocking essential cookies may affect platform functionality.

10.3 Third-Party Tracking

We use third-party analytics services (e.g., Google Analytics) that may set their own cookies. These are governed by the respective third parties' privacy policies.

11. Children's Privacy

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

We will notify you of material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending email notification to registered users
  • Providing in-app notifications

Your continued use of our services after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Specific Jurisdictions

13.1 European Economic Area (EEA) and UK Residents

If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR, including:

  • Enhanced rights to access, rectification, and erasure
  • Right to data portability
  • Right to object to processing
  • Right to restrict processing
  • Rights related to automated decision-making
  • Right to lodge a complaint with your supervisory authority

13.2 California Residents

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt out of the sale of personal information
  • Right to deletion of personal information
  • Right to non-discrimination for exercising CCPA rights

Note: We do not sell personal information as defined by the CCPA.

13.3 UAE Residents

We comply with UAE data protection laws and regulations, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data.

14. Data Processing Roles

14.1 When We Are a Data Controller

We act as a data controller for:

  • Your account information
  • Billing and payment data
  • Website usage and analytics
  • Marketing communications

14.2 When We Are a Data Processor

We act as a data processor on behalf of our clients (data controllers) for:

  • Prospect contact information
  • Outreach campaign data
  • Message content and conversation history
  • Meeting scheduling information

When acting as a processor, our clients are responsible for:

  • Ensuring they have a lawful basis for processing
  • Obtaining necessary consents
  • Responding to data subject rights requests
  • Providing privacy notices to prospects

We process data on behalf of our clients in accordance with their instructions and our Data Processing Agreement.

15. Contact Information

15.1 General Enquiries

For questions about this Privacy Policy or our data practices:

Grow Digital Services DMCC

Dubai, United Arab Emirates

Email: contact@grow.ae

Website: www.grow.ae

15.2 Privacy and Data Protection Enquiries

For specific privacy concerns or to exercise your data rights:

Email: contact@grow.ae

Subject Line: "Privacy Request" or "Data Rights Request"

15.3 Data Protection Officer

If you have concerns about our data handling practices:

Data Protection Officer

Email: laura@grow.ae

Important Legal Notice

This Privacy Policy is provided as a comprehensive template and should be reviewed by qualified legal counsel before implementation. Privacy laws vary by jurisdiction and change frequently. This document should be tailored to your specific data processing activities and reviewed regularly to ensure ongoing compliance with applicable laws.

If you handle data from the EU/EEA, consider obtaining legal advice on GDPR compliance, including appointment of a Data Protection Officer if required.