Privacy Policy

Introduction

Welcome to KeyGrow.co, operated by KeyGrow LLC, a registered company in Wyoming, USA. We value your privacy and are committed to protecting your personal information. This Privacy Policy outlines how we collect, use, and safeguard your information.

Who We Are: Our website address is: https://keygrow.co

Information We Collect

Lead & Inquiry Information

• Email address
• Phone number
• Company name
• Website URL (when submitting an audit request)

Collected through our lead forms and free audit requests, used to respond to your inquiry and follow up about our services.

Subscription & Onboarding Data

For paying clients, we additionally collect through our checkout, onboarding form, and ongoing communication:

• Business name, website URL, industry / niche, locations served
• Service goals, target keywords, AI/AEO prompts you want to rank for
• Competitor URLs and prior SEO history
• Customer demographics, ideal-customer descriptions, and any context you choose to share
• Billing name, billing email, billing address, and country (collected by Stripe for tax and payment processing)
• Optional: CMS login credentials, hosting access, or invitations to platforms (Google Business Profile, Search Console, GA4) when you elect to share them

We do not store your full credit-card number, CVV, or expiration date on our servers. All card data is collected directly by Stripe inside their PCI-DSS Level 1 compliant infrastructure. We only see a tokenized payment-method reference, the last 4 digits of the card, and the card brand.

User Experience & Analytics Data

We use the following analytics and session-recording tools to understand how visitors interact with our website:

• Google Analytics 4 — aggregated traffic and conversion data
• Google Ads — conversion tracking and Enhanced Conversions (hashed email/name/phone matched against Google ad-click records)
• Microsoft Clarity — anonymized session recordings and heatmaps to improve UX

This data is used to optimize the site experience, measure ad effectiveness, and prevent abuse. It is not used to identify individuals beyond what is necessary for the analytics function itself.

Cookies

We use cookies and similar technologies to support core site functions and analytics:

• Analytics cookies (_ga, _gid) — set by Google Analytics
• Google Ads attribution cookies (_gcl_aw, _gcl_gb, _gcl_wb) — set by Google when you click an ad, used to attribute later conversions back to that click
• Functional cookies — e.g., kg_audit_popup_shown and kg_audit_submitted, which prevent us from re-showing the audit popup if you have already seen or used it
• Session cookies — temporary cookies set during your visit and discarded when you close your browser

You may disable cookies in your browser settings; some site features may not work correctly without them.

Credentials Handling & Cybersecurity

To deliver Local SEO and AEO work, we may need access to your CMS, hosting, Google Business Profile, Google Search Console, GA4, or other platforms. When you share login credentials or platform access with us:

• Credentials are stored only in encrypted password managers, accessible only to assigned team members.
• We do not store credentials in plain text, in email, in chat, in spreadsheets, or in any unencrypted location.
• Access to your accounts is logged internally and reviewed periodically.
• We never use shared credentials beyond the agreed scope of services.
• Upon written request at the end of an engagement, we revoke our access and confirm credential rotation.

You remain responsible for the security of your own accounts. We strongly recommend that you use strong unique passwords, enable two-factor authentication (2FA) on every account where it is supported, keep your CMS and plugins patched, avoid reusing passwords across vendors, and rotate credentials when an engagement ends. KeyGrow is not liable for security incidents arising from client-side failures — full details in Section 9 of our Terms of Service.

Embedded Content from Other Websites

Articles on this site may include embedded content (videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if you visited the other website directly. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction if you have an account and are logged in to that website.

How We Use Your Information

• Service delivery: producing the deliverables you paid for, accessing platforms you have authorized, and communicating with you about your account.
• Billing & invoicing: processing recurring subscription payments and sending receipts via Stripe.
• Customer support: responding to your questions, resolving issues, and improving our service.
• Analytics & advertising: measuring how the site performs, attributing conversions to ad clicks, and improving the user experience.
• Marketing communication: following up on inquiries, sending nurture emails (if you requested an audit), or notifying you about service updates. You can unsubscribe at any time.
• Legal compliance: meeting our obligations under tax, accounting, and chargeback-defense rules.

Consent to SMS Messaging

By providing your phone number through our lead forms, you consent to receive SMS messages from us for the purposes outlined below:

Purpose of SMS Messaging

To provide updates, promotional information, and follow-ups on inquiries.

Terms of SMS Messaging

• Pricing: Standard messaging rates may apply.
• STOP/HELP Instructions: You can opt-out at any time by replying STOP to any message. For assistance, reply HELP.
• Message Frequency: You may receive a varying number of messages depending on your interaction with our services.

Third-Party Processors

We use the following service providers to deliver the Services. Each receives only the data necessary for its function and is bound by their own privacy and data-protection terms.

• Stripe — payment processing, subscription billing, abandoned-cart recovery, and dunning. Privacy policy.
• Resend — transactional email delivery (welcome email, onboarding confirmation, audit request, nurture sequence). Privacy policy.
• Google Analytics 4 & Google Ads — site analytics and conversion tracking. Privacy policy.
• Microsoft Clarity — anonymized session recording and heatmaps. Privacy policy.
• Firebase / Google Cloud — secure storage for nurture-sequence lead records and onboarding submissions. Privacy policy.
• Zapier — internal team Slack notifications when a new audit is requested or onboarding form is submitted. Privacy policy.

We do not sell or share your personal information with any third party for their own marketing purposes. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All other categories exclude text-messaging originator opt-in data and consent; this information will not be shared with any third parties.

Data Security

We employ industry-standard security measures to protect data from unauthorized access, alteration, or disclosure: TLS encryption in transit, encrypted storage at rest, role-based access for our team, and encrypted password managers for any client credentials we handle. Card data is processed entirely inside Stripe's PCI-DSS Level 1 compliant infrastructure and never touches our own servers in raw form.

Data Processing Agreement (DPA)

For clients subject to the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), or similar data-protection laws, KeyGrow LLC will execute a written Data Processing Agreement on request, free of charge.

The DPA aligns with this Privacy Policy and covers:

• The data we process on the client's behalf and for what purposes.
• Sub-processors used to deliver the Services (Stripe, Resend, Google Cloud / Firebase, Microsoft, etc., as listed above under Third-Party Processors).
• Standard Contractual Clauses (SCCs) for international data transfers, where applicable.
• Security measures, breach-notification obligations, and audit rights.
• Termination and data-return / data-deletion procedures.

To request a DPA, email info@keygrow.co with your company name, billing entity, and the regulatory framework you need the DPA to cover.

How Long We Retain Your Data

• Lead inquiries & audit requests: retained as long as necessary to follow up and complete the requested service. Typically purged after 24 months of inactivity.
• Active subscription data: retained for the duration of the subscription plus any period required for accounting, tax, and chargeback-defense purposes (typically 7 years).
• Stripe records: retained per Stripe's own retention policy.
• Client credentials: rotated or deleted upon written request at the end of an engagement.

Your Rights Over Your Data

Subject to applicable law, you have the right to:

• Access: request a copy of the personal data we hold about you.
• Correction: request that we correct inaccurate data.
• Deletion: request that we erase personal data we hold (subject to data we are obliged to retain for legal, accounting, or chargeback-defense purposes).
• Portability: receive an exported file of your data in a common format.
• Opt out: unsubscribe from marketing emails at any time using the unsubscribe link, or by emailing sales@keygrow.co.

To exercise any of these rights, contact info@keygrow.co. We respond to verified requests within 30 days.

Where Your Data Is Sent

Your data is processed primarily in the United States by KeyGrow LLC and our third-party processors. Some processors (Google, Microsoft, Stripe) may transfer data internationally as part of their global infrastructure, subject to their own legal frameworks for cross-border transfers (e.g., Standard Contractual Clauses).

Updates to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to subscribers via email at least 14 days before they take effect. Any changes will be posted on this page and the effective date updated accordingly.