AutoGrow Privacy Notice
Last updated: 2026-07-12 Version: 1.0.0
> Status: DRAFT — requires founder and legal-counsel review before publication. > This notice was drafted to describe accurately what the Software actually does. > Passages marked [FOUNDER DECISION: …] name a fact that only the founder can > supply or a commitment the code cannot yet keep; every one must be resolved > before this notice is shown to customers.
This Privacy Notice explains how CipherPlayLabs ("we", "us", "our") handles personal data in connection with AutoGrow (the "Software"). It supplements, and should be read together with, the [AutoGrow Terms of Service](/tos). Terms defined there have the same meaning here.
If you only read one thing: the Software runs on your own computer and keeps most data there. A copy of your account data is synchronized to our servers so it works across your devices. Separately, unless you opt out, the Software contributes copies of the professional profiles it scans to a shared pool we operate — and for that pool we are the data controller, not merely your processor.
1. Who we are and the two roles we play
CipherPlayLabs operates the Software and the servers it syncs to.
[FOUNDER DECISION: CipherPlayLabs' full legal entity name, registered address, and jurisdiction of incorporation. A data controller must be identifiable to the individuals it holds data about; a trading name alone is not enough for GDPR/UK GDPR.]
Our role depends on which data is involved:
- As your processor. For the personal data held in your own synchronized
account — including data about third parties that the Software collects on your instructions — you are the controller and we act as your processor. We process that data to operate the Software for you and for no independent purpose of our own.
- As a controller. For the shared profile pool (Section 6), we are the
controller. We decide why and how that pooled copy is used and we are answerable to the individuals it describes. This is the one deliberate carve-out from our processor-only role, and it exists whether or not you have a contract-processor relationship with us.
2. Personal data we hold about you (the customer)
To operate your account we hold:
- Account and billing data: your email address, subscription tier and status,
and payment status. (Card details are handled by our payment processor; we do not store full card numbers.)
- Usage and telemetry: application version and platform, feature and
automation usage events (which actions ran, when, their duration, and success or failure), AI model usage metrics (model identifiers, token counts, and computed cost), and error, retry, and deviation reports. Telemetry describes how the Software behaved; it is not a feed of your third-party content.
- Your configuration: your persona, target-audience profiles, message
templates, goals, settings, and any documents you upload (see Section 3).
- Support and diagnostics: anything you send us in a support request or an
in-app bug report. Bug reports may include recent logs, the current chat conversation, recently invoked actions and their results, profile data scraped during the failing session, and a screenshot of the failing page. Session cookies, authentication tokens, API keys, and similar secrets are redacted before transmission. You can reduce bug reports to a key-only summary in Settings.
Your third-party login session stays on your device. The session the Software establishes with a third-party service (such as LinkedIn), including its session cookies, is stored only on the device where you signed in. It is not included in cloud sync and is never transmitted to our servers.
3. The cloud-sync copy
So that your account works across your devices, the Software continuously and automatically synchronizes a copy of your local database and your configuration file to our servers. This is part of normal operation and is not something you separately enable.
- The connection is encrypted in transit (TLS) and the data is stored under
access controls.
- It is not additionally encrypted with a key held only by you, which means
we are technically capable of reading it. We access your synchronized data only as needed to operate the service, to resolve a support request you have raised, to provide managed setup or assistance you have requested, or to comply with law.
- The synchronized database contains personal data about third parties (see
Section 5).
Managed setup and assistance. If you request setup help, tuning, or a managed ("done-for-you") service, our staff may view and modify your configuration and may queue tasks that your installation will execute on your device. Staff access is authenticated to a named individual and every change is recorded in an audit log. You can end this at any time by asking us to stop.
4. Documents you upload
You may upload files (such as past outreach, writing samples, or audience research) for the Software and its AI features to reference. These are stored locally and synchronized to our servers as described in Section 3. Do not upload material you are not permitted to store or disclose, including another party's confidential information.
5. Personal data about third parties (in your account)
The database the Software synchronizes contains personal data about people other than you — people whose profiles or posts the Software encounters, or whom you import. This can include names, profile URLs, headlines, job titles, employers, locations, the text of public posts and notifications, AI-generated notes and scores about them, records of your interactions with them, and the full contents of any contact list, CRM export, or similar file you upload.
For this data held in your own account, you are the controller and we are your processor. You are responsible for having a lawful basis to collect and use it, for giving any notice and obtaining any consent the law requires, and for responding to any request such a person makes to access, correct, or delete their data. We will assist you as reasonably required by law. We do not use this in-account copy for any purpose of our own, and we do not sell it.
The one exception is any copy of this data that is contributed to the shared profile pool, which is governed by Section 6.
6. The shared profile pool
What it is. The Software maintains a shared, cross-customer pool of professional-profile information, operated by us. It holds one record per person, so that the same public professional profile does not have to be re-scanned separately for every customer who needs it. For this pool we are the controller.
How data gets into it. When the Software scans a person's professional profile while operating for you, it also contributes a copy of that profile to the pool — unless you have turned contribution off in Settings. Contribution is a by-product of scans the Software performs for you; the Software does not scrape profiles on its own initiative solely to fill the pool.
What is contributed. A copy of the professional-profile information captured about the person — for example, their name, profile URL, headline, job title, employer, location, and the structured contents of their public profile.
What is not contributed — anonymity as to you. The pool is keyed on the person, not on you. We do not record which customer contributed, viewed, or is interested in any person; the pool stores only a count of how many contributions a record has received, with no identity attached. Because there is no link back to you, a contribution cannot afterwards be attributed to, or withdrawn on behalf of, a particular customer.
Please note: "anonymous as to you" does not mean the pooled record is anonymous data. A professional profile is personal data about the person it describes, and our obligations to that individual apply in full.
How the pool is used today. Pooled data is used to operate and improve the Software. Today it is accessible only to our authorized staff; it is not made available to other customers, and no customer can read another customer's pooled research through the Software.
How the pool may be used in the future. We may make pooled data available to other customers of the Software — for example, so that a profile one customer has already researched does not have to be re-scanned for another. If we do, we will not do so in a way that identifies you as its source. We will update this notice before changing how pooled data is shared.
Opting out. Contribution is on by default but optional. You can turn it off at any time in Settings. When it is off, the Software scans profiles only into your own account and contributes nothing further to the pool, and no other feature is affected. Turning it off stops future contributions from your installation; it does not, by itself, locate or remove records previously contributed, because those records carry no link to you.
Lawful basis. [FOUNDER DECISION: the lawful basis relied on for the pool (most likely legitimate interests under GDPR/UK GDPR Art. 6(1)(f)). If legitimate interests, a Legitimate Interests Assessment must be completed and retained, and this notice should summarize the balancing outcome and the individual's right to object. This is a controller obligation that falls on CipherPlayLabs, not on the contributing customer.]
7. AI sub-processors and how content reaches them
To draft messages and summaries and to analyze writing style, the Software sends content to third-party AI model providers. Message content analyzed for style-learning is processed transiently — held in memory, sent to the AI provider for analysis, and discarded when the analysis completes; only a non-verbatim description of your writing style is retained.
We rely on the following categories of sub-processor:
- AI model providers — to generate and analyze text.
[FOUNDER DECISION: the specific AI providers to name (e.g., Anthropic and/or others), and confirmation of the data-processing terms in place with each. The Software pins its models server-side, so the concrete list is a configuration fact the founder can supply.]
- Hosting and infrastructure — to run our servers and store the synchronized
and pooled data. [FOUNDER DECISION: the hosting provider(s) and region(s) to name.]
- Payment processing — to take subscription payments.
[FOUNDER DECISION: the payment processor to name (e.g., Stripe).]
[FOUNDER DECISION: whether we will publish and maintain a public sub-processor list, and whether customers are notified before a new sub-processor is added.]
8. International transfers
Depending on where our sub-processors operate, your data and pooled data may be processed in countries other than your own, including the United States.
[FOUNDER DECISION: the transfer mechanism relied on for transfers out of the EEA/UK (e.g., Standard Contractual Clauses / UK Addendum / an adequacy decision), and whether an EU/UK Article 27 representative has been appointed. Required if the Software is offered to EEA/UK customers or holds data about EEA/UK individuals.]
9. Retention
- Account and billing data: retained for the life of your account and as
required for tax, accounting, and legal purposes afterward. [FOUNDER DECISION: the post-closure retention period for billing records.]
- Synchronized account data: retained while your account is active.
[FOUNDER DECISION: what happens to the synchronized copy after you delete your account or stop using the Software — how long it is kept and when it is purged.]
- Telemetry: retained only as long as needed for billing, abuse prevention,
reliability, and product improvement. [FOUNDER DECISION: a concrete telemetry retention period, so "as long as needed" is bounded.]
- Pooled profile records: retained while the pool is operated.
[FOUNDER DECISION: the pool's retention/expiry policy. The schema includes a retention-sweep mechanism, but no concrete maximum age is currently configured; a controller should state one.]
10. Security
We protect data in transit with TLS and store it under access controls. Staff access to your synchronized configuration is authenticated to a named individual and logged. No system is perfectly secure; we cannot guarantee absolute security, and you use the Software on that understanding (see the Terms of Service).
11. Your rights
Depending on where you live, you may have rights to access, correct, delete, export, restrict, or object to the processing of your personal data, and to withdraw consent where processing relies on it. These rights apply differently depending on which data and which of our two roles is involved:
- Data in your own account (we are your processor): you control this data
directly in the Software. You can edit or delete most of it yourself, and you can close your account. For a third party's request about data in your account, you are the controller and respond to them directly; we assist you as the law requires.
- Pooled data (we are the controller): an individual whose profile is in the
pool — or you, about your own customer data — may ask us to provide access to, or delete, the information we hold. We handle these requests as controller.
How to exercise your rights. Contact us at the address in Section 13.
[FOUNDER DECISION: the dedicated privacy / data-subject-request contact address (e.g., [email protected]), and the target response time (GDPR expects one month). The Terms of Service currently list only [email protected].]
12. Deletion, and an honest limit on it
If you ask us to delete personal data we hold about you as a processor (your synchronized account), we will delete it, subject to any data we must keep for legal or accounting reasons.
For the shared profile pool, we can and do remove a person's record on request. You should understand one limitation before we promise more than we can deliver:
A profile in the pool is a copy of information that is still public at its source. When we delete a person's pooled record, that removes our stored copy — but it does not prevent the same public profile from being scanned again later by the Software (on any customer's device) and re-contributed to the pool. In other words, deletion is effective at the moment it is performed, but it is not, on its own, permanent suppression.
[FOUNDER DECISION: whether to implement a suppression list (a "tombstone" that records a deleted person_key and blocks future re-contribution), and whether this notice may promise durable erasure. As currently built, deletion is a plain removal with no suppression, so a subsequent re-scan will resurrect a purged person. Do not promise permanent deletion in this notice until suppression exists; until then this section must describe deletion as effective-but- re-collectable, as written above.]
13. Contact
Questions about this notice, or requests concerning your personal data or a person in the pool, can be sent to:
CipherPlayLabs — [email protected]
[FOUNDER DECISION: whether privacy requests should route to a dedicated address rather than the general contact address, and the postal address for the controller (see Section 1).]
14. Changes to this notice
We may update this Privacy Notice from time to time. When we make a material change — including any change to how pooled data is shared — we will update the version number and the "Last updated" date above and, where appropriate, notify you in-product or by email.