Privacy Policy — Grownected

Last updated: 20 April 2026

I. Introduction

This Privacy Policy explains our approach to any personal data that we collect about you when you use the Grownected website (www.grownected.com, hereinafter the “Website”) and when you engage our services. The purpose of this document is to inform you about the collection, storage, use and disclosure of your personal data (“Personal Data”) and your rights in this regard. Please read this policy carefully before providing us with any Personal Data.

Ensuring the right to personal data protection is a fundamental commitment of Grownected. We devote our resources and make every effort to process your data in full compliance with Regulation (EU) 2016/679 (“GDPR”), as well as with the relevant legislation applicable in Romania. One of the key principles of this legal framework is transparency, and we want you to be fully informed, so we have prepared this document to show you how we collect, use, transfer and protect your personal data when you interact with us.

We reserve the right to periodically update and modify this Privacy Policy so that you always have access to and are aware of any changes to the way we process your personal data, as well as any other changes in the applicable legal requirements. In the event of any such change, we will display the updated version of this Privacy Policy on our Website, and therefore it is advisable to periodically check its contents.

II. Who we are

The data controller is IDACOS DIGITAL SRL, trading as “Grownected”, a Romanian legal entity with its registered office at sat Loloiasca nr. 217, comuna Tomșani, județul Prahova, postal code 107616, Romania, registered with the Trade Register under number J29/1676/2020, unique tax registration number RO43078011 (hereinafter referred to as “Grownected”, “we”, “us” or “our”).

Please use the following contact details for any questions regarding the protection of your Personal Data and for exercising your rights as a data subject:

  • Email: admin@grownected.com
  • Post / courier: sat Loloiasca nr. 217, comuna Tomșani, județul Prahova, postal code 107616, Romania — marked “for the attention of the Grownected Data Protection Officer”.

III. How we obtain your Personal Data

  • Generally, we collect personal data that comes directly from you, and thus you control and decide which pieces of information you are willing to share. For example, when you send us a message using the contact form, book a call via our scheduling tools, subscribe to our newsletter, or engage us for services.
  • We may also receive personal data from our clients when we act as a data processor on their behalf (for example, when building and operating automation workflows, CRM integrations, or custom software that handles their end-users’ data).
  • Information may also be collected automatically through cookies and similar technologies when you use our Website, as described in Section VI below.

Please note that this Website is not intended for the collection of Personal Data relating to persons who are underage.

IV. The processing of your personal data

1. If you are the representative or contact person of a client or prospective client of Grownected

Providing the services requested from us. We use your relevant Personal Data in order to prepare and provide the services requested from us — including AI agent development, workflow automation (n8n, GoHighLevel, and similar platforms), custom software development, consulting, integrations, and ongoing technical support. For instance, in drafting the relevant agreement or statement of work, we may have to rely on your Personal Data of relevance for your case. Categories of data processed: name, professional title, company, email, phone number, address, business information provided during scoping. Legal basis: our legitimate interest to promote our services, to ensure business communication with clients and prospects, and to ensure the adequate negotiation, execution and performance of agreements (Art. 6(1)(f) GDPR), as well as the necessity for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (Art. 6(1)(b) GDPR).

Communicating with you. We use your contact details in order to communicate with you with respect to your requests, project updates, support tickets, invoices, and any other relevant business-related matters. We also use internal Customer Relationship Management tools (CRMs), project management tools, and communication platforms (such as email, Slack, Google Workspace, ClickUp, or similar) to organise information about our clients and prospects. Categories of data processed: contact details (email, phone number), professional title, company, communication history. Legal basis: our legitimate interest to ensure optimal business communication and information management (Art. 6(1)(f) GDPR).

Compliance with legal obligations. We may process some of your data in the context of providing the services based on legal obligations imposed upon Grownected by the applicable legislation — in particular accounting, tax, and anti-money-laundering legislation. Categories of data processed: name, company, billing address, tax identification details, and other data required to issue and retain invoices and accounting records. Legal basis: compliance with a legal obligation (Art. 6(1)(c) GDPR).

2. If you contact us using the means provided on this Website

Receiving and responding to messages sent via our Website. We use your relevant Personal Data in order to communicate with you via email and other contact details you may provide to us for this purpose — whether through our contact form, a booking/scheduling tool, or by subscribing to receive content from us. Categories of data processed: name and email, and any other information you choose to include in your message (such as a description of your project, company size, budget range, and so on). Please provide a professional email address when prompted. Legal basis: our legitimate interest to ensure optimal business communication and information management (Art. 6(1)(f) GDPR); for newsletter subscriptions, your consent (Art. 6(1)(a) GDPR).

3. If you are the end-user of a client’s system that we build, operate, or maintain

Where Grownected builds or operates automation workflows, AI agents, CRM integrations, or custom software for a client, and you are an end-user, customer, lead, or contact of that client, Grownected acts as a data processor on behalf of the client, who is the data controller. In this case:

  • The purposes, categories of data, retention periods, and recipients of your personal data are determined by our client, not by Grownected.
  • For any request concerning the exercise of your rights as a data subject, please contact our client directly. If you are unsure who our client is, you may contact us using the details in Section XII and we will direct your request to them.
  • Grownected processes this data strictly according to the written instructions of the client, under a Data Processing Agreement concluded pursuant to Art. 28 GDPR.

4. If you are a supplier, subcontractor, or freelance collaborator

We process contact and contractual data of our suppliers and collaborators in order to manage the relationship, order services, process payments, and comply with legal obligations. Categories of data processed: name, contact details, professional title, company or sole-trader details, bank details (where applicable), tax identification data. Legal basis: performance of a contract (Art. 6(1)(b) GDPR), compliance with a legal obligation (Art. 6(1)(c) GDPR), and our legitimate interest in managing our supplier relationships (Art. 6(1)(f) GDPR).

5. If you are a job or internship applicant

If you apply for an open position or collaboration with Grownected, we will process the Personal Data necessary for the recruitment process — including the contents of your CV, portfolio, references, and communications with you. We retain applicant data for a reasonable period in order to consider you for other suitable openings, unless you ask us to delete it earlier. Legal basis: steps taken at your request prior to entering into a contract (Art. 6(1)(b) GDPR) and, where applicable, your consent to keep your application on file for future openings (Art. 6(1)(a) GDPR).

V. Use of AI tools and third-party sub-processors

Because Grownected’s services are AI-enabled, you should be aware that in delivering our services we may use third-party AI models and automation platforms — for example large language model providers such as OpenAI, Anthropic, or Google, automation platforms such as n8n or GoHighLevel, cloud infrastructure providers, and similar services.

When we do so:

  • We only share personal data with these sub-processors to the extent strictly necessary to deliver the agreed service.
  • We rely on providers that offer appropriate technical and organisational safeguards, as well as appropriate data-transfer mechanisms where relevant (see Section IX).
  • We do not use your personal data, or data belonging to your end-users, to train third-party public AI models.
  • Where we act as a data processor for a client, the list of sub-processors is made available in the relevant Data Processing Agreement and any changes are notified to the client in accordance with that agreement.

On request, we can provide a current list of sub-processors used for a specific engagement.

VI. Cookies and similar technologies

Our Website may use cookies and similar technologies in order to function correctly, to remember your preferences, to understand how visitors use the Website, and — where you consent — to measure the effectiveness of our marketing.

We use the following broad categories of cookies:

  • Strictly necessary cookies, which are required for the Website to function (for example, to remember your cookie preferences or to maintain session state). These do not require your consent.
  • Analytics cookies, which help us understand how visitors interact with the Website (for example, via Google Analytics or similar tools). We only set these cookies if you consent to them.
  • Marketing and functional cookies, which may be set by third-party services we embed (for example, video players, scheduling tools, or advertising pixels). We only set these cookies if you consent to them.

When you first visit the Website, a consent banner will allow you to accept all cookies, reject all non-essential cookies, or configure your preferences by category. You can change your choices at any time from the cookie settings link available on the Website, or by clearing cookies in your browser.

For the avoidance of doubt: rejecting non-essential cookies will not prevent you from using the Website.

VII. Duration of the processing

We intend to keep your Personal Data for the duration necessary for reaching the purposes for which we collected the information, and in accordance with our internal policies and the specific legislation applicable (for example, accounting and tax legislation, which typically requires retention of invoices and related records for 10 years in Romania).

  • Personal Data collected in connection with the provision of our services will be kept for the duration of the provision of those services, plus an additional statutory period that enables us to protect our rights and interests in relation to third parties (typically the general limitation period of 3 years under Romanian law, or longer where specific laws apply).
  • Email messages and business communications are kept according to our internal email-archiving policy.
  • Data processed on behalf of a client as data processor is retained for the period instructed by the client and deleted or returned at the end of the engagement.
  • Cookie retention periods depend on the individual cookie and are described in the cookie consent banner on our Website.

VIII. Recipients of your personal data

As the case may be, we may transmit or provide access to certain personal data to the following categories of recipients:

  • affiliated companies and freelance collaborators working with Grownected on a specific engagement, for the provision of the requested services;
  • providers of information technology, cloud hosting, email, communications, and support systems — including email archiving, backup, disaster recovery, and cybersecurity services;
  • AI and automation platform providers we use to deliver our services, as described in Section V;
  • organisations that provide us relevant services for maintaining and developing this Website and its tools (analytics, hosting, scheduling, form processing);
  • accounting, tax, audit, legal, and other professional advisors;
  • public authorities and institutions, when the law requires us to disclose data to them.

We will also disclose Personal Data to third parties in the following cases: if you request or authorise us to do so; to persons demonstrating legal authority to act on your behalf; where it is in our legitimate interest to do so in order to run, grow, and develop our business — including in case of a transfer of undertaking (where we sell a part of the business or certain assets), in which case we may disclose personal data to the prospective buyer; if we are under a duty to disclose your personal data in order to comply with any legal obligation or any lawful request from public authorities; to respond to claims, to protect our rights or the rights of a third party, to protect the safety of any person, or to prevent any illegal activity.

We ensure that access to your data by third-party private-law entities is granted in accordance with the legal provisions on data protection and confidentiality of information, based on written agreements concluded with them (including, where applicable, Data Processing Agreements under Art. 28 GDPR).

IX. Transfer of personal data abroad

Some of our sub-processors are located outside the European Economic Area (for example, providers of cloud infrastructure or AI models headquartered in the United States). Whenever we transfer personal data outside the EEA, we take the necessary measures to ensure that the transfer is protected by appropriate safeguards — such as an adequacy decision adopted by the European Commission, Standard Contractual Clauses issued by the European Commission, or other safeguards permitted under Chapter V of the GDPR.

You can contact us at any time using the contact information in Section XII to find out more about the countries where we transfer your data, as well as the safeguards we have implemented with regard to these transfers.

X. Security of the data processing

We are committed to ensuring the security of personal data by implementing appropriate technical and organisational measures, according to industry standards. This includes encrypted storage, access controls based on the principle of least privilege, secure development practices, logging and monitoring, regular backups, and staff awareness measures.

Despite the measures taken to protect your personal data, we note that sending information over the internet in general — as well as through other public networks — is not entirely secure, with the residual risk that data may be accessed by unauthorised third parties. We cannot be held responsible for such vulnerabilities of systems that are not under our control.

XI. Your rights in respect of the data processing

In the context of the processing of your personal data, you have the following rights:

  1. Right of access to the processed personal data: you have the right to obtain a confirmation of whether or not your personal data are being processed, and, if affirmative, access to the categories of data processed and the conditions of processing.
  2. Right to rectification or erasure of personal data: you may request the rectification of inaccurate data, the completion of incomplete data, or the erasure of your personal data in the cases provided by Art. 16–17 GDPR.
  3. Right to restriction of processing, in the cases provided by Art. 18 GDPR.
  4. Right to withdraw consent for processing, where the processing is based on consent — without affecting the lawfulness of processing carried out before the withdrawal.
  5. Right to object to the processing on grounds relating to your particular situation, where the processing is based on legitimate interest, and the right to object at any moment to processing for direct marketing purposes, including profiling.
  6. Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly affects you in a significant manner.
  7. Right to data portability: the right to receive your personal data that you provided to us in a structured, commonly used and machine-readable format, and to transmit those data to another controller, where the processing is based on your consent or on a contract and is carried out by automated means.
  8. Right to file a complaint with the Romanian Data Protection Authority (ANSPDCP) and the right to address the competent courts of law. ANSPDCP contact details: Address: B-dul G-ral. Gheorghe Magheru no. 28-30, 1st district, postal code 010336, Bucharest, Romania; Telephone: +40 318 059 211 / +40 318 059 212; Email: anspdcp@dataprotection.ro. Without affecting your right to contact the Data Protection Authority at any time, we ask that you also contact us beforehand — we will do our best to resolve any issues amicably.

The above rights may be exercised at any time. For this purpose, you can send us a written, dated, and signed notice (on paper or in electronic format) to the address indicated below.

XII. Contact details

You can contact Grownected (IDACOS DIGITAL SRL) at any time by submitting a request using any of the following channels:

  • Email: admin@grownected.com
  • Post / courier: sat Loloiasca nr. 217, comuna Tomșani, județul Prahova, postal code 107616, Romania — marked “for the attention of the Grownected Data Protection Officer”.

This Privacy Policy should be read together with any Data Processing Agreement concluded with Grownected in the context of specific services.