Legal
Privacy Policy
Last updated April 8, 2026. We collect the minimum, store it safely, and never sell it.
1. What we collect
When you create an account, we collect:
- Email address - for login, account recovery, and order notifications.
- Password - stored as a one-way bcrypt hash. We can never see or recover your actual password.
- Display name - optional, shown only in your own dashboard.
- IP address - recorded at signup and login for fraud and abuse prevention.
- Order history - links you submit, quantities, charges, and timestamps.
- Deposit history - amounts, methods, transaction hashes (for crypto).
We do NOT collect: phone numbers (unless you choose to add one), social media passwords, payment card numbers, browsing history, or any analytics tied to your identity.
2. How we use your data
Your data is used only to:
- Operate your account and process your orders.
- Forward order details to upstream providers so they can deliver the engagement you ordered.
- Send you transactional emails (verification, password reset, order completion, refund notices).
- Investigate and prevent fraud, abuse, and policy violations.
- Comply with legal obligations.
3. What we share with providers
When you place an order, we forward only what's needed to fulfill it: the public link you provided, the quantity, and the service ID. We never share your email, account details, payment info, or any other personal data with upstream providers.
4. Cookies and tracking
We use one essential cookie to keep you logged in (session cookie). It's HttpOnly, Secure, and SameSite=Lax. We do not use any third-party trackers, advertising pixels, or behavioral analytics.
5. Data retention
- Active account data: kept as long as your account exists.
- Order and deposit history: kept for 7 years for tax and audit compliance.
- Audit logs: kept for 1 year, then archived or deleted.
- Deleted accounts: personal data is wiped within 24 hours of deletion request. Order history is anonymized but kept for tax records.
6. Your rights
You have the right to:
- Access a copy of all data we hold about you.
- Correct any inaccurate or out-of-date information.
- Delete your account and personal data.
- Export your order and deposit history (available as CSV from the dashboard).
- Object to any processing you believe is unjustified.
To exercise any of these rights, open a support ticket from your dashboard.
7. Security
We protect your data with:
- HTTPS-only with HSTS preload
- Bcrypt password hashing (cost factor 10)
- API key hashing - even we cannot see your full API key after creation
- Session cookies marked HttpOnly, Secure, SameSite=Lax
- Rate limiting on login, register, password change, and deposit endpoints
- Strict Content-Security-Policy and other security headers
- Daily encrypted database backups
No system is 100% secure, but we follow industry best practices and disclose any breach affecting personal data within 72 hours.
8. Children
SMM Growth Now is not directed at children under 18. We do not knowingly collect data from anyone under 18. If we discover an account belonging to a minor, we will delete it immediately.
9. International transfers
Our servers are located in the United States. By using the Service, you consent to your data being processed in the US, which may have different privacy protections than your home country.
10. Third-party services
We use the following third parties strictly for operational purposes:
- Upstream SMM providers (to deliver your orders) - only the link, quantity, and service ID are shared
- Email provider (for verification and notification emails) - only your email and the message body
We do not use Google Analytics, Facebook Pixel, or any advertising trackers.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced via email or a dashboard banner at least 14 days before they take effect.
12. Contact
For any questions or to exercise your rights, open a ticket from your dashboard or email privacy@smmgrowthnow.com.