Information we collect
- Account information — your name, email, and organization, when you create an account. Authentication is handled by Supabase.
- The Meta Ads data you give us to audit — today that is the CSV export you upload. If you later connect a Meta ad account, it is read-only metadata and performance data (account name, currency, timezone, and the campaign / ad set / ad / audience / placement metrics the audit needs).
- Brand profile — optional details you choose to tell us (industry, business model, typical order value, goals) so an audit can be read against your context.
- Usage analytics — page views and actions such as audits run, via PostHog, so we can see what is and is not working.
- Error data — diagnostic information via Sentry. Access tokens and personal data are scrubbed at the source and never sent.
How your CSV upload is handled
When you run an audit by uploading a CSV, the file is sent over an encrypted (HTTPS) connection and parsed in memory on our server for the few seconds the audit runs. The raw file is not written to disk and not stored in a database. If you are signed in and choose to save the resulting report, the audit results — not the raw file — are stored to your account.
How we use your information
- To run audits and surface findings.
- To generate human-readable explanations of findings via Anthropic's Claude API. We send numeric summaries and structured evidence only — no personal data, no creative content, no access tokens.
- To process payments, via Stripe, when you subscribe.
- To send transactional and digest emails (for example, a weekly “what changed” summary), via Resend.
- To diagnose errors, keep the service secure, and improve it.
What we never do
- Sell your data.
- Share your data with advertisers or marketers.
- Write to your Meta ad account — our access is read-only.
- Use your data to train machine-learning models.
- Send your access tokens to any third party, ever.
Cookies and analytics
We use a small number of first-party cookies that are necessary for the site to function — for example, to keep you signed in and to remember interface preferences such as your theme. We use PostHog for product analytics. We do not use third-party advertising or cross-site tracking cookies, and there are no advertising pixels on this site.
Subprocessors
We rely on a small set of vendors to operate the service. Our public subprocessor list names every one, the data each sees, and why.
Data retention
- Uploaded CSV files: not retained — parsed in memory and discarded when the audit finishes.
- Saved audit results: kept until you delete them or close your account.
- Raw Meta API snapshots (if you connect an account in future): 90 days, then archived to cold storage for 1 year, then deleted.
- Benchmark observations: only kept, in anonymized form, if you opt in.
- Security and audit logs: up to 2 years, then purged.
Data security
We encrypt data in transit and at rest and follow the practices described on our security page. No system is perfectly secure, but we design for least access and disclose how we handle your data openly.
International users
Honest Growth is operated from the United States, and your data is processed there and by the subprocessors listed above. If you use the service from outside the US, you consent to that processing. If you are in a region with specific data-protection rights (such as the EEA, UK, or California), the rights below apply to you.
Your rights and choices
You can access and export the data we hold about you, correct it, or delete your account at any time from your dashboard. Account deletion removes your data within 30 days, except the minimum we are required to keep for legal or accounting compliance. You can opt out of benchmark contribution and unsubscribe from digest emails without losing access to the product. To exercise any of these rights, use your dashboard or email us.
Children's privacy
Honest Growth is a business tool and is not directed to anyone under 18. We do not knowingly collect data from children. If you believe a minor has given us data, contact us and we will delete it.
Changes to this policy
If we change this policy materially, we will update the date above and, for account holders, notify you by email before the change takes effect.
Contact
Privacy questions, requests, or corrections: nachiket@nachiketpai.com