Growth Wingman, LLC, a Wyoming limited liability company ("Growth Wingman", "we", "our", "us"), provides AI-powered "Wingman" agents and supporting software for small service businesses (the "Services"). This Privacy Policy explains what personal information we collect, how we use, share, retain, and protect it, and the choices and rights you have. By using the Services you agree to the practices described here.
1. Introduction & scope
This Privacy Policy applies to our websites, the Hangar application, and the AI Wingman agents and related tools we provide (together, the "Services"). It describes how we handle personal information about you — our customer and the individuals who use or interact with our websites and Services — and how we handle the data your Wingmen process on your behalf.
We play two distinct roles with respect to data:
- As a controller — for information about you, our customer, and the people who visit our websites or sign up for the Services (such as account, billing, support, and analytics data), we determine the purposes and means of processing and act as a "business" or "controller."
- As a service provider / processor — for personal information about your end-customers (callers, texters, leads, and contacts) that your Wingmen process, you are the controller and we (together with our platform infrastructure provider, which acts as our subprocessor) act as a service provider/processor, handling that data only to provide the Services and on your documented instructions. See Section 11.
2. What personal data we collect & how we use it
We collect personal information for the purposes below. For each purpose we describe the data involved and how long we generally keep it (see also Section 13 on retention).
- Account registration — to create and manage your account and enable you to use the Services. Data: name, email, mobile number, business name, and contact details you provide. Retention: for the life of your account plus a limited period after closure.
- Billing & payments — to process subscription payments, send invoices and receipts, and prevent fraud. Data: subscription plan, transaction history, and limited payment metadata. Payments are processed by Stripe and our platform billing provider; we do not store full payment-card numbers. Retention: as required by tax and accounting law.
- Providing the Services — to operate, provision, and run your Wingmen and process your conversations. Data: your Inputs and Outputs, contacts, conversations, call and SMS content, recordings and transcripts, scheduling events, knowledge-base ("Flight Bag") content, and the end-customer data your Wingmen process on your behalf. Retention: for the term of your subscription; recordings are retained for 90 days by default and are configurable per account.
- Support requests — to respond to your questions and resolve issues. Data: the contents of your support communications and related account context. Retention: for as long as needed to resolve and document the matter.
- Usage & analytics — to monitor, debug, secure, and improve the Services and develop new features. Data: device, log, and product-usage data (IP address, browser, device, pages and features used, and metadata about volume and timing). Retention: typically for a limited rolling period.
- Marketing — to send product news and offers where you have consented. Data: contact details and engagement data. Retention: until you opt out or your account closes.
- Security & legal compliance — to protect the Services and our users and to comply with legal obligations (e.g., tax, TCPA, and recording-consent laws). Data: as reasonably necessary. Retention: as required to meet legal and security obligations.
3. AI / LLM processing
To power your Wingmen, your Inputs and certain related content are sent to third-party AI and large language model ("LLM") providers (including Anthropic and others) to generate responses, summaries, transcriptions, and other Outputs, in accordance with those providers' policies. We do not use your Customer Content, or end-customer data processed on your behalf, to train third-party or generally-available AI models, and we contract with our AI providers on terms that prohibit them from using that data to train their models. AI Outputs are probabilistic and may be inaccurate, incomplete, or fabricated; they require human oversight before you rely on them. See our Terms & Conditions for the related disclaimer.
4. Cookies & analytics
By default we set only necessary cookies required for basic site functions such as page navigation, security, and access to secure areas. Optional analytics cookies load only after you opt in. We use PostHog for product analytics (proxied through our own domain) to understand how the Services are used and improve them. You can manage your choices via the Cookie Preferences control and on our Legal & cookies page, which lists every cookie we set, and you can adjust your browser settings to refuse or delete cookies. We honor Global Privacy Control (GPC) signals where applicable. For SMS and marketing opt-outs, see Sections 8 and 16.
5. Who we share with (processors & disclosures)
We share information with the service providers ("subprocessors") that help us run the Services, under contracts that limit their use of the data:
- Stripe and our platform billing provider — payment processing and billing.
- Cloudflare — hosting, storage, and infrastructure.
- Our platform infrastructure provider — the underlying platform powering conversations and marketing automation. This provider processes data on our behalf as a subprocessor under its own published privacy commitments, security measures, and a data processing agreement, and may transfer and process data in the United States and other countries under appropriate safeguards (such as recognized data-transfer frameworks or standard contractual clauses). See Section 6.
- Resend — transactional and account email delivery.
- PostHog — product analytics, where you have opted in.
- Anthropic and other LLM / AI providers — generating Wingman responses and other AI Outputs.
- Twilio — SMS carrier and message delivery.
We may also disclose information to comply with law, respond to lawful requests, enforce our agreements, or protect the rights, safety, and security of Growth Wingman, our users, and the public; and in connection with a merger, acquisition, financing, or sale of assets (a "business transfer"), subject to this Policy. We do not sell your personal information. Mobile/SMS opt-in and consent data is never shared with third parties or affiliates for their own marketing.
6. International data transfers
We are based in the United States and operate the Services from the United States. If you access the Services from outside the U.S., your information will be transferred to, stored, and processed in the United States and other countries where we or our subprocessors operate, which may have data-protection laws that differ from those of your jurisdiction. In particular, data may be processed by our platform infrastructure provider and other subprocessors in the United States and other countries. Where required, we and our subprocessors put in place appropriate safeguards for such transfers — such as recognized data-transfer frameworks or standard contractual clauses — together with a data processing agreement governing the processing. These safeguards apply to transfers of both your account data and the end-customer personal data we process on your behalf; for the latter, a Data Processing Addendum incorporating Standard Contractual Clauses is available to customers acting as controllers (see Section 11).
7. Links to third-party websites
The Services may contain links to third-party websites or resources provided for your convenience. We do not control those sites and are not responsible for their content or their privacy practices. Accessing a linked third-party site is at your own risk and subject to that site's own privacy policy.
8. Marketing messages & opt-out
Where you have consented, we may send you marketing messages by email or through in-app notifications to tell you about products, features, and offers. You can opt out at any time by using the unsubscribe link in any marketing email, adjusting your in-app preferences, or emailing privacy@growthwingman.com. Opting out of marketing does not affect transactional or account messages required to operate the Services. For SMS opt-out, see Section 16.
9. Children's privacy
The Services are intended for businesses and are not directed to children under 16, and we do not knowingly collect personal information from anyone under 16. If you are at least 16 but under 18, you may use the Services only with the consent and supervision of a parent or legal guardian. If you believe a child has provided us personal information, contact us and we will delete it.
10. Your privacy rights
California privacy rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you the right to:
- Know & access what personal information we collect, use, disclose, and (if applicable) share.
- Delete personal information we have collected, subject to exceptions.
- Correct inaccurate personal information we hold about you.
- Opt out of any "sale" or "sharing" of personal information for cross-context behavioral advertising.
- Limit the use of sensitive personal information.
- Non-discrimination — to be free from discrimination for exercising these rights.
General data-protection rights
Depending on where you live, you may also have the right to: access your personal data; request rectification of inaccurate data; request erasure; restrict or object to certain processing; receive your data in a portable format; and withdraw consent at any time where processing is based on consent (without affecting prior processing).
How to exercise your rights
To exercise any of these rights, email privacy@growthwingman.com (California residents may use the subject line "California Privacy Request"). We will verify your identity and respond within the time required by law. You may use an authorized agent with written authorization. For personal information we process on behalf of our business customers, we (and our platform infrastructure provider) act as service providers / processors on the business customer's instructions, and we will route end-customer requests to the relevant business customer, who is the controller and is responsible for responding to them (see Section 11).
11. Data we process on your behalf (service-provider role)
For personal information about your end-customers that is processed through the Wingmen — including contact details and the content of calls, texts, and messages — you are the controller and Growth Wingman acts as a service provider under the CCPA (and a processor under other applicable laws), as does our platform infrastructure provider, which processes that data on our behalf as a subprocessor. We and our platform infrastructure provider process that information only to provide the Services and on your documented instructions; we do not sell or share it and do not use it for our own purposes. As the controller of that data, you are responsible for providing your own privacy notices to, and obtaining all required consents from, your end-customers, and for responding to and fulfilling data-subject requests from your end-customers (such as requests for access, correction, deletion, portability, or restriction), and for the lawfulness of the instructions you give us. If we or our platform infrastructure provider receive a data-subject request directly from one of your end-customers, we may direct it to you. Deletion or return of end-customer data is handled per your instructions and as described in Section 13. Our platform infrastructure provider acts as our subprocessor under a data processing agreement, and cross-border transfers of this data rely on Standard Contractual Clauses or a recognized data-transfer framework (see Section 6). Where you act as a controller of end-customer personal data, a Data Processing Addendum is available to you on request by emailing privacy@growthwingman.com.
12. Security
We use commercially reasonable administrative, technical, and organizational safeguards designed to protect personal information, including encryption in transit and encryption at rest for recordings. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. You are responsible for safeguarding your own account credentials and for maintaining appropriate security on your side.
13. Data retention & deletion
We retain personal information for as long as needed to provide the Services and for the additional periods described in Section 2 — generally for the life of your subscription plus a limited period after cancellation (typically 30 days), unless a longer period is required to comply with law, resolve disputes, or enforce our agreements. Call recordings are retained for 90 days by default and are configurable per account. You or your authorized users may request export of your data before deletion, and may request deletion of data on request or upon termination of your account. When we act as a service provider, deletion of end-customer data is handled per the instructions of the relevant business customer.
14. Updating your data
Please keep your account information accurate and current, and let us know if any personal information we hold about you needs to be corrected or updated. You can update much of your information directly in your account, or contact us at privacy@growthwingman.com.
15. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version with a new "Last updated" date and, for material changes, provide additional notice where appropriate. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.
16. SMS / Text Messaging Program (A2P 10DLC Compliance)
This section describes how Growth Wingman handles application-to-person (A2P) text messaging under U.S. carrier guidelines (CTIA, 10DLC) and the Telephone Consumer Protection Act (TCPA).
Program description
When you provide a mobile number to Growth Wingman — at signup, lead capture, callback request, or other interaction — you may receive SMS/MMS text messages from us related to your account, the Services you've requested, billing, support, and (if you've opted in separately) marketing.
Message types and frequency
- Transactional / account messages: signup confirmations, account activation, billing notices, security alerts, and reply confirmations. Delivered as needed for service operation; typical volume is 1–4 messages per month per active account.
- Customer-service messages: direct responses to questions you've sent us, scheduled callbacks, and service updates. Volume varies based on your interactions.
- Marketing messages: product announcements, promotions, and onboarding tips. Delivered only if you have separately opted in. Maximum 4 marketing messages per month.
Express consent
By providing your mobile number on a Growth Wingman signup form, lead form, or callback form, and checking the SMS-consent acknowledgment, you expressly consent to receive transactional and customer-service text messages from Growth Wingman at the number provided, including messages sent via automated dialing systems. Marketing messages require a separate, explicit opt-in.
Opt-out (STOP)
To stop receiving text messages from Growth Wingman at any time, reply STOP to any message. You will receive a one-time confirmation that you have been unsubscribed and will not receive further marketing texts. Transactional messages required to operate your account may continue (e.g., billing failures, account security) and you may end those by closing your account.
Help (HELP)
For help, reply HELP to any message and we will respond with contact information, or email support@growthwingman.com.
Message and data rates
Standard message and data rates may apply per your wireless carrier plan. Growth Wingman does not charge a fee for receiving SMS messages; carrier charges are governed by your individual mobile plan.
Carrier and delivery disclaimers
Carriers (including but not limited to AT&T, T-Mobile, Verizon, Sprint, U.S. Cellular, Boost, Cricket, MetroPCS, Virgin Mobile) are not liable for delayed or undelivered messages. Delivery is best-effort and not guaranteed.
SMS data — no sale, no third-party marketing sharing
Mobile information will not be shared with third parties or affiliates for marketing or promotional purposes. Information sharing for SMS is limited to the operational subprocessors strictly required to deliver the messages — currently our messaging platform provider and its underlying SMS carrier (Twilio). All other categories noted in the "Who we share with" section above exclude SMS opt-in and consent data.
Compliance posture
- Growth Wingman registers its A2P 10DLC brand and campaigns with The Campaign Registry (TCR) before sending production SMS at scale.
- All campaigns include the brand name (Growth Wingman) in the first message of any new conversation, opt-out instructions ("Reply STOP to unsubscribe"), and a link to this Privacy Policy.
- We honor STOP keywords (and standard variants — STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT) immediately and persist opt-outs across the customer's entire mobile lifetime with us.
- We do not send SMS to numbers on the National Do Not Call Registry without express prior consent, and we do not initiate SMS to recycled or reassigned numbers (we use carrier reassignment lookups before bulk sends).
- We comply with the TCPA, state-level consent laws (including Florida's mini-TCPA / FTSA, Washington's CEMA, Oklahoma's TCPA), and CTIA Messaging Principles and Best Practices.
For Growth Wingman customers (you operate your own SMS programs)
If you are a Growth Wingman customer using the Services to send SMS to your own end-customers, you are the "brand" for purposes of A2P 10DLC and TCPA. Growth Wingman provides the platform, but you are responsible for: (a) registering your brand and campaigns with TCR, (b) collecting valid express consent from your own end-customers prior to sending, (c) honoring STOP / HELP keywords on your tenant, (d) maintaining a publicly accessible privacy policy disclosing your SMS data practices, and (e) compliance with all applicable federal and state telemarketing laws. We provide built-in tooling and templates to help you meet these obligations; consult our compliance runbook in your customer dashboard or contact compliance@growthwingman.com.
17. Contact
Questions, requests, or concerns about this policy or your data? Email privacy@growthwingman.com.