Privacy Policy
This is the privacy policy for Real Growth Matters Inc. and the realgrowthmatters.com website. We tell you what we collect, what tools we use, how long we keep it, who we share it with — and importantly, who we do not share it with.
Plain-English summary
We collect the data needed to operate our website, understand how visitors use it, and respond when you apply for engagement. We do not sell your data. We do not share your data with third parties for their own marketing. We use trusted technology vendors to operate our analytics, advertising, and CRM systems on our behalf, and we hold those vendors to data-protection terms that bind them as processors of our data, not independent controllers of yours.
If you only read one section, this is the one.
Data controller
The data controller responsible for the processing of personal information collected through this Site is Real Growth Matters Inc., a Maryland corporation, contact privacy@realgrowthmatters.com. Where we engage third-party vendors to process data on our behalf, those vendors act as processors under written data-processing agreements that bind them to handle data only on our documented instructions, apply appropriate technical and organizational safeguards, restrict subprocessing, and assist us with data-subject requests.
What data we collect
We collect three categories of data:
Information you give us directly
When you fill out our application form, send us an email, or call us, we collect what you tell us — typically name, email address, phone number, company name, role, business context, and any documents or information you choose to share. Our application form is the most common point of collection.
Information collected automatically
When you visit the website, we automatically collect technical data: pages visited, time on page, referring source, device type, browser, operating system, approximate geographic region (derived from IP address), and an anonymous session identifier. This is standard analytics data and we use it to understand site performance and improve content.
Information collected via cookies and tracking technologies
We use first-party and third-party cookies and tracking pixels to support analytics, attribution, and (where you have engaged with our marketing) advertising re-engagement. Details below.
Tools we use to collect it
We operate the following tools on our website. Each is a trusted, widely-used technology vendor with public privacy and data-handling commitments.
| Tool | Purpose | Data collected |
|---|---|---|
| Google Tag Manager | Container that loads the other tags below. Does not itself collect data. | None directly. |
| Google Analytics 4 (via GTM) | Website analytics — page views, sessions, engagement, conversions. | IP address (truncated), session identifier, page URL, referrer, device data. |
| Google Ads | Conversion measurement and remarketing for our paid advertising. | Conversion event when you complete the application form; cookie-based audience membership. |
| Meta (Facebook/Instagram) Ads | Conversion measurement and remarketing. | Conversion event; cookie-based audience membership. |
| LinkedIn Ads | Conversion measurement and remarketing. | Conversion event; cookie-based audience membership. |
| CallRail | Phone-call tracking — attributing phone calls to marketing source. | Phone number called, source URL, dynamic-number-insertion identifier. |
| Microsoft Clarity | Behavior analytics — anonymous session recordings and heatmaps to improve site usability. | Mouse movements, scroll depth, click locations. Sensitive form fields are masked. |
| Quantcast Measure | Audience analytics and benchmarking. | Anonymous device identifier, page-view data. |
| CRM (HubSpot or equivalent) | Storing applicant inquiries, managing engagement pipeline, sending response emails. | Form submissions and email correspondence. |
| FormSubmit | Routing form submissions to our application inbox. | Form submission contents at moment of send. |
Each vendor's own privacy policy is publicly available. We have data-processing agreements with each vendor that bind them to handle data only as instructed, retain it only as necessary, and apply commercially reasonable security safeguards.
Who we share data with
We do not sell your personal information. We do not share your personal information with third parties for their own independent marketing.
We do share data with:
- The technology vendors above — strictly to deliver the service we engaged them for. They act as data processors, not controllers.
- Professional advisors — accountants, lawyers, insurers — when necessary to operate our business and bound by confidentiality.
- Authorities, when legally required — government agencies, courts, or law enforcement when we receive a valid legal demand. We push back on overbroad requests.
- An acquiring entity — in the unlikely event of a merger, acquisition, or asset sale, applicant data may transfer with the business. You will be notified.
That is the complete list. If we ever need to add to it, we will update this policy and notify users where required by law.
Cookies and similar technologies
Cookies are small text files stored on your device by the browser. We use four categories of cookies:
- Strictly necessary — required for the site to function. Cannot be disabled.
- Analytics — Google Analytics, Microsoft Clarity, Quantcast. Help us understand how the site is used.
- Advertising — Google Ads, Meta, LinkedIn pixels. Used for conversion measurement and audience-based ad delivery.
- Functional — remember your preferences (e.g., dark/light mode).
You can control cookies via your browser settings or via the cookie preferences link in our footer. Note that disabling analytics or advertising cookies will not stop us from operating the site, but it may affect your experience and our ability to measure performance.
How long we keep data
We hold data only as long as we need it for the purpose it was collected, plus any retention required by law. Specifically:
- Application-form data: retained for the life of the engagement plus seven years (US tax-record retention).
- Analytics data: retained per the vendor's standard retention period — typically 14 to 26 months for engagement analytics.
- Email correspondence: retained per business need plus four years.
- CRM records: retained for the life of the relationship; declined applicants are purged within 24 months unless they request continued contact.
How we protect data
We apply commercially reasonable technical and organizational safeguards: TLS encryption in transit, encrypted storage at rest with our cloud vendors, access controls limited to staff with a business need, regular access reviews, vendor security assessments, written information security policies, employee training, and a documented incident-response procedure. No system is perfectly secure; if a breach affecting your personal information occurs, we will notify you and the appropriate regulators in accordance with applicable law, including (where applicable) the notification windows required by California's data-breach statute (Cal. Civ. Code § 1798.82), the GDPR (Article 33 — 72-hour regulator notification), and other relevant US state and international notification regimes.
Legal basis for processing (GDPR / UK GDPR)
For visitors in jurisdictions where consent or a specific legal basis is required, we process personal data under the following bases:
- Consent — for non-essential cookies, marketing communications, and analytics. You may withdraw consent at any time.
- Legitimate interests — for security monitoring, fraud prevention, basic site analytics needed to operate the website, and responding to inquiries you initiate. Our legitimate interests are balanced against your rights and freedoms.
- Contract performance — when you become a client, to deliver the services we have agreed to provide.
- Legal obligation — when we must process or retain data to comply with law (for example, tax-record retention).
Your rights
Depending on where you live, you have rights over your personal information. We honor these rights for all visitors regardless of residency, to the extent reasonable. You will not be discriminated against for exercising any right described below.
California residents (CCPA as amended by CPRA)
You have the right to: know what personal information we collect, the categories of sources, the purposes for which it is collected, and the categories of third parties with whom it is shared; access the specific pieces of personal information we have collected about you; delete personal information we have collected, subject to legal exceptions; correct inaccurate personal information; opt out of the sale or sharing of personal information (we do not sell personal information and we do not share personal information for cross-context behavioral advertising as defined under CPRA); limit the use and disclosure of sensitive personal information; and not face discrimination, retaliation, or denial of services for exercising these rights.
An authorized agent may submit a request on your behalf with proper documentation. We will verify any request with reasonable identity-confirmation steps before acting.
European Economic Area, United Kingdom, Switzerland, and other GDPR-aligned regions
You have the right to: access your personal data; request correction of inaccurate or incomplete data; request deletion ("right to be forgotten") subject to legal exceptions; restrict or object to processing in certain circumstances; receive your personal data in a portable, machine-readable format and have it transmitted to another controller where technically feasible; withdraw consent at any time without affecting the lawfulness of prior processing; and lodge a complaint with your supervisory authority (for example, the Information Commissioner's Office in the UK, or your national data protection authority in the EEA).
Other US states with comprehensive privacy laws
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other US states with comprehensive consumer privacy laws have rights similar to those described above We extend the same rights and request channels to residents of those states.
How to exercise your rights
To exercise any right, email privacy@realgrowthmatters.com with the subject line "Privacy Request" and tell us which right you wish to exercise and the email address you used when you interacted with the Site. We will acknowledge receipt within 10 business days and respond substantively within 45 days, extendable by an additional 45 days where reasonably necessary. We may request reasonable identity verification before acting. There is no charge for an initial request; we may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests, or, alternatively, refuse to act on them. You have the right to appeal any decision we make on a privacy request.
Do Not Track and Global Privacy Control
Some browsers transmit a "Do Not Track" (DNT) signal. Industry-wide standards governing the meaning of DNT have not been finalized, and this Site does not currently respond differently to DNT signals. We do, however, honor the Global Privacy Control (GPC) signal where required by applicable law (including California, Colorado, and Connecticut), treating a GPC signal as a valid request to opt out of sale and sharing of personal information for cross-context behavioral advertising. As noted above, we do not currently sell personal information or share it for cross-context behavioral advertising as those terms are defined under CPRA.
Children's privacy
The Site is intended for a professional audience and is not directed to children under 13 (or under 16 in jurisdictions where that age applies). We do not knowingly collect personal information from children under those ages. If we learn that we have collected personal information from a child under the applicable age without verified parental consent, we will delete it. If you are a parent or guardian and believe we may have collected information from your child, contact privacy@realgrowthmatters.com and we will take prompt action.
International data transfers
Real Growth Matters Inc. is headquartered in the United States, and the third-party processors we use to deliver site analytics, advertising, and CRM functions may be located in the United States or in other countries. If you access the Site from outside the United States, your personal information will be transferred to, and processed in, the United States or other countries where our processors operate. Where personal data of EEA, UK, or Swiss data subjects is transferred to a country that has not received an adequacy decision from the relevant authority, we rely on Standard Contractual Clauses (or the UK International Data Transfer Addendum, where applicable), supplemented by transfer impact assessments and additional safeguards where appropriate, as the lawful mechanism for transfer. For more information about a specific transfer or to request a copy of the relevant safeguards, contact privacy@realgrowthmatters.com.
Automated decision-making and profiling
We do not make decisions about you that produce legal or similarly significant effects based solely on automated processing or profiling. Analytics, advertising attribution, and bidding-optimization tools used in our advertising operate on data we collect through this Site only at the aggregate, audience, or pseudonymous-identifier level and do not produce individual decisions affecting you in a legal or similarly significant manner.
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Effective" date at the top of this page and, where required by applicable law, notify you through a banner on the Site or by email. We encourage you to review this policy periodically. Continued use of the Site after a material change becomes effective constitutes acceptance of the updated policy.
How to contact us
For any question, request, complaint, or concern about this Privacy Policy or our handling of your personal information:
- Email — privacy@realgrowthmatters.com
- Security disclosures — security@realgrowthmatters.com
- Mail — Real Growth Matters Inc., Privacy Office, [Mailing address to be added]
For visitors in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your local supervisory authority. We would, however, appreciate the chance to address your concern directly first.
© Real Growth Matters Inc. · This Privacy Policy is reviewed at least annually and updated as needed. It does not constitute legal advice.