Privacy Policy

StillPointHQ | GrowthForge Pro

US & UK GDPR Compliant

Effective Date: February 20, 2026|Last Updated: February 20, 2026

1. Introduction

Welcome to StillPointHQ. We are committed to protecting and respecting your privacy in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the California Consumer Privacy Act (CCPA), and other applicable US state and federal privacy laws.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website at stillpointhq.com, use our GrowthForge Pro services, or interact with us through any communication channel.

Please read this Privacy Policy carefully. By using our Services, you acknowledge that you have read and understood this policy.

Please also review our Terms of Service, which govern your use of our services.

Scope of This Policy

This policy applies to personal data collected through our website, email communications, telephone calls, and any other services we offer that link to this policy.

2. Data Controller Identity & Contact Details

For the purposes of applicable data protection laws, the data controller responsible for your personal data is:

United States

Company Name:

Stillpointhq Inc.

Headquarters Address:

1870 The Exchange SE Ste. 220 PMB 228694
Atlanta, Georgia 30339-2171
United States

United Kingdom

Company Name:

Stillpointhq Ltd

Company Number:

16866304

Registered Address:

14b, Etloe Road
London, E10 7BT
United Kingdom

Contact Details

Data Protection Email: [email protected]
General Support: [email protected]
Phone: +1 (470) 486-9469

If you have any questions about this Privacy Policy or wish to exercise your data subject rights, please contact us using the details above.

3. Categories of Personal Data We Collect

We may collect and process the following categories of personal data:

Identity Data

First name, last name, title, job title, company name

Contact Data

Business email address, telephone number, business address

Financial Data

Bank account details, payment card details (processed securely by third-party payment processors)

Transaction Data

Details of payments, services purchased, invoices, order history

Technical Data

IP address, browser type, operating system, device identifiers, login data, time zone settings

Usage Data

Information about how you use our website and services

Communications Data

Your preferences for receiving communications from us, correspondence and records of communications

Sensitive Personal Data

We do not intentionally collect any sensitive personal data (also known as special categories of personal data), such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data.

4. Purpose of Processing

We process your personal data for the following purposes:

PurposeData Categories Used
To register you as a new clientIdentity, Contact
To perform and manage our contract with youIdentity, Contact, Financial, Transaction
To process and deliver our servicesIdentity, Contact, Transaction, Communications
To manage payments, fees, and chargesIdentity, Contact, Financial, Transaction
To manage our relationship with youIdentity, Contact, Communications
To improve our website and servicesTechnical, Usage
To send you marketing communications (with consent)Identity, Contact, Communications
To comply with legal obligationsAll categories as required

5. Lawful Basis for Processing

Under the UK GDPR and applicable US privacy laws, we must have a lawful basis for processing your personal data. We rely on the following lawful bases:

Contract Performance (UK GDPR Article 6(1)(b))

Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. This applies to providing our services, processing payments, and managing your account.

Legitimate Interests (UK GDPR Article 6(1)(f))

Processing is necessary for our legitimate interests or those of a third party, provided your rights do not override those interests. This includes improving our services, ensuring network security, and business administration.

Consent (UK GDPR Article 6(1)(a))

Where you have given clear consent for us to process your personal data for a specific purpose. This applies to marketing communications. You may withdraw consent at any time.

Legal Obligation (UK GDPR Article 6(1)(c))

Processing is necessary for compliance with a legal obligation to which we are subject, such as tax, accounting, and regulatory requirements.

6. Data Retention Periods

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.

Data TypeRetention PeriodReason
Client account dataDuration of contract + 6 yearsLimitation period for contract claims
Financial/transaction records7 years from transaction dateTax and accounting requirements (US & UK)
Marketing consent recordsUntil consent withdrawn + 2 yearsEvidence of consent compliance
Website analytics data26 monthsService improvement
Enquiry/correspondence records3 years from last contactBusiness administration

In some circumstances, we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

7. International Transfers & Safeguards

StillPointHQ operates in both the United States and the United Kingdom. Your personal data may be transferred to, stored, and processed in either jurisdiction depending on where you are located and how you interact with our services.

Safeguards for UK/EEA to US Transfers

Where we transfer personal data from the UK or EEA to the United States, we ensure appropriate safeguards are in place to protect your data:

  • UK International Data Transfer Agreement (IDTA): We use the UK's approved International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses.
  • Supplementary Measures: We implement additional technical and organisational measures where necessary, including encryption and access controls.

To obtain a copy of the safeguards we use for international transfers, please contact us using the details in Section 15.

8. Your Data Subject Rights (UK GDPR)

Under the UK GDPR, you have the following rights in relation to your personal data:

Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you.

Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances.

Right to Restrict Processing (Article 18)

You have the right to request restriction of processing of your personal data.

Right to Data Portability (Article 20)

You have the right to receive your data in a structured, commonly used format.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent

Where we rely on consent, you have the right to withdraw it at any time. This will not affect the lawfulness of processing before withdrawal.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected].

  • No Fee Usually Required: You will not normally have to pay a fee to exercise your rights.
  • Identity Verification: We may need to verify your identity before processing your request.
  • Response Time: We will respond to your request within one month. This may be extended by two months for complex requests.

9. US State Privacy Rights

If you are a resident of certain US states, you may have additional privacy rights under applicable state laws.

California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), California residents have the following rights:

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out: Opt out of the sale or sharing of personal information for cross-context behavioural advertising.
  • Right to Limit Use: Limit the use and disclosure of sensitive personal information.
  • Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights.

We Do Not Sell Your Personal Information

Stillpointhq Inc. does not sell personal information as defined under the CCPA/CPRA. We do not share personal information for cross-context behavioural advertising.

Other US State Rights

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws may have similar rights. Please contact us at [email protected] to exercise your rights under applicable state law.

10. Right to Complain

UK Residents - Information Commissioner's Office

You have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection, if you believe we have not handled your personal data in accordance with the law.

Website: ico.org.uk/make-a-complaint

Helpline: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

US Residents

US residents may file a complaint with the Federal Trade Commission (FTC) or their state Attorney General regarding privacy concerns.

FTC Website: ftc.gov

FTC Complaint: reportfraud.ftc.gov

We would, however, appreciate the opportunity to address your concerns before you approach a regulatory authority. Please contact us first at [email protected].

11. Security Measures

We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

Technical Measures

  • Encryption: SSL/TLS encryption for data in transit and AES-256 encryption for data at rest
  • Access Controls: Role-based access controls and multi-factor authentication
  • Firewalls & Intrusion Detection: Network security measures to prevent unauthorised access
  • Regular Security Testing: Vulnerability assessments and penetration testing
  • Secure Development: Secure coding practices and code reviews

Organisational Measures

  • Staff Training: Regular data protection and security awareness training
  • Access Limitation: Personal data is only accessible to those who need it
  • Confidentiality Agreements: Staff and contractors are bound by confidentiality obligations
  • Incident Response: Documented procedures for detecting, reporting, and investigating data breaches
  • Vendor Management: Due diligence on third-party processors

While we implement robust security measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

12. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies. Cookies are small text files placed on your device when you visit our website.

Types of Cookies We Use

Strictly Necessary Cookies

Essential for the website to function. Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website (e.g., Google Analytics).

Functional Cookies

Remember your preferences and settings.

Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.

13. Third-Party Services

We may share your personal data with the following categories of third parties who process data on our behalf:

  • Payment Processors: For secure payment processing
  • Cloud Hosting Providers: For data storage and hosting services
  • Analytics Providers: For website analytics and performance monitoring
  • Email Service Providers: For email communications
  • CRM Systems: For customer relationship management

We ensure all third-party processors are bound by data processing agreements that require them to protect your data in accordance with applicable law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email for material changes
  • Post a notice on our website

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.

15. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your data subject rights, please contact us:

United States

Stillpointhq Inc.

1870 The Exchange SE Ste. 220 PMB 228694
Atlanta, Georgia 30339-2171

United Kingdom

Stillpointhq Ltd

Company No: 16866304

14b, Etloe Road
London, E10 7BT

Contact Details

Website: stillpointhq.com
Data Protection: [email protected]
General Support: [email protected]
Phone: +1 (470) 486-9469

© 2026 StillPointHQ. All rights reserved.
This Privacy Policy was last updated on February 20, 2026.