Encryption
Encryption & secure transport
Growf protects data in transit with TLS 1.3. All connections between users, the application and connected services are encrypted to keep workspace data protected while it moves through the platform.
Security you can
build on.
Your agency’s strategy and client work are sensitive. Here’s how we protect them, at the infrastructure, application and organisational level.
How we protect your data
Security built into every layer
Authentication
Passwordless authentication
Growf does not store user passwords. Access is handled through one-time passcodes, so users can sign in securely without password storage or password reuse risks.
Isolation
Workspace data isolation
Every client workspace is logically separated. Strategy, content, documents, agents and customer data stay scoped to the right workspace, helping agencies keep client information isolated across teams and accounts.
Authorization
Authorization and access control
Growf uses role-based access controls to make sure users only access the workspaces, clients and platform areas they are allowed to use. Permissions are managed at workspace and team level.
Deployment
Development & deployment
Growf uses controlled CI/CD release workflows for development and deployment. Changes are reviewed, tested and deployed through structured release processes to keep platform updates predictable and reliable.
Last updated 1 June 2026
Data protection
Data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256. Secrets and encryption keys are stored in a managed key-management service and rotated on a regular schedule. Production data is logically isolated per workspace so one customer can never access another’s content.
Access controls
Within your workspace, access is governed by roles (Owner, Strategist, Creator and Viewer), so people only see what they need. Internally, Growf staff access to production systems is restricted, requires multi-factor authentication, follows least-privilege principles and is logged and reviewed.
Infrastructure
Growf runs on reputable EU-based cloud infrastructure. We use network segmentation, firewalls and private networking to isolate services, apply security patches promptly, and rely on infrastructure-as-code so environments are consistent and auditable.
AI & model safety
Our agents process your content only to generate outputs for your workspace, on your instruction. We do not use your private client content to train shared models. Where third-party model providers are used as subprocessors, they operate under contractual terms that prohibit training on your data and require appropriate security controls.
Privacy & compliance
We align our practices with the GDPR and offer a Data Processing Agreement to customers who need one. Our Privacy Policy explains what we collect and why. We work with vetted subprocessors under data-processing agreements and keep an up-to-date list available on request.
Incident response
We maintain an incident-response plan covering detection, containment, eradication and recovery. If a security incident affects your data, we will notify affected customers without undue delay and in line with our legal obligations, and share what we know and the steps we’re taking.
Responsible disclosure
Security is a shared effort. If you believe you’ve found a vulnerability, please report it to us privately so we can investigate and fix it before it’s disclosed publicly. Email info@growf.io with details and steps to reproduce. We commit to acknowledging reports promptly and keeping you updated, and we won’t pursue good-faith researchers who follow this process.
Want to see how your agency can
think, create and grow in the AI era?
industry trusted.
Growf is backed by
Quantum Leap Capital
"With our investment of one million euros, we are supporting the development of an AI Operating System that will fundamentally transform the agency world. Agencies need structure, scalability, and true adoption of AI, and Growf delivers exactly that."
Mike de Boer
Quantum Leap Capital
