Security | Growati

We take security seriously. Growati is built to use official Google and YouTube APIs, request only the permissions needed for the features you enable, and protect your data with industry-standard safeguards.

Data Protection

Encryption in transit: All data sent to and from Growati is encrypted using TLS.
Encryption at rest: Data stored on our infrastructure is encrypted where applicable.
Access controls: Access to user data is restricted to authorized personnel and systems on a need-to-know basis, with authentication required.
Infrastructure: Growati runs on reputable cloud infrastructure providers with their own security and compliance programs.

For more on how we handle your data, see our Privacy Policy.

API Access and OAuth Scopes

Access to your Google Account and YouTube channel is handled entirely through OAuth — Growati never sees or stores your Google password.

We request only the scopes required to support the features you enable.
To review exactly which scopes we request and why, see the Permissions page.
Our use of data obtained via the YouTube API follows the Google API Services User Data Policy, including its Limited Use requirements.

Your Control

You can revoke Growati's access to your Google Account at any time from your Google Account security settings.
Revoking access immediately stops Growati from making further API calls on your behalf; some features may stop working until access is reconnected.
You can request deletion of your data at any time by contacting us — see our Privacy Policy for details.

Reporting a Security Vulnerability

If you discover a potential security vulnerability in Growati, we want to know about it.

How to report:

Email team@growati.com with a description of the issue, steps to reproduce, and any relevant proof-of-concept details.
Please do not publicly disclose the issue until we've had a reasonable opportunity to investigate and address it.

What to expect:

We aim to acknowledge reports within 2 business days.
We will work with you to understand and validate the issue and keep you informed of remediation progress.

Responsible disclosure:

We will not pursue legal action against researchers who report vulnerabilities in good faith, make a reasonable effort to avoid privacy violations or service disruption, and do not access, modify, or exfiltrate user data beyond what is necessary to demonstrate the issue.

Security Incidents

If a security incident affects your data, we will notify affected users and relevant authorities as required by applicable law. See Section 5 of our Privacy Policy for more information.