Privacy Policy

This Privacy Policy explains what personal data the Growth Program by Sasha ("we", "us", "our") collects, why we collect it, how we use it, and your rights. We aim to keep this clear and in plain language.

This policy applies to all users globally, including residents of the European Union, the United Kingdom, and the State of California, USA. Where your location gives you additional rights, those are set out in Sections 7 and 8 below.

1. What we collect

• Account data: your name and email address (required) and, optionally, your product or company website and social media account, collected when you sign up, apply, or purchase.
• Payment data: processed entirely by Stripe. We never see or store your full card details. Stripe's privacy policy governs how they handle payment data (stripe.com/privacy).
• Application data: answers you submit on the Founder Offer or any application form.
• Email engagement: opens and clicks on emails we send, used to improve content quality and respect unsubscribes.
• Usage data: basic analytics such as pages visited, device type, and approximate location, used to improve the site and Materials.

2. Why we use it and our legal basis

We only process your personal data where we have a lawful basis to do so. The list below sets out our purposes and the legal basis we rely on under GDPR and UK GDPR. For users outside the EU/UK, we apply these same standards as best practice.

• Delivering the Program, your purchase, and customer support — lawful basis: performance of a contract.
• Sending transactional emails (receipts, access links, account updates) — lawful basis: performance of a contract.
• Sending the weekly growth newsletter (if you subscribed) — lawful basis: consent. You can withdraw consent at any time by unsubscribing.
• Improving the Materials and website experience — lawful basis: legitimate interests (improving our product for users).
• Complying with legal obligations such as tax and accounting records — lawful basis: legal obligation.

3. Who we share data with

We share data only with trusted service providers who help us run the Program. All providers are contracted to protect your data and may only use it to perform services on our behalf. Our current providers include:

• Stripe — payment processing (stripe.com/privacy)
• Notion — workspace and content delivery
• Lovable — website hosting
• Google Analytics — aggregated usage analytics

We do not sell, rent, or trade your personal data to any third party.

4. International data transfers

We are based in the United Kingdom (England and Wales). Some of our service providers (including Stripe and others listed above) are based in or operate infrastructure in the United States or other countries outside the EU/UK.

Where we transfer personal data from the EU or UK to countries that are not deemed to provide an adequate level of protection, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the UK International Data Transfer Agreement (IDTA) as applicable.

By using the Program, you acknowledge that your data may be transferred to and processed in countries outside your own.

5. Cookies

We use a small number of cookies and similar technologies for essential site functionality and basic analytics. We do not use advertising cookies or third-party tracking cookies for behavioural advertising.

You can control or disable cookies through your browser settings. Disabling certain cookies may affect site functionality. Where required by law (e.g. for EU/UK users), we will request your consent before placing non-essential cookies.

6. Data retention

We retain your data for as long as your account is active or as needed to provide the Program. Specific retention periods:

• Purchase and billing records: retained for 7 years to comply with tax and accounting obligations.
• Account data: retained while your account is active. If you request deletion, we will remove data not required by law within 30 days.
• Email engagement data: retained while you remain subscribed or have an active account.
• Application data: retained for 12 months, then deleted unless you become a customer.

7. Your rights — EU and UK users (GDPR / UK GDPR)

If you are located in the EU or UK, you have the following rights under GDPR and UK GDPR:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — ask us to correct inaccurate or incomplete data.
• Right to erasure — ask us to delete your data where there is no legitimate reason to continue processing it.
• Right to restriction — ask us to pause processing of your data in certain circumstances.
• Right to data portability — request your data in a structured, commonly used, machine-readable format.
• Right to object — object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us using the details in Section 13. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority (e.g. the ICO in the UK at ico.org.uk, or your EU supervisory authority).

8. Your rights — California users (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know — request disclosure of the categories and specific pieces of personal data we have collected about you, and how it is used and shared.
• Right to delete — request deletion of your personal data, subject to certain exceptions.
• Right to correct — request correction of inaccurate personal data.
• Right to opt out of sale or sharing — we do not sell or share your personal data for cross-context behavioural advertising.
• Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us using the details in Section 13. We will respond within 45 days.

9. Email and unsubscribes

Every marketing and newsletter email includes a one-click unsubscribe link. You can also manage your preferences via any email we send.

Transactional emails — such as purchase receipts, access links, and account updates — are sent regardless of marketing preferences because they are necessary to deliver the Program you purchased. You cannot opt out of these while you have an active account.

10. Security

We use industry-standard measures to protect your data in transit (TLS encryption) and at rest. Access to personal data is restricted to those who need it to operate the Program.

No system is completely secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by law.

11. Children

The Program is intended for adults (18+) building products and businesses. It is not directed at children under 16, and we do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

12. Changes to this policy

We may update this policy as the Program evolves or as legal requirements change. Material changes will be communicated via the email address associated with your account or by a prominent notice on this page, with an updated effective date. We encourage you to review this policy periodically.

13. Contact and data controller

The data controller for your personal data is Sasha Sage, operating as the Growth Program by Sasha.

For questions, requests, or complaints about your data or this policy, contact us via the support channel provided after purchase or listed on the Program landing page.

For EU/UK users: if you do not receive a satisfactory response, you may escalate to your local data protection authority.

© 2026 Sasha Sage. All rights reserved.

← Back to home