← Back to home
Legal · Updated June 2026

Privacy Policy.

A short, plain-language explanation of every piece of personal data this site touches, why, and what your rights are. The headline: analytics only if you opt in, no cross-site tracking, no marketing pixels.

Who is collecting your data

GrowBeyond Solutions, operated by Mikkel Lysgaard from Bangkok, Thailand. This is the controller for any personal data processed through growbeyond.ltd and the related platform at app.growbeyond.ltd. Reach me at hello@growbeyond.ltd for any data question.

What data this site processes

Two categories. That's all.

1. Things you actively give me

Your name, email, and message when you submit the contact form. Stored in my database so I can reply to you. Never shared, never added to a mailing list — this site runs no newsletter and no sales follow-up.

2. Things stored on your device

Only Cloudflare's strictly-necessary cookies (bot-protection on the contact form — see the Cookie Policy). No analytics cookies, no preference storage, no consent record — because there are no optional cookies to consent to.

3. Things measured — only if you allow it

If you accept the consent banner, Google Analytics 4 records anonymised, aggregate usage (which pages are viewed, rough region, device type) so I can see what's useful. Decline and nothing is measured — the Analytics script never loads. No cross-site tracking, no advertising profiles, no selling of data. Change your choice anytime via “Cookie settings” in the footer.

Why I'm allowed to process this data

Under GDPR, every piece of processing needs a legal basis. Mine are:

  • Consent (Art. 6(1)(a)) — for Google Analytics. It runs only after you opt in via the banner, and you can withdraw anytime via “Cookie settings” in the footer.
  • Legitimate interest (Art. 6(1)(f)) — for the contact form (you submitted it; I need to reply) and for security/bot-prevention (Cloudflare Turnstile). You can object via email.
  • Contractual necessity (Art. 6(1)(b)) — for any data exchanged once we're working together on an engagement.

How long I keep things

  • Contact-form leads — for the active conversation, then archived for up to 24 months for context if you re-engage. Deleted on request.
  • Cloudflare bot-protection — short-lived, set and expired by Cloudflare (30 minutes to 30 days).
  • Google Analytics — only if you opt in: aggregate usage retained up to 14 months; the _ga cookies last up to 2 years (cleared sooner if you withdraw consent).

Who I share data with

Almost nobody. The full list:

  • Cloudflare — DNS, CDN, and Turnstile bot-protection. They process IPs and basic request metadata as a sub-processor. Cloudflare's privacy policy.
  • Google (Analytics)only if you accept analytics. Google processes anonymised usage data as a sub-processor; data may be handled in the US under Standard Contractual Clauses and Google's EU-US Data Privacy Framework certification. Nothing is shared with Google until you opt in.
  • The hosting provider — my own EU VPS hosts both the marketing site and the platform (files + database); DNS and bot-protection run through Cloudflare. one.com provides email for the growbeyond.ltd mailboxes. They host infrastructure, nothing more.

I do not: sell data, share with advertisers, run retargeting pixels, embed third-party trackers, or send your data to anyone for any purpose unrelated to delivering the service.

International data transfers

Some sub-processors (Cloudflare, and Google Analytics if you opt in) operate globally. Where data leaves the EEA, it's covered by Standard Contractual Clauses (SCCs)or an adequacy framework (Google's EU-US Data Privacy Framework) — the GDPR-approved transfer mechanisms. I keep my own primary database (contact-form leads) on a VPS in the EU.

Your rights

Under GDPR you can ask for any of the following at any time, and I'll act within 30 days:

  • Access — a copy of every piece of data I hold about you.
  • Rectification — fix anything wrong.
  • Erasure — delete everything (the "right to be forgotten").
  • Portability — get your data in a machine-readable format.
  • Objection — stop processing based on legitimate interest.
  • Lodge a complaint — with the Danish Data Protection Authority (Datatilsynet) or your local supervisory authority.

To exercise any of these, email hello@growbeyond.ltd. I reply within a working day.

Children

This site isn't directed at anyone under 16. I don't knowingly collect data from children. If you believe a child has submitted personal data, email me and I'll delete it immediately.

Changes to this policy

If I change anything material, I'll update this page and the "updated" date at the top. Analytics is opt-in: it stays off until you accept the consent banner, and you can withdraw anytime via “Cookie settings” in the footer — opt-in, never assumed.

Questions

Email hello@growbeyond.ltd. I read every message.

— Mikkel, Bangkok