Effective date: [add date]
Scope: This centralized notice applies to the following brands (collectively, the “Clients”) unless a specific client site states otherwise in its own Privacy Policy: ChampionsAcademyRDC, Girls’Out Community, ScratchPub.
Operator: This intake is operated by Growth Foundation Hub (“GFH”). We process and route deletion requests to the relevant Client, who acts as the data controller for your account and content on their service. GFH acts as an intake and processing provider solely for the purpose of handling your deletion request.
Preferred: Submit the form at brandslegal.growthfoundationhub.com/data-deletion-form.
Or email: datadeletion@growthfoundationhub.com (include your brand, account email, full name, and any identifiers like username, order/membership ID).
We’ll use the information you provide only to verify and fulfill your deletion request.
To protect accounts, we verify requests reasonably and proportionately. Where possible, we verify you via your login email (e.g., sending a verification link). If we cannot verify through existing checks, we may request limited documentation (you may redact non-essential fields). If you are an authorized agent or a parent/guardian submitting for someone else, we may ask for proof of authority and a way to verify the consumer’s identity. (Identity checks should be “reasonable and proportionate”; EU/UK guidance supports using existing account checks first.)
Upon a valid request (and successful verification), we will erase personal data associated with your account for the selected Client, including:
Account profile data (name, email, display details) held by the Client’s systems.
Usage records tied to your identity (e.g., preferences, saved items) where not needed for legal or security purposes.
Marketing/contact data (email lists, CRM entries) for that Client.
Third-party processors: We will forward deletion instructions to the Client’s service providers where they act on the Client’s behalf.
Note on backups: Secure backups are not edited; affected records are removed from live systems and will be overwritten when backups rotate.
Some information may be retained where required or permitted by law, to:
Comply with tax, accounting, and record-keeping rules;
Detect, prevent, or investigate fraud, misuse, or security incidents;
Establish, exercise, or defend legal claims;
Meet contractual or warranty obligations;
Honor opt-out records (to avoid re-adding you to marketing unintentionally).
These are recognized limitations to the right to deletion/erasure under EU law and similar frameworks. The right to erasure is not absolute and applies in specific circumstances.
If you signed up or log in via a social provider (OAuth), we typically receive only what’s necessary to create or access your account (e.g., email, name, provider ID, and tokens). Your deletion request to us removes data we hold for the Client and prompts our processors to delete as appropriate.
Important: Revoking our app’s access at your social provider is a separate action you control. We recommend you also revoke access for the Client app in your provider account settings:
Google: Google Account → Third-party access → select the app → Remove access. Google Help+1
LinkedIn: Settings & Privacy → Data privacy → Permitted services / Third-party applications → Remove. LinkedIn
X (Twitter): Settings → Apps and sessions → choose the app → Revoke access. Help Center
Facebook (Meta): Settings & Privacy → Settings → Apps and websites (or Accounts Center → Connected experiences) → select the app → Remove. MetaFacebook
Revoking app access limits future data sharing from the provider. It does not by itself delete data already stored in our systems—that is handled through your deletion request to us.
EU/UK (GDPR): We aim to respond within one month of receiving your request. If the request is complex or numerous, we may extend by up to two additional months; if so, we’ll inform you within the first month. European Data Protection Board
California (CCPA/CPRA): We confirm receipt within 10 business days and provide a substantive response within 45 calendar days (we may extend once by 45 days with notice). California Privacy Protection AgencyCalifornia DOJ Attorney General
We’ll keep you informed if verification or scoping is needed.
When your request is completed, we will send you a closure notice that:
Confirms deletion (or explains any limited retention and the legal basis);
Describes any third-party processors we notified;
Provides a reference number and effective date of deletion in live systems;
Explains backup handling and expected backup overwrite behavior.
If we cannot honor a request (e.g., conflict with legal obligations), we’ll explain why and what options you have.
You may request:
Full account deletion (account closure + erasure of personal data in live systems);
Marketing/contact data deletion only;
Targeted deletion (describe specific items).
Note: Some features (e.g., payment records, invoices) may remain pseudonymized or minimally retained where the law requires.
Parents/guardians may submit for a minor where applicable; we may request proof of relationship.
Authorized agents must submit proof of authorization and we may require verification of the consumer’s identity. California Privacy Protection Agency
For deceased users, please provide documentation (e.g., proof of authority) so the controller can assess and act in line with local law.
Requests are free of charge unless they are manifestly unfounded or excessive (e.g., repetitive). In that case, we may charge a reasonable fee or refuse the request with justification, consistent with applicable law.
This centralized Data Deletion Notice applies to all Client websites listed above unless a specific client site states otherwise in its own Privacy Policy. Where a client policy differs (e.g., additional retention duties, local law), that policy controls for that client’s service.
Form (recommended): brandslegal.growthfoundationhub.com/data-deletion-form
Email: datadeletion@growthfoundationhub.com
Please include: brand, account email, full name, country/region, and any identifiers that help us locate your data (username, order/membership ID, phone on file).
Use our central form or email to request deletion.
We verify reasonably (usually via your account email). ICO
We delete your account data and notify processors; backups are overwritten on rotation.
Some data may be kept if the law requires it (e.g., tax, fraud-prevention). ICO
Typical timelines: EU/UK within 1 month (extendable); California: confirm in 10 business days, respond in 45 days(extendable). European Data Protection BoardCalifornia Privacy Protection Agency
If you used social login, submit a deletion request and consider revoking app access at your provider (Google, LinkedIn, X, Facebook). Google HelpLinkedInHelp Center