Legal

    Privacy Policy

    Last updated: January 1, 2025

    LiftSignals is committed to protecting the privacy of our customers and their end-customers. This policy explains what data we collect, how we use it, and the rights you have over it.

    1 Who We Are

    LiftSignals, Inc. ("LiftSignals", "we", "us", or "our") operates the customer intelligence platform available at liftsignals.com and app.liftsignals.com. We are the data controller for the personal data we collect directly from you (our customers). We are a data processor for the end-customer data you provide us with when you connect your e-commerce store.

    For the purposes of the EU General Data Protection Regulation (GDPR), our data protection contact is: privacy@liftsignals.com.

    2 Data We Collect

    We collect two categories of data:

    2.1 Account and Subscription Data

    When you create a LiftSignals account, we collect:

    • Your name and email address
    • Your company name and website URL
    • Billing information (processed and stored by our payment processor, Stripe — we do not store card numbers)
    • Plan and subscription details
    • Account preferences and settings
    • Communication history with our support and sales teams

    2.2 Store Data (Customer Intelligence Processing)

    When you connect your e-commerce store to LiftSignals, you grant us access to:

    • Customer records from your store (names, email addresses, shipping addresses, purchase history)
    • Order data (product SKUs, order values, timestamps, discount codes used)
    • Geographic data (shipping zip codes and regions)
    • Behavioral data your store platform makes available (browse sessions, cart events, email engagement where integrated)

    This store data belongs to you and your customers. LiftSignals processes it solely to generate the intelligence outputs you've subscribed to. We act as a data processor under your instruction.

    2.3 Usage Data

    We automatically collect certain data about how you interact with the LiftSignals application:

    • Log data (IP addresses, browser type, pages visited, timestamps)
    • Feature usage data (which modules you access, how often)
    • Performance and error data

    This data is used to improve the platform, diagnose issues, and understand feature adoption.

    3 How We Use Your Data

    We use your data only for the following purposes:

    PurposeLegal Basis (GDPR)
    Providing and operating the LiftSignals serviceContract performance
    Processing your subscription and billingContract performance
    Running intelligence models on your store dataContract performance
    Generating AI-powered marketing recommendations from your intelligence model outputsContract performance
    Sending service-related communicationsContract performance
    Sending product updates and feature announcementsLegitimate interests (opt-out available)
    Improving and developing the platformLegitimate interests
    Complying with legal obligationsLegal obligation
    Responding to support and sales inquiriesLegitimate interests

    We do not use your customers' data to train shared machine learning models or to benefit any other LiftSignals customer. All intelligence outputs are generated exclusively from your own store data and returned only to you. The AI-Powered Recommendations feature operates exclusively on the outputs of your store's own intelligence models — it does not incorporate data from any other LiftSignals customer's store, and the weekly AI Insights recommendations generated are accessible only to your account.

    We do not sell your data or your customers' data to any third party. Ever.

    4 Data Sharing

    We do not sell or rent your personal data. We share data only in the following limited circumstances:

    4.1 Service Providers

    We use a limited number of trusted third-party service providers to operate the platform. These providers are bound by data processing agreements and may only process your data on our instruction:

    • Stripe — Payment processing
    • Amazon Web Services (AWS) — Cloud infrastructure and data storage
    • Postmark / SendGrid — Transactional email delivery
    • Intercom — In-app support and messaging
    • Datadog — Platform monitoring and error tracking

    4.2 Legal Requirements

    We may disclose your data if required to do so by law, court order, or governmental authority — or if we believe disclosure is necessary to protect our legal rights, the rights of others, or to prevent fraud or illegal activity.

    4.3 Business Transfers

    In the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred to the acquiring entity. We will notify you by email and provide a 30-day notice period before your data becomes subject to a different privacy policy.

    5 Data Retention

    Account Data: We retain your account data for as long as your account is active. If you cancel your account, we retain your data for 30 days to allow for reactivation or export, then permanently delete it.

    Store Data: We retain your connected store data for the duration of your subscription. You can export your intelligence data at any time from your account settings. Upon cancellation, your store data is retained for 30 days, then permanently deleted.

    Usage Data: We retain log and usage data for 90 days for operational purposes.

    Billing Records: We retain billing records for 7 years to comply with financial reporting obligations.

    We do not archive cancelled customer data. Deletion is permanent and irreversible.

    6 Your Rights

    6.1 Rights Under GDPR (EU/UK Residents)

    If you are located in the European Economic Area or United Kingdom, you have the following rights under GDPR:

    • Right of access — Request a copy of the personal data we hold about you
    • Right to rectification — Request correction of inaccurate or incomplete data
    • Right to erasure — Request deletion of your personal data ("right to be forgotten")
    • Right to restriction — Request that we restrict processing of your data
    • Right to data portability — Receive your data in a structured, machine-readable format
    • Right to object — Object to processing based on legitimate interests
    • Right to withdraw consent — Where processing is based on consent, withdraw it at any time
    • Right to lodge a complaint — Lodge a complaint with your national data protection authority

    To exercise any of these rights, contact us at privacy@liftsignals.com. We will respond within 30 days.

    6.2 Rights Under CCPA (California Residents)

    California residents have the following rights under the California Consumer Privacy Act:

    • Right to know — Request information about the personal data we collect, use, and share
    • Right to deletion — Request deletion of your personal data
    • Right to opt-out — Opt out of the sale of your personal data (note: we do not sell personal data)
    • Right to non-discrimination — We will not discriminate against you for exercising your CCPA rights

    To submit a CCPA request, email privacy@liftsignals.com.

    6.3 Your Customers' Data Rights

    If one of your end-customers contacts you requesting access, deletion, or portability of their data that LiftSignals holds, contact us at privacy@liftsignals.com and we will action the request within 30 days.

    7 Cookies & Tracking

    LiftSignals uses the following categories of cookies:

    Strictly Necessary Cookies

    Required for the platform to function. These cannot be disabled. They include authentication tokens, session identifiers, and security cookies.

    Analytical Cookies

    We use anonymized analytics to understand how users interact with the platform. This data is aggregated and not linked to individual accounts. You can opt out via our cookie preference center.

    Functional Cookies

    Used to remember your preferences within the application (e.g., dashboard layout, selected plan view). These are session-duration only.

    We do not use advertising or cross-site tracking cookies.

    Our marketing website (liftsignals.com) uses a cookie consent banner. You can withdraw consent at any time via the cookie preference link in the footer.

    8 Security

    LiftSignals is SOC 2 Type II certified, independently audited for security, availability, and confidentiality controls.

    We implement the following technical and organizational measures to protect your data:

    SOC 2 Type II Certified256-bit AES Encryption
    • Encryption at rest: All data is encrypted using 256-bit AES encryption
    • Encryption in transit: All data transmitted between your browser, our servers, and our service providers uses TLS 1.3
    • Access controls: Role-based access controls limit employee access to production data. Access to customer data requires a documented business reason and is logged.
    • Vulnerability management: Regular penetration testing and automated vulnerability scanning
    • Incident response: A documented incident response plan with notification procedures compliant with GDPR's 72-hour breach notification requirement

    While we implement industry-standard security measures, no system is completely secure. If you discover a potential security vulnerability, please report it to security@liftsignals.com.

    9 Children's Privacy

    LiftSignals is a business-to-business platform intended for use by adults operating e-commerce businesses. We do not knowingly collect personal data from anyone under the age of 16. If you believe a minor has provided us with personal data, contact privacy@liftsignals.com and we will delete it promptly.

    10 Changes to This Policy

    We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

    When we make material changes, we will:

    • Update the "Last updated" date at the top of this page
    • Send an email notification to all active account holders at least 14 days before the changes take effect
    • Display a prominent notice in the application

    Your continued use of LiftSignals after the effective date of any update constitutes your acceptance of the updated policy.

    11 Contact Us

    For any privacy-related questions, requests, or concerns:

    Email: privacy@liftsignals.com

    Response time: Within 5 business days for general inquiries; within 30 days for formal rights requests.

    For EU/UK residents, our EU representative for GDPR purposes can be contacted at: eu-privacy@liftsignals.com

    Questions about this policy?

    privacy@liftsignals.com
    ← Back to HomeTerms of Service →