Lifted Work Privacy Policy
Last updated: May 21, 2025
Thank you for choosing Lifted Work, Inc. (“Lifted Work,” “we,” “us,” or “our”). We respect your privacy and are committed to protecting the personal data you share with us. This Privacy Policy explains what information we collect, how we use it, and your rights. It applies to visitors to https://www.liftedwork.com, account holders, and all Authorized Users of our web and mobile applications (collectively, the “Service“).
1. Information We Collect
| Category | Examples | Source |
|---|---|---|
| Account Data | Name, business e‑mail, job title, billing address, username, hashed password | Provided by you / your Agency |
| Client Data | End‑customer names, contact details, project notes, uploaded files | Provided by Authorized Users |
| Usage Data | Log files (IP, browser type, timestamps, requests, error traces), feature interactions, clickstream | Collected automatically via Fly.io, Sentry, Neon logs |
| Device & Cookie Data | Cookies, pixel tags, device IDs | Cookies / tracking tech (see § 7) |
| Analytics & Marketing Data | Page views, campaign parameters | Google Analytics, Meta/Facebook Pixel |
| AI Input/Output | Prompts, completions, embedding vectors | Generated/processed by OpenAI via our API integration |
We do not intentionally collect sensitive personal data (e.g., health or biometric data). Agencies are contractually prohibited from uploading such data without a lawful basis and proper safeguards.
2. How We Use Information
We process personal data to:
- Provide & secure the Service – authenticate users, host projects, detect fraud, and maintain logs;
- Improve & develop features – debug, train and evaluate AI models (using anonymised & aggregated data only);
- Bill & administer accounts – manage subscriptions, process payments via Stripe;
- Communicate – send transactional e‑mails, product updates, and (with consent) marketing messages;
- Comply with law – respond to lawful requests, enforce Terms, and protect rights.
3. Legal Bases (EU/UK GDPR)
| Purpose | Legal Basis |
|---|---|
| Account creation, Service delivery | Contract (Art. 6 (1)(b)) |
| Security & fraud prevention | Legitimate interest (Art. 6 (1)(f)) |
| Marketing e‑mails, cookies | Consent (Art. 6 (1)(a)) |
| Compliance with legal obligations | Legal obligation (Art. 6 (1)(c)) |
4. Sharing & Disclosures
We do not sell personal data. We share it only:
- With Sub‑processors – cloud & analytics vendors listed at /subprocessors;
- Within a Customer workspace – Agencies control visibility of their own data;
- For legal reasons – to comply with subpoenas or prevent harm;
- In corporate transactions – merger, acquisition, or asset sale (with notice).
5. International Data Transfers
We are headquartered in Florida, USA. Data may be processed in the United States and other regions where our Sub‑processors operate. For personal data from the EEA/UK we rely on Standard Contractual Clauses (SCCs) and supplementary safeguards.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account & billing records | Life of account + 7 years (tax/audit) |
| Client/Project data | Until Agency deletes or 30 days after subscription ends |
| Back‑ups | Up to 90 days |
| Security & audit logs | Up to 365 days |
| Marketing unsubscribes | Permanently (to honour opt‑out) |
You can delete items at any time via the app; permanent erasure propagates within 30 days to back‑ups unless legal holds apply.
7. Cookies & Tracking Technologies
We use:
- Essential cookies – session management, CSRF protection;
- Analytics cookies – Google Analytics (IP‑anonymized);
- Advertising pixels – Meta/Facebook (marketing site only).
You can control cookies via browser settings or our cookie banner. Opt‑out links: Google, Facebook.
8. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, delete, port, or restrict personal data, and to object to processing or withdraw consent.
- EEA/UK: Contact [email protected] – we will respond within 30 days.
- California: We honour CCPA/CPRA rights and do not sell personal data.
If we process your data on behalf of an Agency, please direct requests to that Agency; we will assist them.
9. Children
The Service is not directed to children under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided data, contact us to delete it.
10. Security
We employ encryption in transit and at rest, network segmentation, least‑privilege access, continuous monitoring via Fly.io/Sentry, and annual penetration tests. While no system is 100 % secure, we strive to protect your data.
11. Changes to This Policy
We may update this Policy to reflect changes in law or our practices. Material changes will be announced via e‑mail or in‑app at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.
12. Contact Us
Lifted Work, Inc. 1343 Main Street, Sarasota, FL 34236, USA E‑mail: [email protected]
If you are in the EEA/UK, you may lodge a complaint with your local supervisory authority, but we hope you will contact us first so we can address your concerns.