Privacy Policy
Effective Date: March 1, 2025
Lofi Marketing LLC ("Lofi," "we," "our," or "us") values the privacy of individuals who visit our websites, use our applications, and interact with our related services (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and protect information about users of the Services ("you" or "Users"). Your use of the Services is also subject to our Terms of Service.
B2B focus & role split.
- When we process data about visitors, leads, and our own accounts, Lofi acts as a data controller.
- When we process personal data that our business clients provide to run advertising on their behalf (e.g., audience lists, ad account data), we act as a data processor under a separate data processing addendum ("DPA"). Clients are responsible for obtaining all necessary notices, permissions, and lawful bases to provide such data to Lofi.
1. Scope & Applicability
This Policy applies to information collected through our websites (including meetlofi.com), web/mobile apps, and any products or services that link to it. This Policy does not apply to data handling practices of third-party sites or applications you access via links from the Services.
2. Information We Collect
A. Information you provide
- Account & profile. Name, email, company, role, password, and similar details when you create an account or request a demo.
- Communications. Information contained in emails, chats, customer support requests, surveys, or feedback forms (including email engagement preferences).
- Marketing preferences. Newsletter subscriptions and related preferences.
- Payment information. If you purchase paid offerings, payment card details are collected and processed by our payment processor (e.g., Stripe) on our behalf; we do not store full card details.
B. Information collected automatically
- Device & log data. IP address, device identifiers, browser type, OS, language, referring URLs, pages viewed, and timestamps.
- Usage data. Feature usage, clicks, time on page, and error diagnostics to operate and improve the Services.
- Cookies & similar technologies. We and our partners use cookies, pixels (e.g., Meta Pixel, Google tags, LinkedIn Insight), local storage, and web beacons for essential operations, analytics, and advertising. See Section 8 (Cookies & Ads) for controls.
C. Information from third parties
- Ad platforms & partners. Limited data from platforms (e.g., campaign and conversion metrics) to manage and report on campaigns.
- Service providers. Tooling for support, CRM, analytics, and cloud infrastructure.
- Social media & lead sources. Publicly available or shared business contact info (e.g., events, referrals, or social profiles) in compliance with applicable law.
3. How We Use Information
We use information to:
- Provide & operate the Services, including account creation, security, and customer support.
- Run & optimize marketing campaigns on your behalf (processor role) according to your instructions.
- Improve the Services and develop new features (e.g., troubleshooting, analytics, research).
- Personalize experiences and content.
- Communicate with you about updates, security alerts, and administrative or marketing messages (you can opt out of marketing).
- Process payments and prevent fraud, abuse, and security incidents.
- Comply with legal obligations and enforce our Terms.
AI tools.
Some features may use AI models to assist with creative generation or recommendations. We configure our systems and vendors so that prompts/outputs and related data are processed only to provide the Services and not used by vendors to train generalized models without appropriate instructions or agreements. You remain responsible for reviewing AI-assisted content for accuracy and compliance.
4. Our Role as Processor (Client Campaign Data)
When clients upload or grant access to personal data for advertising (e.g., hashed emails for audience matching, creative assets, performance metrics), Lofi processes such data solely on the client's documented instructions and the DPA. Clients:
- Must ensure a valid lawful basis (e.g., consent/opt-in, legitimate interests) and required notices for ad-tech uses.
- Are responsible for platform and regulatory compliance (e.g., Meta/Google policies, privacy and advertising laws).
- Must not provide personal data that violates law or platform rules.
5. Legal Bases (EEA/UK)
Where GDPR/UK GDPR applies, we process personal data on the following bases:
- Contract (Art. 6(1)(b)) to provide the Services you request.
- Legitimate interests (Art. 6(1)(f)) such as securing and improving the Services, and B2B marketing (balanced with your rights).
- Consent (Art. 6(1)(a)) for certain cookies/advertising and email marketing where required.
- Legal obligation (Art. 6(1)(c)) for compliance and recordkeeping.
6. How We Share Information
We may share information with:
- Service providers / processors (e.g., cloud hosting, analytics, security, support, CRM, payment processing, A/B testing, and AI infrastructure) bound by confidentiality and data-processing terms.
- Ad platforms to run and measure campaigns you authorize.
- Professional advisors & authorities (e.g., to comply with law, enforce our terms, or protect rights and safety).
- Business transfers in connection with mergers, acquisitions, financing, or asset sales (subject to this Policy).
- Affiliates for Services consistent with this Policy.
We do not sell your personal information for money. For California's CPRA, some of our use of advertising cookies/pixels may be considered "sharing" for cross-context behavioral advertising. See Section 9 for your opt-out rights.
7. Data Retention
We retain information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Typical periods:
- Account data: for your account lifetime and a reasonable period thereafter (e.g., 12–24 months) unless deletion is requested or required sooner.
- Campaign data (processor role): as directed by the client or for the term in the DPA, then deleted or returned.
- Logs/analytics: for limited periods necessary for security and performance (e.g., 12–18 months), then aggregated or deleted.
8. Cookies, Analytics & Advertising
A. Types of cookies/tech
- Strictly necessary for core functions (authentication, security).
- Analytics (e.g., page performance, usage patterns).
- Advertising to measure conversions and deliver/limit ads.
B. Your choices
- Cookie controls. Browser settings can block or delete cookies; some features may not function without them.
- Consent banner. Where required, we present controls to accept, reject, or manage non-essential cookies.
- Platform tools. You can manage ad settings on major platforms (e.g., Google Ad Settings, Meta Ad Preferences, LinkedIn Ads).
- Do Not Track. Our Services currently do not respond to DNT signals. We honor Global Privacy Control (GPC) signals for CPRA "sale/share" opt-outs.
9. Your Privacy Rights
A. California (CPRA) & certain U.S. state laws
Residents of California (and, as applicable, CO/CT/VA/UT, etc.) may have the right to:
- Know/Access categories and specific pieces of personal information collected.
- Delete personal information.
- Correct inaccurate personal information.
- Opt out of "sale" or "sharing" of personal information for cross-context behavioral advertising (we do not sell for money, but we may "share" via advertising cookies/pixels).
- Limit use/disclosure of sensitive personal information (we do not use SPI for inferring characteristics).
- Non-discrimination for exercising rights.
How to exercise: Email privacy@meetlofi.com or use our web form (if available). We will verify your request and respond as required by law. You may use an authorized agent with proof of authority.
Opt-out of sale/share: Use the "Do Not Sell or Share My Personal Information" link in our footer and/or send a GPC signal from your browser, which we honor.
B. GDPR/UK GDPR (EEA/UK)
You may have the right to access, rectify, erase, restrict or object to processing, and data portability. Where we rely on consent, you may withdraw it at any time. You also have the right to lodge a complaint with your local supervisory authority.
10. International Transfers
We are headquartered in the United States and may transfer personal data to countries that may not provide the same level of protection as your jurisdiction. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses and additional measures). Contact us for details.
11. Security
We implement administrative, technical, and physical safeguards designed to protect personal information (e.g., access controls, encryption in transit, vulnerability management). No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
12. Children's Privacy
The Services are not directed to children and we do not knowingly collect personal information from children under 13 (or under 16 where a higher age threshold applies). If you believe a child has provided personal information to us, contact privacy@meetlofi.com and we will take appropriate action.
13. Your Choices
- Access & updates. You can review and update certain account information in your settings or by contacting us.
- Marketing communications. You may opt out of promotional emails by using the unsubscribe link or contacting us. We may still send transactional or service messages.
14. California Notice at Collection
We collect the following categories of personal information for the purposes described in Sections 3, 8, and 9, and retain them for the periods described in Section 7:
| Category (CPRA) | Examples | Sources | Purposes | Disclosure (last 12 months) |
|---|---|---|---|---|
| Identifiers | Name, email, IP address, device IDs | You; automatic collection; partners | Provide Services; security; analytics; marketing | Service providers; ad/analytics partners |
| Customer Records | Billing contact, limited payment metadata (cards via Stripe) | You; payment processor | Billing; fraud prevention | Payment processor; service providers |
| Commercial Info | Subscription level, transaction history | You; systems | Provide & improve Services | Service providers |
| Internet/Network | Pages viewed, referrers, timestamps | Automatic collection | Analytics; security; improve Services | Analytics providers |
| Geolocation (general) | Approximate location from IP | Automatic collection | Localization; fraud prevention | Service providers |
| Professional/Employment | Company, role | You; public sources | B2B sales/marketing; provide Services | Service providers |
| Inferences | Preferences derived from usage | Our systems | Personalization; improve Services | Not sold; may be shared for ads/analytics |
| Sensitive PI | We do not collect SPI for inferring characteristics | N/A | N/A | N/A |
Sale/Share: We do not sell personal information for money. We may share identifiers, internet/network activity, and inferences with advertising/analytics partners for cross-context behavioral advertising. You can opt out via the footer link and by sending a GPC signal.
15. Third-Party Links
Our Services may contain links to third-party sites or services. We are not responsible for their privacy practices. Review their policies before providing information.
16. Changes to this Policy
We may update this Policy from time to time. When we do, we will post the updated version and revise the "Effective Date" above. Material changes will be communicated via the Services or by email where appropriate.
17. Contact Us
Lofi Marketing LLC
Attn: Privacy
Email: legal@meetlofi.com
- For EEA/UK users: If applicable, you may contact our EU/UK representative at: [Insert representative contact].
- For California residents: Use the "Do Not Sell or Share My Personal Information" link in our footer to exercise CPRA opt-out rights.