Legal · Privacy Policy

Privacy Policy.

The shortest version: we ask for aggregate marketing data, never personal data; we never train AI on it; we never sell it. Here’s the long version, with the disclosures regulators care about.

Effective
May 22, 2026
Controller
Steenocki, Inc.
Scope
LiftProof app & website
01 · Summary

The plain-English version.

  • You upload aggregate, time-series data — geo + date + KPIs. That is not personal data, and we ask you not to include any.
  • We collect the bare minimum account information (email, name, billing details) needed to run the service and bill it.
  • We never sell your data, never share it with advertisers, never train third-party models on it.
  • Subprocessors (Vercel, Supabase, Clerk, Stripe, Anthropic for the AI Copilot, Chatwoot for support) are bound by data-processing agreements.
  • You can export or delete your data at any time from your account, or by emailing privacy@steenocki.com.
02 · Controller

Who is responsible for your data.

The data controller is Steenocki, Inc., a Delaware corporation, with principal office at 7750 Okeechobee Blvd., Ste 4, West Palm Beach, FL 33411, USA. For any privacy question, write to privacy@steenocki.com.

03 · What we collect

The four buckets of data.

Account data
Email, name, hashed password

Provided by you when you sign up via Clerk. Used to authenticate and contact you.

Billing data
Payment-method tokens, invoices

Card numbers are stored by Stripe, not us. We see tokens and last-4 digits.

Customer Data
Aggregate geo × date × KPI rows

The CSV you upload. No PII. Treated as confidential. Encrypted at rest.

Telemetry
Pages viewed, errors, page-perf timings

Used to debug and improve. No third-party advertising trackers.

04 · How we use it

Purposes of processing.

  • To provide the service: run analyses, render dashboards, generate AI explanations.
  • To authenticate, secure accounts, and detect abuse.
  • To bill you and process refunds.
  • To improve the service via aggregated, de-identified usage statistics.
  • To send transactional emails (receipts, security notices, account changes).
  • To respond to support requests and to send product updates (you can opt out).
  • To comply with law and enforce our Terms.
05 · Legal bases

Why we may lawfully process (GDPR).

For data subjects in the EU/UK we rely on the following GDPR bases:

  • Contract — to deliver the service you signed up for.
  • Legitimate interests — to operate, secure, and improve the service, balanced against your interests.
  • Legal obligation — tax, accounting, and record-keeping laws.
  • Consent — where you have opted in (e.g., marketing emails).
06 · AI processing

How the AI Copilot handles your data.

The in-product AI Copilot is powered by Anthropic’s Claude API. When you ask the Copilot a question, we send the relevant analysis context (lift, confidence interval, p-value, fit quality, your question) to Anthropic’s API under their zero-retention data-processing terms.

  • Anthropic does not train its models on inputs sent via the API.
  • We do not send Customer Data row-by-row; only the computed statistics.
  • The Copilot is an explanation tool, not advice. You remain the decision-maker.
07 · Sharing

Who we share data with, and why.

We share data only with subprocessors that need it to deliver the service:

SubprocessorPurposeRegion
VercelApplication hosting, CDNUSA / global edge
SupabaseDatabase & object storageUSA
ClerkAuthenticationUSA
StripePayments, invoicingUSA
AnthropicAI Copilot (zero-retention)USA
ChatwootSupport chatEU
Resend / PostmarkTransactional emailUSA

We may also disclose data if required by law, to enforce our Terms, to protect rights, property, or safety, or in connection with a merger, acquisition, or sale of assets (with notice to you).

08 · International transfers

When data crosses borders.

Steenocki, Inc. is based in the United States. If you are accessing the service from outside the U.S., your information may be transferred to, stored in, and processed in the U.S. and other countries. For transfers from the EU/UK we rely on the European Commission’s Standard Contractual Clauses (SCCs) and supplementary measures where required.

09 · Retention

How long we keep things.

  • Customer Data (uploads, analyses): for the life of your account, plus 30 days after deletion in encrypted backups.
  • Account data: for the life of your account, plus 90 days.
  • Billing records: seven years, as required by U.S. tax law.
  • Telemetry & logs: 90 days, then aggregated.
10 · Your rights

Access, correction, deletion.

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data (“right to be forgotten”).
  • Restrict or object to certain processing.
  • Receive a copy of your data in a portable format.
  • Withdraw consent (where consent is the basis).
  • Lodge a complaint with your supervisory authority.

To exercise any of these rights, email privacy@steenocki.com. We respond within 30 days.

11 · California

California residents (CCPA/CPRA).

We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under California law. California residents have the right to know, delete, correct, and limit the use of sensitive personal information; we do not process sensitive personal information for purposes that would trigger the limit-of-use right. You may exercise these rights at the contact address below; we will not discriminate against you for doing so.

12 · Children

The service is not for children.

LiftProof is intended for businesses and is not directed at children. We do not knowingly collect personal data from anyone under 13 (or 16 in the EU/UK). If you believe we have, contact us and we will delete it.

13 · Security

How we protect your data.

  • TLS 1.2+ in transit; AES-256 at rest.
  • Per-tenant row-level isolation in the database.
  • Least-privilege access for engineers; quarterly access reviews.
  • Automated dependency scanning and code review on every change.
  • Incident response process with 72-hour breach-notification commitment.

No system is perfectly secure. Report security issues to security@steenocki.com.

14 · Changes

When this policy changes.

We may update this policy. Material changes will be announced in-app or by email at least 30 days before they take effect. Continued use after the effective date is acceptance. The current version is always at liftproof.io/privacy.

15 · Contact

How to reach our privacy team.

Steenocki, Inc.
Attn: Privacy
7750 Okeechobee Blvd., Ste 4
West Palm Beach, FL 33411
USA

privacy@steenocki.com