Privacy Policy

Controller

Liftra ("we", "us") is the data controller for personal data collected through this site. For any privacy enquiry, contact us at privacy@liftra.ai. A full legal entity name and registered address will be published before launch; until then this address is the primary point of contact for data-protection matters.

What we collect

When you join the waitlist, Liftra stores your email address, consent timestamp, the policy versions you accepted, and privacy-preserving SHA-256 fingerprints derived from your IP address and browser user agent. We do not store raw IP addresses, and we do not set tracking cookies or run third-party analytics on this site.

Why we use it

We use your email only to manage the Liftra waitlist and send early TestFlight access or essential waitlist updates. The lawful basis under GDPR / UK GDPR is your consent (Art. 6(1)(a)), which you give by ticking the consent box before submission. You may withdraw consent at any time without affecting the lawfulness of prior processing.

Retention

Waitlist data is kept until 30 days after public launch, or until you ask us to delete it — whichever comes first. Deletion requests are retained only as long as needed to process and evidence the request (typically up to 12 months), then permanently erased.

Where data is stored

Waitlist data is stored in Lovable Cloud (managed Supabase Postgres) in the European Union. Data does not leave the EU for this waitlist. If you receive a TestFlight invite, Apple's TestFlight handles delivery under Apple's own privacy terms.

Processors

We rely on the following sub-processors:

• Lovable Cloud (Supabase) — database hosting, EU region
• Apple TestFlight — beta build distribution, only if you receive an invite

Your rights

Under GDPR, UK GDPR, Swiss FADP, and similar regimes, you can request access, correction, deletion, restriction, portability, or withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority. Submit a deletion request through the form, or email us at privacy@liftra.ai. California residents (CCPA/CPRA): we do not sell or share personal information.

Children

Liftra is not directed at children under 16, and we do not knowingly collect data from them. If you believe a child has submitted their email, contact us and we will delete it.

Security & breach notification

Access to waitlist data is restricted to server-side processes with row-level security enabled; public visitors cannot read or enumerate records. In the event of a personal data breach affecting your rights, we will notify the competent supervisory authority within 72 hours and, where required, inform affected users without undue delay.

Changes to this policy

We may update this policy as Liftra evolves. Material changes will be reflected in the version date above and, where appropriate, communicated by email.