Privacy Policy

Effective Date: January 17, 2025 | Last Updated: January 17, 2025

Global Privacy Commitment

LTFI.AI ("Service"), operated by Kief Studio LLC ("we", "us"), is committed to protecting your privacy globally. This policy complies with GDPR (EU), CCPA/CPRA (California), LGPD (Brazil), PIPEDA (Canada), and other major privacy regulations worldwide.

Information We Collect

Waitlist Registration

  • Personal Data: Name, Email (both encrypted with Argon2id)
  • Business Data: Company name, Website URL
  • Legal Basis: Legitimate interest (pre-launch communication) and consent (opt-in)
  • Retention: Until service launch + 6 months, or until deletion requested

Analytics & Infrastructure

Plausible CE (Self-Hosted):

  • NO cookies, local storage, or persistent identifiers
  • NO personal data or IP addresses stored
  • Daily-rotating anonymized visitor hash
  • Aggregated metrics only: page views, referrers, countries

Cloudflare Analytics:

  • Web performance metrics (page load times, Core Web Vitals)
  • Traffic analytics without individual tracking
  • No cookies or client-side state
  • Legal Basis: Legitimate interest (performance & security)

Future Service Data

When LTFI launches, we will collect:

  • Account information for service provision
  • Usage data for performance optimization
  • Integration data as authorized by you

Your Global Privacy Rights

πŸ‡ͺπŸ‡Ί EU/UK/EEA Residents (GDPR)

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent at any time
  • Lodge complaints with supervisory authorities

πŸ‡ΊπŸ‡Έ California Residents (CCPA/CPRA)

  • Know what personal information we collect
  • Delete your personal information
  • Opt-out of sale/sharing (we don't sell data)
  • Correct inaccurate information
  • Limit use of sensitive information
  • Non-discrimination for exercising rights

πŸ‡§πŸ‡· Brazil Residents (LGPD)

  • Confirmation of processing
  • Access to your data
  • Correction of incomplete/outdated data
  • Anonymization, blocking, or deletion
  • Data portability
  • Information about sharing
  • Consent withdrawal

🌍 Other Jurisdictions

Residents of Canada (PIPEDA), Australia (Privacy Act), Japan (APPI), Singapore (PDPA), South Africa (POPIA), and India (DPDP) have similar rights. Contact us to exercise your specific regional rights.

β†’ Exercise Your Data Rights

Third-Party Service Providers

Cloudflare (Infrastructure & Security)

We use Cloudflare as our CDN and security provider. As a data processor, Cloudflare:

  • Provides DDoS protection and Web Application Firewall (WAF)
  • Processes traffic data to detect and mitigate threats
  • Caches static content to improve performance globally
  • Logs: IP addresses retained for 4 hours (edge), security events for 24-72 hours
  • Certifications: SOC 2 Type II, ISO 27001/27018/27701, PCI DSS Level 1
  • GDPR compliant with EU-approved Code of Conduct

Sub-processors: View list

Security Infrastructure

  • Fail2ban: Automated threat detection and IP blocking
  • NGINX: Reverse proxy with access logging for security monitoring
  • Purpose: Protect against malicious attacks, ensure service availability
  • Legal Basis: Legitimate interest (security and fraud prevention)
  • Retention: Security logs retained for 30 days, then deleted

Data Security

  • Encryption: Argon2id for personal data (GPU-resistant)
  • Transport: TLS 1.3+ enforced via Cloudflare
  • Storage: AES-256 encryption at rest
  • Access: Role-based access controls with multi-factor authentication
  • Monitoring: 24/7 automated security monitoring and threat detection
  • Breach Response: 72-hour notification commitment

Data Transfers

We primarily process data in the United States. International data transfers occur through:

  • Cloudflare's Global Network: Data may transit through Cloudflare's 300+ edge locations worldwide
  • Safeguards: Standard Contractual Clauses (SCCs) for EU/UK transfers
  • Cloudflare DPA: Data Processing Addendum with GDPR-compliant terms
  • Data Localization: Compliance with regional requirements where applicable

Children's Privacy

LTFI is not intended for users under 16 (or higher age in certain jurisdictions). We do not knowingly collect data from minors.

Do Not Sell/Share

We do NOT sell or share your personal information for advertising or any other purposes.

Contact & Complaints

Data Protection Officer: [email protected]

Response Time: Within 30 days (or regional requirement)

EU residents may lodge complaints with their local Data Protection Authority.

California residents may contact the California Privacy Protection Agency.

Updates to This Policy

We'll notify you of material changes via email (for registered users) and update the "Last Updated" date.

← Back to LTFI