Privacy Policy

1. Introduction and Scope

This Privacy Policy describes how Lyfework ("Service Provider," "we," "us," or "our") collects, uses, shares, and protects information in connection with the Lyfework IO Platform ("Platform") and all related services ("Services").

When we refer to "Lyfework," we mean Justyn Cruz, doing business as Lyfework, and its relevant affiliates responsible for the collection, use, sharing, or other processing of Personal Data.

This Privacy Policy applies to Personal Data collected by us in the following situations:

• When you visit our websites displaying or linking to this Privacy Policy.
• When you visit our official social media pages and engage with our content.
• When you receive communications directly from us, including emails, phone calls, texts, or faxes.
• When you use our software products, platforms, and services as an authorized user, where Lyfework acts as a controller of your Personal Data.
• When you apply for employment opportunities with Lyfework.

Our websites, platforms, and services may contain links to third-party websites, each operating under their own privacy policies. We are not responsible for the privacy practices of these third parties, and we recommend reviewing their policies before providing any Personal Data.

2. Responsible Entity

Lyfework is the responsible party for your Personal Data as outlined in this Privacy Policy, unless stated otherwise. This Privacy Policy does not cover situations where we handle Personal Data as a processor or service provider on behalf of our clients, such as when we provide our software products, platforms, and services that our clients use to collect, use, share, or manage Personal Data from their own customers or users.

For comprehensive privacy details pertinent to a Lyfework client utilizing Lyfework's software products, platforms, and services, please contact that specific client directly. The privacy and data security practices of our clients are distinct from those outlined in this Privacy Policy and are not within our direct control.

3. What Personal Data We Collect

3.1 Account and Registration Data

Information provided when creating or managing an account, such as name, email address, physical address, phone number, and billing information.

3.2 Usage and Operational Data

Metadata automatically collected to calculate usage and utility charges. This includes call initiation and duration, text message segments, workflow executions, and AI processing volume (content word counts, model tokens, review AI executions).

3.3 Technical Data

Log files, IP addresses, browser type, date/time stamps, clickstream data, and device identifiers used for platform optimization and security.

3.4 Transaction Data

Payment processing records, invoice history, subscription details, and billing-related information necessary for service delivery and financial compliance.

3.5 Additional Categories

• Identifiers: Names, email addresses, phone numbers, postal addresses, and unique online identifiers.
• Geolocation data: Derived from your device or IP address.
• Professional information: Pertaining to your business or role.
• Visual data: If you participate in video calls or provide profile photos.
• Online activity information: Details about your interactions with our websites and services.
• Inferences: Drawn from the above data to create a profile reflecting your preferences or characteristics.

4. Client Data (Processor Role)

Client Data refers to all data that the Client uploads, inputs, or collects through the use of the Platform (e.g., their customers' data). We only use Client Data as directed by the Client or as necessary to provide the Services defined in the Service Agreement.

4.1 Categories of Client Data

• End-User Data: Names, phone numbers, email addresses, and communication records of the Client's customers and prospects.
• Communication Content: The content of SMS, emails, chat messages, and call recordings generated or stored within the Client's Lyfework IO sub-account.
• Digital Assets: Client's branding, logos, website copy, and content used for funnel or website building.

4.2 How We Process Client Data

• Executing automations and workflows designed by the Client.
• Transmitting communications (SMS, email) to the Client's End-Users.
• Generating reports and analytics for the Client's use.
• Storing data within the Client's dedicated sub-account.

5. How We Use Your Information

We use the Platform Data we collect directly (as a controller) for the following purposes:

• Service Delivery and Billing: To operate, maintain, and provide all features of the Platform; to calculate and process recurring subscription fees and utility usage charges.
• Security and Protection: Enhancing the security, integrity, and stability of our services and protecting against unauthorized access or use. To detect and prevent fraudulent, abusive, or illegal activity; and to comply with legal obligations (including Florida statutes and federal regulations).
• Account Management: Managing user registrations, subscriptions, and billing.
• Support and Communication: Handling your contact and support inquiries and providing timely responses. To send essential administrative messages, updates regarding the Terms of Service, security alerts, and support notifications.
• Service Improvement: Analyzing usage patterns to improve our websites and services, optimize performance, and develop new features.
• User Experience Enhancement: Evaluating and enhancing user experiences to make our platforms more intuitive and effective.
• Quality Assurance: Recording phone calls for internal training and quality assurance purposes where applicable and with notice.
• Legal Compliance: Complying with applicable legal obligations, regulatory requirements, and internal policies.

6. AI and Automation

6.1 AI Functionality and Client Responsibility

The Platform utilizes various Artificial Intelligence (AI) and machine learning tools (e.g., Content AI, Reviews AI, Conversation AI) to perform services on the Client's behalf. When a Client uses an AI feature, the input data provided by the Client is processed by external, specialized third-party AI models solely to generate the requested output.

The Client retains full and sole responsibility for reviewing, validating, and ensuring the legal compliance of any content or actions generated by AI features before that content is published or transmitted to an End-User. AI-generated outputs may contain inaccuracies and should be verified before use.

6.2 Subprocessors and Third-Party Services

We utilize trusted third-party service providers (Subprocessors) to perform functions necessary for Service delivery, including cloud hosting, communication carriers, and external AI providers. We only share the minimum amount of information required for them to perform their services and maintain contracts with all Subprocessors requiring them to protect Client Data and Platform Data to standards consistent with this Policy.

7. Cookies and Tracking Technologies

We utilize technologies such as cookies, web beacons, and similar methods to automatically collect device and usage data. These technologies help us analyze trends, enhance security, personalize your experience, and continuously improve our offerings.

7.1 Essential Cookies

Required for the Platform to function properly. These cookies enable core functionality such as authentication, security, and session management. They cannot be disabled without affecting Platform functionality.

7.2 Analytics Cookies

Help us understand how visitors interact with our websites by collecting and reporting information anonymously. This includes page views, traffic sources, visit duration, and navigation patterns.

7.3 Functional Cookies

Enable enhanced functionality and personalization, such as remembering your preferences, language settings, and customization choices.

7.4 Data Collected

• IP addresses and internet service providers.
• Device and application details, including unique ID numbers and features.
• Location data derived from your device settings or IP address.
• Browser types and operating systems.
• Details of viewed pages, files, and interactions on our websites.
• System configurations and timestamps.
• Visit frequency and referrer URLs.

8. Data Sharing and Disclosure

We share information only in the following circumstances:

• Service Providers: Trusted third-party vendors who perform functions on our behalf, such as payment processing, hosting, analytics, and customer support. These providers are obligated to protect your data.
• Professional Advisers: External professional advisers like lawyers, bankers, auditors, and insurers, when necessary for their professional services.
• Billing and Utility: We share transaction details and usage data with billing processors and communication carriers to complete the rebilling process.
• Legal Requirements: If required by law, court order, or governmental regulation (including subpoenas related to Florida court cases).
• Business Transfers: In the event of a merger, acquisition, or sale of assets, provided the acquiring entity agrees to adhere to the terms of this Privacy Policy.
• Analysis and Improvement: With our service providers or partners, typically in an anonymous or de-identified manner that does not directly identify you.
• Consent: When we have explicit consent from the Client or user.

9. International Data Transfers

Personal Data collected by Lyfework may be transferred to, stored, and processed in countries outside of your country of residence, primarily to the United States, where our central operations are located.

For individuals located in the European Economic Area (EEA) or the United Kingdom (UK), we implement appropriate safeguards to protect your Personal Data during such transfers, including relying on recognized legal mechanisms such as standard contractual clauses where applicable, to ensure your data receives an adequate level of protection consistent with applicable data protection laws.

10. Data Security

We employ industry-standard security measures to protect Platform Data and Client Data from unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption: TLS encryption for data transmitted over networks and encryption at rest for stored data.
• Access Controls: Role-based access controls (RBAC) to limit who can access Personal Data based on their role and necessity.
• Regular Audits: Conducting regular security assessments and audits to identify and address vulnerabilities.
• Employee Training: Training our staff on data protection best practices and our privacy policies.
• Data Minimization: Collecting only the Personal Data that is necessary for the stated purposes.

While we strive to protect your data using commercially acceptable means, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to enhance our security posture to protect your information.

11. Data Retention

We retain Platform Data for as long as necessary to maintain the Client's account, fulfill billing and legal requirements, and enforce our agreements.

We retain Client Data for the duration of the Client's active subscription. Upon termination, Client Data may be exported within a 30-day grace period, subject to data portability clauses in the Service Agreement. After this period, data may be securely deleted.

Once the retention period expires, we will securely delete your data, or if deletion is not possible (e.g., due to backup archives or legal holds), we will implement measures to prevent its further use.

12. Your Rights

12.1 General Rights

Depending on your jurisdiction and applicable data protection laws, you may have various rights regarding your Personal Data, including:

• Access: The right to request access to the Personal Data we hold about you.
• Rectification: The right to request correction of inaccurate or incomplete Personal Data.
• Deletion (Erasure): The right to request the deletion of your Personal Data under certain circumstances.
• Restriction: The right to request the restriction of processing your Personal Data under certain conditions.
• Objection: The right to object to the processing of your Personal Data in certain situations.
• Data Portability: The right to receive your Personal Data in a structured, commonly used, and machine-readable format.

12.2 US Consumer Privacy Rights (CCPA/CPRA)

We acknowledge and respect the rights of consumers as mandated by applicable U.S. state laws, including the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). Depending on your state of residence, you may have the right to:

• Know what personal information we collect about you.
• Request deletion of your personal information.
• Right to Correct: Request correction of inaccurate personal information we hold.
• Right to Limit Sensitive Data: Limit the use and disclosure of your sensitive personal information.
• Opt-out of the "sale" or "sharing" of your personal information (as broadly defined by applicable laws).
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

We will respond to all legitimate privacy rights requests within 45 days of receipt, as required by applicable law. To exercise these rights, please contact us using the information provided in Section 14.

12.3 Client Responsibility for End-User Requests

As the owner and controller of Client Data, the Client is responsible for handling all requests from their End-Users regarding data rights (e.g., access, deletion, correction). Lyfework will assist the Client in responding to these requests to the extent technically feasible.

13. Children's Privacy, Do Not Track, and Third-Party Links

13.1 Children's Privacy

Our Platform and Services are intended for users who are at least 18 years of age. We do not knowingly collect Personal Data from children under 18. In compliance with the Children's Online Privacy Protection Act (COPPA) and similar regulations, if we become aware that we have inadvertently collected Personal Data from a minor, we will take immediate steps to delete such data and terminate the associated account. If you are a parent or guardian and believe a minor under your care has provided us with Personal Data, please contact us immediately.

13.2 Do Not Track

Some web browsers transmit "Do Not Track" (DNT) signals to websites. At this time, our Platform does not respond to DNT signals. We will update this policy if a uniform DNT standard is adopted in the future.

13.3 Third-Party Links

Our Platform and websites may contain links to third-party websites and services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We encourage you to review the privacy policies of every website you visit.

14. Policy Changes and Contact Information

14.1 Data Breach Notification

In the event of a data breach that compromises the security of your Personal Data, we will notify affected individuals and relevant authorities within 72 hours, in accordance with the Florida Information Protection Act and other applicable data breach notification laws.

14.2 Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. When we make significant changes, we will provide at least 30 days' written notice through a prominent notice on our website or by direct notification (e.g., via email) prior to the changes becoming effective. We recommend regularly reviewing this policy to stay informed about our data practices.

14.3 Contact Us

For any questions, concerns, or privacy rights requests, please contact us. We are committed to responding to general inquiries within 10 business days.

By using Lyfework's Services, you acknowledge that you have read and understood this Privacy Policy, agree to its terms, and consent to be bound by them. If you do not agree with this Policy in its entirety, please refrain from using the Services.