Privacy Policy

1. Information We Collect

We collect information you provide directly, information we collect automatically, and information about your clients and leads that flows through our platform on your behalf.

Information you provide to us:

• Name, email address, phone number, and firm name when you sign up
• Billing and payment information (processed securely by Stripe / FastPayDirect — we do not store card numbers)
• Communications with our support team
• Website content you provide for your law firm website build

Information collected automatically:

• IP address, browser type, operating system, and referring URLs
• Pages visited, time on site, and click behavior (via analytics)
• Device identifiers and cookie data

Lead and client data (processed on your behalf):

• Names, phone numbers, and email addresses of your law firm's leads and clients
• Communication history (SMS, email, call logs) generated through our automation platform
• Consultation and appointment data

This data belongs to you. We process it solely to deliver our services to you and never use it for our own marketing purposes.

2. How We Use Your Information

3. How We Share Your Information

We do not sell your personal information or your clients' data. We share information only in these limited circumstances:

• Service providers: Trusted third-party vendors who help us operate the platform (e.g., cloud hosting, payment processing, SMS delivery, email infrastructure). They are contractually bound to use data only as directed by us.
• Legal requirements: When required by law, court order, or to protect the rights and safety of FirmLift.ai, our customers, or the public.
• Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections.
• With your consent: For any other purpose, only with your explicit consent.

Key third-party services we use:

• GoHighLevel — CRM and automation platform
• Twilio — SMS and voice delivery
• Stripe / FastPayDirect — payment processing
• Cloudflare — DNS, CDN, and security
• ElevenLabs — AI voice synthesis

4. Cookies and Tracking

We use cookies and similar tracking technologies to improve your experience on our site. Types of cookies we use:

• Essential cookies: Required for basic site functionality. Cannot be disabled.
• Analytics cookies: Help us understand how visitors use our site. We use aggregated, anonymized data only.
• Marketing cookies: Track ad campaign effectiveness. Only used if you have provided consent.

You can control cookie preferences through your browser settings. Disabling certain cookies may limit site functionality.

5. Data Retention

We retain your account data for as long as your subscription is active and for up to 12 months after cancellation (for legal and dispute resolution purposes). Lead and client data processed through our platform can be exported or deleted at your request at any time. Upon account deletion, all your data is permanently removed within 30 days.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data ("right to be forgotten").
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interest.
• Opt-out of marketing: Unsubscribe from marketing emails at any time via the unsubscribe link.

To exercise any of these rights, email support@firmlift.ai. We respond to requests within 30 days.

7. Security

We implement industry-standard security measures including:

• TLS/SSL encryption for all data in transit
• Encrypted storage for sensitive data at rest
• Access controls limiting data access to authorized personnel only
• Regular security reviews and monitoring

No system is 100% secure. In the event of a data breach affecting your personal information, we will notify you within 72 hours as required by applicable law.

8. TCPA and SMS Compliance

Our platform facilitates automated SMS and voice communications. As a FirmLift.ai customer, you are responsible for:

• Obtaining appropriate prior express written consent from contacts before sending automated messages
• Honoring opt-out requests promptly (within 10 business days)
• Complying with applicable state and federal TCPA regulations
• Maintaining records of consent

FirmLift.ai provides technology tools — we are not responsible for your compliance with TCPA or other applicable communication laws.

9. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected information from a minor, we will delete it promptly.

10. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, disclose, or sell
• The right to delete personal information we have collected
• The right to opt out of the sale of personal information (we do not sell personal information)
• The right to non-discrimination for exercising CCPA rights

To submit a CCPA request, email support@firmlift.ai with "CCPA Request" in the subject line.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to subscribers via email at least 14 days before they take effect. The "last updated" date at the top of this page reflects the most recent revision. Continued use of our services after updates take effect constitutes acceptance of the revised policy.

12. Contact Us

For privacy-related questions, requests, or concerns:

• Email: support@firmlift.ai
• Website: firmlift.ai

We aim to respond to all privacy inquiries within 5 business days.