Privacy Policy

1. About NotiProof & Lucalvry LLC

NotiProof is a product operated by Lucalvry LLC ("Lucalvry," "we," "our," "us"), a Wyoming limited liability company. References to "NotiProof" in this Privacy Policy refer to the product and platform; references to "we," "us," and "our" refer to Lucalvry LLC as the legal entity and data controller.

2. Introduction & Data Controller

We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at notiproof.com and use the NotiProof Service (collectively, the "Service").

Data Controller: Lucalvry LLC (operator of NotiProof)
Email: privacy@notiproof.com
Data Protection Officer (DPO): privacy@notiproof.com

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

3. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person.
• Processing: Any operation performed on Personal Data, including collection, storage, use, and deletion.
• Data Subject: The individual whose Personal Data is being processed (i.e., you).
• Sub-processor: A third-party service provider that processes Personal Data on our behalf.
• Cookies: Small data files stored on your device by your web browser.

4. Information We Collect

4.1 Information You Provide Directly

• Account Information: Name, email address, password, company name, and website URL when you create an account.
• Billing Information: Payment card details and billing address (processed securely by Stripe; we do not store full card numbers).
• Support Communications: Messages, emails, and attachments you send to our support team.
• User Content: Testimonials, reviews, images, and videos you upload to the platform.

4.2 Information Collected Automatically

• Usage Data: Pages visited, features used, notification performance metrics, click-through rates, and session duration.
• Device Information: Browser type, operating system, screen resolution, and device identifiers.
• Log Data: IP address, access times, referring URLs, and error logs.
• Cookie Data: Information collected through cookies and similar technologies (see our Cookie Policy).

4.3 Information from Third Parties

• Review Platforms: When you connect review aggregation, we may collect review data from Google, Yelp, Trustpilot, and similar platforms.
• Integration Partners: Data received through integrations such as Shopify, WordPress, and Zapier as configured by you.

5. How We Collect Information

We collect information through the following methods:

• Directly from you when you register, subscribe, submit content, or contact us.
• Automatically through cookies, log files, and analytics tools when you use the Service.
• From third parties such as payment processors, review platforms, and integration partners you authorize.

6. Legal Bases for Processing (GDPR Article 6)

We process your Personal Data under the following legal bases:

• Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Service you subscribed to, manage your account, and fulfill our contractual obligations.
• Consent (Art. 6(1)(a)): Where you have given explicit consent, such as for marketing communications or non-essential cookies. You may withdraw consent at any time.
• Legitimate Interest (Art. 6(1)(f)): Processing necessary for our legitimate interests, such as improving the Service, fraud prevention, and security, provided these interests are not overridden by your rights.
• Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with applicable laws, such as tax reporting and responding to legal requests.

7. How We Use Your Information

We use your information for the following purposes:

1. Providing, maintaining, and improving the Service.
2. Processing payments and managing subscriptions.
3. Sending transactional communications (account confirmations, billing receipts, service alerts).
4. Sending marketing communications (only with your consent; you can opt out at any time).
5. Providing customer support and responding to inquiries.
6. Analyzing usage patterns to improve user experience and develop new features.
7. Generating aggregated, anonymized analytics and benchmarks.
8. Detecting, preventing, and addressing fraud, abuse, and security issues.
9. Complying with legal obligations and enforcing our Terms of Service.
10. Personalizing your experience and delivering relevant content.
11. Conducting A/B testing to optimize the Service.
12. Managing integrations and third-party connections you authorize.

8. Data Sharing & Third Parties

We do not sell your Personal Data. We share data only in the following circumstances:

8.1 Sub-processors

8.2 Other Disclosures

• Legal Requirements: When required by law, subpoena, court order, or governmental request.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.
• With Your Consent: When you explicitly authorize sharing with a specific third party.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. When we transfer data internationally, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Adequacy decisions where applicable.
• Sub-processor agreements that include appropriate data protection safeguards.

10. Data Retention

We retain your Personal Data only as long as necessary for the purposes outlined in this policy:

• Account data: Retained while your account is active and for 30 days after deletion to allow recovery.
• Billing records: Retained for 7 years as required by tax and accounting laws.
• Usage logs: Retained for up to 24 months, then anonymized or deleted.
• Support communications: Retained for up to 3 years after resolution.
• Marketing consent records: Retained for as long as consent is valid, plus 3 years for compliance documentation.

11. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service. For a detailed breakdown of the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

You can manage your cookie preferences at any time through the cookie consent banner or your browser settings.

12. Your Rights Under GDPR

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights:

• Right of Access (Art. 15): Request a copy of the Personal Data we hold about you.
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Art. 17): Request deletion of your Personal Data ("right to be forgotten").
• Right to Restriction (Art. 18): Request restriction of processing in certain circumstances.
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
• Right Regarding Automated Decision-Making (Art. 22): Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Lucalvry LLC does not currently engage in solely automated decision-making.

To exercise any of these rights, contact us at privacy@notiproof.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

13. Your Rights Under CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of Personal Data we have collected.
• Right to Delete: Request deletion of your Personal Data, subject to certain exceptions.
• Right to Opt-Out: Opt out of the "sale" of Personal Data. Lucalvry LLC does not sell Personal Data.
• Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your CCPA rights.

To exercise these rights, email privacy@notiproof.com or visit our contact page.

14. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect Personal Data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly. If you believe a child has provided us with Personal Data, please contact us at privacy@notiproof.com.

15. Security Measures

We implement industry-standard security measures to protect your data, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Regular security audits and vulnerability assessments.
• Role-based access controls and principle of least privilege.
• Secure password hashing (bcrypt).
• Regular backups with encrypted storage.
• SOC 2 Type II compliance practices.

While we strive to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also send an email notification. Your continued use of the Service after changes constitutes acceptance of the updated policy.

17. Contact & Data Protection Officer

For privacy-related inquiries, data access requests, or complaints, contact us at:

• Legal entity: Lucalvry LLC, attn: NotiProof Privacy
• Jurisdiction: Wyoming, United States
• Mailing address: 30 N Gould St, STE R, Sheridan, WY 82801
• Email: privacy@notiproof.com
• DPO Email: privacy@notiproof.com
• Contact Page: notiproof.com/company/contact

If you are in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority (Data Protection Authority).