Privacy Policy

Lifto is an AI assistant that helps busy parents manage their kids' school and activity communications. It reads emails you forward to your Lifto address, or (with your explicit permission) reads incoming Gmail messages, and turns actionable items into Google Calendar events and Google Tasks on your own Google account.

When you sign in with Google, you may grant Lifto these scopes:

• Google Calendar (calendar.events) — to create events on your calendar from information extracted out of emails.
• Google Tasks (tasks) — to create tasks, to-dos, reminders, and money-due items on your task list.
• Gmail (gmail.readonly) — only if you opt into auto-scan. Lets Lifto read recent messages in your inbox so it can pull out school and family items without you forwarding each one.

You can also use Lifto without the gmail.readonly scope by forwarding emails manually to your personal Lifto inbound address (e.g. lifto_XXXXX@email.getlifto.ai).

Incoming emails (forwarded or auto-scanned):

1. Stored in a private Supabase database (hosted on AWS US-West), scoped to your user account.
2. Sent to Anthropic's Claude API for AI extraction of events, tasks, and reminders. Anthropic does not retain or train on this data when accessed via Lifto's API key.
3. Extracted items are written back to your Google Calendar and your Google Tasks via Google's APIs.

Your preferences and review actions:

• When you tell Lifto “this event is wrong” or “this isn't relevant to me,” that feedback is stored in your account to improve your future experience.
• Your preference signals never leave your account boundary. Lifto never uses one user's preferences to shape another user's experience. Your taste is yours.
• In aggregate (no individual user identifiable), Lifto may analyze extraction-quality signals to improve the AI's accuracy for everyone. No individual email content or personal preference is part of this.

Lifto uses one AI model in the running product, for one purpose: extracting events, tasks, and reminders from emails and flyer images you submit. That processing is handled by Anthropic's Claude API.

What this means for your data:

• Anthropic does not train AI models on data sent through their paid API. That is Anthropic's published policy for API customers, which is the access tier Lifto uses.
• Anthropic's default retention for API requests is 30 days — used for safety and abuse review — after which data is automatically deleted.
• No other AI provider is used in Lifto. There is no OpenAI, Gemini, or any other model in the pipeline.
• Lifto does not train any AI model on your emails, your kids' information, or your personal preferences. In aggregate — with no individual user identifiable — Lifto may analyze extraction-quality signals to improve accuracy for everyone. No individual email content or personal preference is part of this.

The AI is invoked only when you submit an email or flyer for processing. If you use the forwarding path (not Power Mode), only the specific emails you forward are ever sent to the Claude API.

• We do not sell your data to anyone.
• We do not share your email content with advertisers, marketers, or any third party.
• We do not train AI models on your personal emails.
• We do not use your data for anything outside the service you signed up for.
• We do not combine your data with other users' data for cross-user profiling.

• Your Google account(Calendar, Tasks, Gmail) — owned by you. Google is the custodian per their terms.
• Lifto's Supabase database— hosted on AWS US-West, encrypted at rest with AES-256 and isolated per-user via Row Level Security. Supabase is SOC 2 Type II and ISO 27001 certified.
• Anthropic Claude API— email content is sent to Anthropic's Claude API for transient processing only. Anthropic does not retain, store, or use it for training models, per their API terms for paid customers.
• Vercel (hosting)— serves the Lifto web app. Does not store user data beyond normal web server logs.

Lifto is built on infrastructure designed to minimize what can go wrong:

• Encryption. All data travels over HTTPS (TLS). Data at rest in Supabase is encrypted with AES-256 via Supabase's AWS infrastructure.
• Row-level security on every table. Each user can only read and write their own rows. This is enforced at the database layer, not just in application code — so even a compromised application credential cannot expose another user's data.
• Authentication. You sign in with Google; Lifto never stores a password for you. Authentication is handled entirely by Google OAuth.
• HTTP security headers. Lifto's web app sets HSTS (with a one-year policy including subdomains), Content Security Policy, X-Frame-Options, and other standard security headers on every response.
• Watchdog monitoring. Automated jobs run every 30 minutes to check that core functions — brief delivery, email processing, routing — are working. Failures trigger an alert.
• Daily automated backups. Supabase runs automated daily backups of the database.
• Vendor security floor. Lifto's three core platforms — Supabase, Vercel, and Anthropic — are all SOC 2 Type 2 certified. Vercel and Supabase are additionally ISO 27001 certified. Independent auditors have validated their security controls.
• Internal access controls. Admin access to the database is scoped and used only for support, debugging, and legal compliance. It is not used to browse user data.

For the full technical detail, see our Security page.

• Emails and extracted items are retained in Supabase as long as you use Lifto — encrypted at rest with AES-256, isolated per-user via Row Level Security, and accessible only to Lifto's server infrastructure.
• On account deletion, all your data is purged from Supabase within 30 days. Data in your own Google account (events, tasks) stays with you.
• Google Calendar events and Google Tasks created by Lifto remain in your Google account until you delete them yourself.

You can, at any time:

• Revoke Lifto's access to your Google account at myaccount.google.com/permissions.
• Request a data export — email support@getlifto.ai.
• Request deletion — email support@getlifto.ai. We'll delete your account within 30 days.
• Correct inaccurate data directly in your Lifto dashboard.

Lifto is designed for parents managing their kids' lives. Lifto does not create accounts for users under 13. We may store non-identifying information about your kids (name, grade, school, teacher) so Lifto can match items to the right kid. This information is never shared or used outside your own account.

Lifto's use of information received from Google APIs (including gmail.readonly) adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We use your Gmail data only to provide the Lifto service.
• We do not transfer, sell, or share your Gmail data for advertising, marketing, or any unrelated purpose.
• We do not allow humans to read your Gmail data except (a) with your explicit consent, (b) for security or legal compliance, or (c) if data is aggregated and anonymized beyond re-identification.

We'll update this page when practices change. Significant changes will be announced to registered users via email at least 30 days before taking effect.

Questions? Email mary@getlifto.ai. Lifto is operated by Mary FlorCruz during the beta.