Legal

Privacy Policy

Effective date: May 19, 2026 · Last updated: May 19, 2026

This Privacy Policy explains how OffLift ("we", "us", "our") collects, uses, stores, and shares information when you visit our website, contact us, or use the products and services we build, including chat automation that integrates with WhatsApp, Facebook Messenger, and Instagram. By using our website or services you agree to this policy.

1. Who we are

OffLift is a digital product studio that designs and builds custom software and AI automation for businesses. We operate the website at offlift.com and provide chat automation services that may connect to messaging platforms such as WhatsApp, Facebook Messenger, and Instagram on behalf of our clients.

For the OffLift website and the marketing services we run directly, OffLift is the data controller. When we build and operate a chat automation product for a client, the client is the controller and OffLift acts as a processor on the client's behalf.

2. Information we collect

2.1 Information you give us

  • Contact details — name, business name, email, phone number, and anything you tell us when you book a call, email us, or submit a form.
  • Project information — details you share about your business, goals, integrations, content, or sample data during scoping or delivery.

2.2 Information collected automatically

  • Usage and device data — pages viewed, referrers, approximate location (from IP), browser, device, operating system, and timestamps.
  • Cookies and similar technologies — used to make the site work, remember preferences, and measure traffic. We use Google Analytics (GA4); you can opt out via your browser settings or Google's opt-out tool.

2.3 Information from messaging platforms

When our chat automation is connected to a messaging platform (such as WhatsApp Business, Facebook Messenger, or Instagram Direct) on behalf of a client, we process the messages, profile information (such as name and platform user ID), media, and metadata that the platform sends to that business. This data is used only to operate the chat automation for that client and is governed by the client's own privacy policy and applicable platform terms.

3. How we use information

We use the information we collect to:

  • Operate, maintain, and improve our website and services.
  • Respond to inquiries, schedule calls, and provide proposals and support.
  • Build, run, and improve chat automation products — including understanding incoming messages, generating replies, booking appointments, capturing leads, and triggering follow-ups.
  • Send service-related communications (e.g. responses to your request). We do not send unsolicited marketing.
  • Measure performance, debug issues, prevent abuse, and keep our systems secure.
  • Comply with legal obligations and enforce our agreements.

Where required by law, we rely on one of the following legal bases: your consent, the performance of a contract with you, our legitimate interests (e.g. running our business and securing our systems), or compliance with a legal obligation.

4. Meta / Facebook platforms

Our products may integrate with Meta platforms — WhatsApp Business Platform, Facebook Messenger, and Instagram — through the Meta Graph API and related developer products. When these integrations are used:

  • We access only the data needed to operate the agreed functionality (for example, receiving and sending messages on the business's Page or WhatsApp number).
  • We do not sell information obtained through Meta platforms, and we do not use it for advertising or for purposes unrelated to the requested service.
  • We comply with the Meta Platform Terms, Developer Policies, and applicable platform-specific terms (including the WhatsApp Business Solution Terms).
  • Access tokens and credentials are stored securely and used only for the integrations they were granted for. You can revoke access at any time from your Meta Business Settings.

End users who interact with a business through a chat automation we operate should consult that business's own privacy policy for the specifics of how their data is used.

5. How we share information

We do not sell personal information. We share it only in these limited cases:

  • Service providers we use to run our business — for example, hosting, analytics, email, calendar, CRM, and AI model providers — strictly to the extent needed to provide their service to us.
  • Clients — when we operate a chat automation on a client's behalf, the data flowing through that integration is shared with the client (it is, in fact, theirs).
  • Legal and safety — when required by law, legal process, or to protect the rights, property, or safety of OffLift, our clients, our users, or others.
  • Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

6. Data retention

We keep information only as long as we need it for the purposes described in this policy, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Retention periods for client chat data are set by each client and configured in the relevant automation.

7. Security

We use reasonable technical and organisational measures designed to protect information against loss, misuse, unauthorised access, disclosure, alteration, and destruction — including encryption in transit, access controls, and least-privilege principles for credentials. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security.

8. Your rights

Depending on where you live, you may have the right to access, correct, update, port, restrict, or delete personal information we hold about you, and to object to or withdraw consent for certain processing. To exercise any of these rights, contact us at [email protected]. If we process your data on a client's behalf, we will forward your request to that client.

You also have the right to lodge a complaint with your local data protection authority.

9. Children

Our website and services are not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. International data transfers

We may process and store information in countries other than the one in which you reside. Where required, we use appropriate safeguards (such as standard contractual clauses) to protect transfers of personal data outside your region.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be highlighted on this page or communicated to you where appropriate.

12. Contact us

If you have any questions about this Privacy Policy or our handling of your information, contact us at: