Privacy Policy

1. Overview and Scope

Lotivio.com (the "Platform") is an enterprise-grade, AI-powered Software-as-a-Service ("SaaS") solution designed for lead recovery, marketing automation, and sales intelligence. The Platform is operated by Allday Enterprises LLC ("Allday Enterprises," "we," "us," or "our"), a company organized under the laws of the United States of America.

This Privacy Policy ("Policy") applies to:

• All visitors to https://www.lotivio.com and any related subdomains
• All users who register for, access, or use the Lotivio Platform, including free trials, beta access, and paid subscription tiers
• All business customers, enterprise clients, and authorized end-users acting within a corporate account ("Customers")
• All individuals whose personal data is processed by the Platform as part of a Customer's use of the Service ("Data Subjects" or "End-User Contacts")
• All recipients of communications sent through or facilitated by the Platform

This Policy does not apply to third-party websites, services, or applications that may be integrated with or linked from the Platform. Allday Enterprises encourages you to review the privacy policies of any third parties whose services you access through or in connection with Lotivio.

2. Data Controller and Legal Basis

2.1 Data Controller Identity

For the purposes of applicable data protection laws — including but not limited to the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), the General Data Protection Regulation ("GDPR"), the UK GDPR, the Virginia Consumer Data Protection Act ("VCDPA"), the Colorado Privacy Act ("CPA"), the Texas Data Privacy and Security Act ("TDPSA"), and all other applicable U.S. state and international privacy frameworks — the Data Controller is:

2.2 Legal Bases for Processing (GDPR / UK GDPR)

Where the GDPR or UK GDPR applies, Allday Enterprises relies on the following legal bases for processing personal data:

• Contractual Necessity (Article 6(1)(b)): Processing necessary for the performance of a contract with you, including provision of the Platform, billing, and customer support.
• Legitimate Interests (Article 6(1)(f)): Processing for our legitimate business interests, including fraud prevention, network security, improving Platform functionality, and direct marketing to business contacts, where such interests are not overridden by your rights.
• Legal Obligation (Article 6(1)(c)): Processing necessary to comply with applicable laws, regulations, court orders, or governmental requests.
• Consent (Article 6(1)(a)): Where you have freely given, specific, informed, and unambiguous consent. You may withdraw consent at any time without affecting the lawfulness of prior processing.
• Vital Interests (Article 6(1)(d)): Where processing is necessary to protect the vital interests of you or another natural person.

3. Information We Collect

3.1 Information You Provide Directly

When you create an account, subscribe to the Platform, or communicate with us, we collect:

• Account Registration Data: Full name, business email address, phone number, company name, job title, and password (hashed and salted).
• Billing and Payment Data: Credit card information (processed by PCI-DSS Level 1 compliant payment processors), billing address, invoicing details, and subscription tier.
• Communications Data: Information contained in emails, support tickets, chat messages, surveys, and feedback you submit.
• Profile and Preferences: Settings, notification preferences, integration configurations, and user-defined workflows.

3.2 Information Collected Automatically

When you access or use the Platform, we automatically collect:

• Device and Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution, and language settings.
• Usage Data: Pages viewed, features accessed, actions taken within the Platform, session duration, click-stream data, search queries, and interaction logs.
• Log Data: Server logs, error reports, API call logs, authentication events, and security-relevant activity.
• Cookie and Tracking Data: First-party and third-party cookies, pixel tags, web beacons, local storage, and similar technologies.
• Location Data: Coarse geographic location derived from IP address. We do not collect precise GPS location.

3.3 Lead and Contact Data Processed on Your Behalf

As part of its core AI lead recovery functionality, the Platform processes business contact information submitted by, imported by, or enriched on behalf of our Customers, including:

• Prospect contact data: Names, business email addresses, phone numbers, company names, job titles, LinkedIn profiles, and other professional information
• Behavioral signals: Website visit data, form abandonment events, session recording (where enabled), email engagement metrics, and CRM activity
• Enrichment data: Third-party data appended to contact records via integrated data providers
• AI-inferred attributes: Propensity scores, lead quality scores, and behavioral patterns generated by the Platform's AI models

In this context, Allday Enterprises acts as a Data Processor (under GDPR) or Service Provider (under CCPA/CPRA) on behalf of the Customer. Customers are responsible for ensuring they have an appropriate legal basis to share this data with the Platform.

3.4 Information From Third-Party Sources

We may receive information about you from third-party sources, including:

• Integration Partners: CRM platforms, marketing automation tools, advertising platforms, and data enrichment providers
• Social and Professional Networks: Publicly available professional information from LinkedIn and similar networks
• Identity and Fraud Prevention Services: Verification and fraud detection providers
• Analytics Providers: Aggregated and anonymized analytics from third-party providers

4. How We Use Your Information

4.1 Platform Provision and Operations

• Authenticate users and manage account access
• Provide, operate, and maintain the Lotivio AI lead recovery services
• Process transactions and manage subscriptions and billing
• Deliver AI-generated lead scores, recommendations, and insights
• Enable and manage third-party integrations
• Provide technical support and respond to inquiries

4.2 Improvement and Development

• Analyze usage patterns to improve Platform features and performance
• Train, validate, and improve AI and machine learning models used within the Platform
• Conduct research and development of new features and services
• Monitor Platform health, uptime, and security

4.3 Communications and Marketing

• Send transactional communications (account confirmations, invoices, service updates, and security alerts)
• Send marketing communications where you have provided consent or we have a legitimate interest
• Administer surveys, promotions, events, and webinars
• Deliver personalized content and recommendations

4.4 Legal, Compliance, and Safety

• Comply with applicable laws, regulations, and legal processes
• Enforce our Terms of Service, Acceptable Use Policy, and other agreements
• Detect, investigate, and prevent fraud, abuse, and security incidents
• Protect the rights, property, and safety of Allday Enterprises, our users, and the public

5. Sharing and Disclosure of Information

Allday Enterprises does not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information in the following circumstances:

5.1 Service Providers and Sub-Processors

We engage vetted third-party vendors who process data on our behalf under binding Data Processing Agreements ("DPAs"). These include:

• Cloud infrastructure providers (e.g., AWS, Google Cloud, Microsoft Azure)
• Payment processors (PCI-DSS Level 1 certified)
• Email and communication delivery services
• Analytics and business intelligence tools
• Customer relationship management platforms
• Cybersecurity, fraud detection, and identity verification services
• AI model infrastructure and LLM API providers
• Legal, accounting, and professional advisory firms

A current list of sub-processors is available upon request at privacy@lotivio.com.

5.2 Business Transfers

In the event of a merger, acquisition, reorganization, asset sale, bankruptcy, or similar transaction, your information may be transferred to a successor entity. We will provide notice prior to any such transfer and before personal data becomes subject to a materially different privacy policy.

5.3 Legal Requirements and Safety

We may disclose personal information if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend our rights or property; (c) prevent fraud or address security issues; or (d) protect the safety of our users or the public.

5.4 With Your Consent

We may share your information with third parties when you have provided explicit consent to such sharing, including when you enable specific integrations through the Platform.

5.5 Aggregated and De-Identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you, for purposes such as industry benchmarking, research, analytics, and marketing materials.

6. International Data Transfers

Allday Enterprises is headquartered in the United States. When we transfer personal data from the European Economic Area ("EEA"), the United Kingdom, or Switzerland to the United States or other countries, we rely on the following legally recognized transfer mechanisms:

• Standard Contractual Clauses ("SCCs"): EU Commission-approved SCCs incorporated into our DPAs with all sub-processors and data recipients
• UK International Data Transfer Agreements ("IDTAs"): For transfers from the United Kingdom
• EU-U.S. Data Privacy Framework ("DPF"): Where applicable and to the extent Allday Enterprises maintains certification
• Adequacy Decisions: For transfers to countries recognized by the European Commission as providing adequate protection
• Binding Corporate Rules ("BCRs"): As implemented and approved by competent supervisory authorities

You may request a copy of the applicable transfer safeguards by contacting privacy@lotivio.com.

7. Data Retention

Allday Enterprises retains personal data for the minimum period necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Our general retention schedule is as follows:

Upon expiration of the applicable retention period, data is securely deleted or anonymized in accordance with NIST SP 800-88 guidelines and our internal Data Destruction Policy.

8. Security of Your Information

Allday Enterprises implements a comprehensive, multi-layered information security program designed to protect your personal data against unauthorized access, disclosure, alteration, or destruction. Our security measures include:

8.1 Technical Controls

• Encryption at rest (AES-256) and in transit (TLS 1.2+) for all personal data
• Multi-Factor Authentication (MFA) enforced for all platform administrators and available to all users
• Role-Based Access Control (RBAC) with principle of least privilege
• Continuous automated vulnerability scanning and penetration testing (minimum annually by a qualified third party)
• Web Application Firewall (WAF), Distributed Denial of Service (DDoS) protection, and intrusion detection systems
• SOC 2 Type II certification maintained and available to enterprise customers under NDA
• ISO/IEC 27001 compliance roadmap and controls implemented

8.2 Organizational Controls

• Mandatory security awareness training for all personnel accessing personal data
• Background screening for all employees with access to sensitive systems
• Formal vendor risk assessment and due diligence for all sub-processors
• Documented Incident Response Plan with defined RTO/RPO targets
• Privacy by Design and Privacy by Default principles integrated into product development lifecycle

8.3 Data Breach Notification

In the event of a confirmed personal data breach, Allday Enterprises will: (a) notify affected Customers within 72 hours of becoming aware of the breach (consistent with GDPR Article 33); (b) notify affected individuals as required by applicable law; and (c) coordinate with relevant supervisory authorities as required. Notifications will describe the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed.

9. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

9.1 Rights Under GDPR / UK GDPR (EEA and UK Residents)

• Right of Access (Article 15): Request a copy of the personal data we hold about you
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data
• Right to Erasure — 'Right to be Forgotten' (Article 17): Request deletion of your personal data, subject to legal exceptions
• Right to Restriction of Processing (Article 18): Request that we limit processing of your data in certain circumstances
• Right to Data Portability (Article 20): Receive your personal data in a structured, machine-readable format
• Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes
• Rights Related to Automated Decision-Making (Article 22): Not be subject to solely automated decisions that produce significant legal effects, and to request human review
• Right to Lodge a Complaint: File a complaint with your local data protection authority

9.2 Rights Under CCPA / CPRA (California Residents)

California residents have the following rights under the CCPA as amended by the CPRA:

• Right to Know: Request disclosure of the categories and specific pieces of personal information collected, used, shared, or sold in the preceding 12 months
• Right to Delete: Request deletion of personal information we have collected, subject to exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale or Sharing: We do not sell personal information. To the extent 'sharing' for cross-context behavioral advertising applies, you may opt out via our Privacy Preference Center
• Right to Limit Use of Sensitive Personal Information: Limit our use of sensitive personal information to permitted purposes
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights

California residents may submit requests by emailing privacy@lotivio.com or by using the webform available at https://www.lotivio.com/privacy-request. We will respond within 45 calendar days, with a possible 45-day extension upon notice.

9.3 Rights Under Other U.S. State Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), Utah (UCPA), Florida (FDBR), Nevada, Oregon, Montana, and other states with comprehensive privacy laws have substantially similar rights including access, correction, deletion, portability, opt-out of targeted advertising and profiling, and appeal of denied requests. Please contact privacy@lotivio.com to exercise any applicable rights.

9.4 How to Exercise Your Rights

To submit a privacy request, please contact us via any of the following methods:

• Email: privacy@lotivio.com
• Online Request Form: https://www.lotivio.com/privacy-request
• Mail: Allday Enterprises LLC, Attn: Data Privacy, 1401 21st Street, Suite R, Sacramento, CA 95811

We may require you to verify your identity before processing your request. Authorized agents may submit requests on your behalf with written authorization. We will respond to all verifiable requests within the timelines required by applicable law.

10. Cookies and Tracking Technologies

Lotivio.com uses cookies and similar technologies to provide, secure, and improve the Platform. By continuing to use the Platform after being presented with our Cookie Consent Manager, you consent to our use of non-essential cookies (where consent is the applicable legal basis).

10.1 Types of Cookies We Use

• Strictly Necessary: Essential for the Platform to function. Cannot be disabled. Examples: session authentication, load balancing, security tokens.
• Performance / Analytics: Collect anonymized usage data to understand how the Platform is used. Examples: Google Analytics 4, Mixpanel, Amplitude.
• Functional: Remember your preferences and settings. Examples: language preferences, UI customizations.
• Targeting / Advertising: Used for retargeting and measuring advertising effectiveness. Examples: LinkedIn Insight Tag, Google Ads pixels. Requires consent.
• AI Model Telemetry: Collect interaction data to improve AI lead recovery models. Aggregated and anonymized. Opt-out available.

You may manage cookie preferences at any time via our Cookie Preference Center accessible from the footer of the website, or by configuring your browser settings. Note that disabling certain cookies may affect Platform functionality.

11. Artificial Intelligence and Automated Decision-Making

Lotivio's core value proposition relies on AI and machine learning to analyze data, identify patterns, and generate lead recovery recommendations. This section provides transparency about our AI processing practices:

11.1 AI Processing Practices

• Lead Scoring: Our AI models analyze behavioral signals, firmographic data, and engagement metrics to generate lead quality scores. These scores are advisory in nature and are made available to Customers to inform (not replace) human decision-making.
• Intent Detection: We analyze website visitor behavior and third-party intent signals to identify contacts with elevated purchase intent.
• Personalization: AI-driven content and communication recommendations are generated to improve lead conversion rates.
• Anomaly Detection: Automated systems monitor for fraudulent activity, data anomalies, and platform abuse.

11.2 Safeguards for Automated Decisions

Where our AI processing constitutes 'automated decision-making with legal or similarly significant effects' under GDPR Article 22, we implement the following safeguards:

• Human oversight: All significant AI-generated recommendations are reviewed and approved by Customer personnel before action is taken
• Explainability: We provide Customers with feature-level explanations for AI scores and recommendations upon request
• Right to contest: Data Subjects may contact us to contest AI-generated assessments that affect them
• Model fairness: We conduct regular bias audits of our AI models to detect and mitigate discriminatory outcomes

11.3 AI Model Training

Allday Enterprises may use aggregated, anonymized, and de-identified Platform usage data to train and improve our AI models. Personal data is never used to train AI models without: (a) appropriate anonymization; (b) explicit contractual permission from the Customer; or (c) other legally sufficient basis. Customers may opt out of contributing data to AI model training by contacting privacy@lotivio.com.

12. Children's Privacy

The Lotivio Platform is designed exclusively for business use by persons aged 18 years or older. We do not knowingly collect, process, or store personal information from children under the age of 13 (or under 16 in certain jurisdictions, including the EEA and UK). If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@lotivio.com and we will take prompt steps to delete such information.

13. Do Not Track and Global Privacy Control

Some browsers transmit Do Not Track ("DNT") signals. The Platform currently does not respond to DNT signals due to the lack of a uniform industry standard. However, we honor Global Privacy Control ("GPC") signals as an opt-out of sale and sharing of personal information for California residents, consistent with CPRA requirements and applicable regulations from the California Privacy Protection Agency ("CPPA").

14. Third-Party Links and Integrations

The Platform may contain links to, or enable integrations with, third-party websites, services, and applications (such as Salesforce, HubSpot, LinkedIn, Slack, and others). This Policy does not apply to such third-party services. Allday Enterprises is not responsible for the privacy practices of third parties and encourages you to review their privacy policies. Integration of a third-party service with the Platform does not constitute endorsement by Allday Enterprises.

15. Notice to Business Customers (B2B Data Processing)

When Allday Enterprises processes personal data on behalf of a business Customer, the terms of the Customer's Master Subscription Agreement ("MSA") and Data Processing Agreement ("DPA") govern such processing. In the event of a conflict between this Policy and a Customer DPA, the DPA shall prevail with respect to the subject matter of the DPA.

Business Customers are responsible for:

• Ensuring they have a lawful basis for sharing personal data with the Platform
• Providing required notices and obtaining necessary consents from their end-user contacts
• Honoring data subject rights requests forwarded by Allday Enterprises within the required timeframes
• Maintaining accurate records of processing activities to the extent required by applicable law

A standard DPA is available at https://www.lotivio.com/legal/dpa. Enterprise Customers may request a custom DPA by contacting legal@lotivio.com.

16. Sensitive Personal Information

Allday Enterprises does not intentionally collect or request sensitive categories of personal information (as defined under GDPR Article 9, CCPA/CPRA, or equivalent laws), including racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data, health data, or data concerning a person's sex life or sexual orientation.

Customers are contractually prohibited from uploading or processing sensitive personal information through the Platform without executing a supplemental addendum with Allday Enterprises that includes appropriate technical and organizational measures. If you believe sensitive personal information has been inadvertently submitted, please contact privacy@lotivio.com immediately.

17. Regulatory Compliance Framework

Allday Enterprises maintains a comprehensive privacy and data protection compliance program that addresses the following laws, regulations, and frameworks:

18. Changes to This Privacy Policy

Allday Enterprises reserves the right to update or modify this Privacy Policy at any time. When we make material changes, we will:

• Post the updated Policy at https://www.lotivio.com/privacy with a new effective date
• Provide prominent in-Platform notice to logged-in users for at least 30 days prior to the effective date of material changes
• Send email notification to the primary account email address on file for all active Customers for significant changes
• Obtain renewed consent where legally required (e.g., under GDPR for new processing purposes)

Your continued use of the Platform following the effective date of any updated Policy constitutes your acceptance of the changes. We encourage you to review this Policy periodically.

19. Dispute Resolution and Complaints

If you have a concern about our privacy practices, please contact us first at privacy@lotivio.com. We will investigate and respond to all complaints within 30 days. EU/UK residents who are not satisfied with our response may lodge a complaint with the relevant supervisory authority:

• European Union: Your local EU data protection authority (contact details available at https://edpb.europa.eu/)
• United Kingdom: Information Commissioner's Office (ICO) — https://ico.org.uk/
• Switzerland: Federal Data Protection and Information Commissioner (FDPIC) — https://www.edoeb.admin.ch/
• United States (California): California Privacy Protection Agency (CPPA) — https://cppa.ca.gov/

20. Contact Information

For all privacy-related inquiries, rights requests, data processing agreements, or to contact our Data Protection Officer, please use the following: