Privacy Policy

Last updated: March 25, 2026

Overview

LegacyLift ("we," "us," "our") respects your privacy. This policy explains what data we collect, how we use it, and your rights. The short version: we collect as little as possible, we never sell your data, and self-service migrations are 100% local.

1. Data We Collect

Self-Service (Desktop Application)

The LegacyLift desktop application runs entirely on your computer. We collect:

  • Email address: Provided at checkout for token delivery.
  • Payment information: Processed by Stripe. We never see or store your credit card number.

The application itself collects no data. It does not phone home, transmit telemetry, or communicate with any server during migration. Your files never leave your machine.

Done-For-You Service

When you use our managed migration service, we collect:

  • Contact information: Name, email, company (optional), phone (optional).
  • Project description: Information you provide about your migration needs.
  • Uploaded files: The legacy files you send us for migration.

Website

Our website does not use third-party tracking cookies, analytics scripts, or advertising pixels. We do not use Google Analytics, Facebook Pixel, or similar services. Server logs may record IP addresses and request metadata for security purposes; these are retained for 30 days.

2. How We Use Your Data

  • Email address: To deliver your purchased token file and provide support.
  • Contact information: To communicate about your migration project.
  • Uploaded files: Solely to perform the requested migration. Files are not used for any other purpose.
  • Server logs: For security monitoring and abuse prevention only.

We do not sell, rent, or share your personal information with third parties. We do not use your data for marketing unless you explicitly opt in.

3. Data Retention

Self-Service

We retain your email address and purchase record for the duration of your token validity (up to 365 days) plus 30 days, for support purposes. After that, records are deleted.

Done-For-You

Uploaded files and migration output are permanently deleted within 48 hours of delivery confirmation. We retain project metadata (name, email, description — but not your files) for 90 days for support purposes, then delete it.

4. Data Security

All data in transit is protected with TLS 1.2+ encryption. Uploaded files are stored on encrypted infrastructure. Access is limited to the LegacyLift owner — no employees, contractors, or third parties can access your files. See our Security page for full details.

5. Third-Party Services

We use the following third-party services:

  • Stripe: Payment processing. Stripe's privacy policy applies to payment data. We do not store card numbers.
  • SMTP email provider: For transactional emails (token delivery, consultation confirmations). Emails contain your name, email, and token file.

We do not share your data with any other third parties.

6. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your personal data. We will comply within 30 days.
  • Data portability: Request your data in a standard format.
  • Opt out: Unsubscribe from any marketing communications at any time.

To exercise any of these rights, email support@legacy-lyft.com.

7. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect and how it is used.
  • Right to delete personal information we hold about you.
  • Right to opt out of the sale of personal information. We do not sell personal information.
  • Right to non-discrimination for exercising your privacy rights.

8. European Residents (GDPR)

If you are located in the European Economic Area, our legal basis for processing your data is:

  • Contract performance: Processing necessary to deliver purchased tokens and migration services.
  • Legitimate interest: Server logging for security purposes.

You may contact us to exercise your GDPR rights, including access, rectification, erasure, and data portability.

9. Children

LegacyLift is a business tool not directed at children. We do not knowingly collect data from individuals under 16. If you believe we have, contact us and we will delete it immediately.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be posted on this page with an updated date. Continued use of our services after changes constitutes acceptance.

11. Data Processing Agreement

If you use our Done-For-You or IT Teams bulk migration services, our Data Processing Agreement provides additional detail on how we handle, protect, and delete your files during managed migrations.

12. Contact

Privacy questions or data requests: support@legacy-lyft.com