Privacy Policy

Last updated: March 24, 2026

Padlift ("we", "us", or "our") operates the padlift.com website and the Padlift platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Hashed password (if using email/password authentication)
  • OAuth profile information (if signing in with Google)

1.2 Usage Data

We automatically collect certain information when you use the Service, including:

  • Pages visited within the dashboard
  • Features used (e.g., publishing a site, adding blocks)
  • Timestamps of account activity
  • Browser type, operating system, and device type (aggregated, not individually identifying)

1.3 Published Site Analytics

When analytics are enabled on a site you create, we collect privacy-safe visitor data from your published pages. This data is:

  • Cookie-free — we do not set any cookies on your visitors' devices
  • Fingerprint-free — we do not use browser fingerprinting techniques
  • Privacy-hashed — visitor identification uses a daily-rotating, irreversible hash derived from the visitor's IP address and user-agent, making it impossible to trace back to an individual

Analytics data includes: page views, referrer URLs, and aggregate visitor counts.

1.4 Waitlist Data

When visitors sign up to a waitlist on a site you build with Padlift, we collect the data they voluntarily provide, which may include their name, email address, and any custom fields you configure.

1.5 Payment Information

We do not directly collect or store credit card numbers or payment credentials. All payment processing is handled by our third-party payment processor, Gumroad. Please refer to Gumroad's Privacy Policy for details on how they handle your payment information.

1.6 Uploaded Content

Files you upload to the Media Library (images, logos, etc.) are stored securely and used solely for the purpose of displaying them on your published sites.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process your account registration and authenticate your identity
  • Process subscriptions and payments through our payment partner
  • Send transactional emails (account confirmation, password resets, billing receipts)
  • Display aggregated, anonymous analytics on your dashboard
  • Provide customer support and respond to your inquiries
  • Detect, prevent, and address technical issues, fraud, or abuse
  • Improve and optimize the Service

We do not use your data for advertising. We do not sell, rent, or trade your personal information to advertisers or data brokers.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal bases for processing your personal data are:

  • Contract performance — processing necessary to provide the Service you requested
  • Legitimate interest — improving the Service, preventing fraud, ensuring security
  • Consent — where you have given explicit consent (e.g., opting into marketing emails)
  • Legal obligation — where processing is required by applicable law

4. Data Sharing and Third Parties

We share your information only with the following categories of third parties, and only as necessary:

  • Gumroad — payment processing for subscriptions and one-time payments
  • Neon — database hosting provider (your data is stored encrypted at rest)
  • Cloudflare — CDN and file storage (R2) for uploaded media files
  • Google — OAuth authentication (only if you choose to sign in with Google), and Google Sheets integration (only if you explicitly connect your Google account)

We do not sell, rent, or share your personal data with third parties for their marketing purposes. We do not use third-party advertising trackers, pixels, or analytics scripts (such as Google Analytics, Facebook Pixel, etc.) on the Padlift dashboard.

5. Data Retention

  • Account data is retained for as long as your account is active.
  • Waitlist entries are retained until you export and delete them, or delete the associated site.
  • Analytics data is retained for up to 90 days in rolling windows.
  • Uploaded files are retained until you delete them or delete your account.

When you delete your account, we delete all your personal data, sites, waitlist entries, and uploaded files within 30 days. Some data may be retained in encrypted backups for up to 90 additional days before being permanently purged.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Data portability — request your data in a structured, machine-readable format
  • Restriction — request that we limit processing of your data
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — withdraw previously given consent at any time

To exercise any of these rights, contact us at privacy@padlift.com. We will respond within 30 days.

7. California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Request deletion of your personal information
  • Opt out of the "sale" of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

8. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the US, your information may be transferred to, stored, and processed in the US. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses where applicable.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we discover that a child under 16 has provided us with personal information, we will delete it promptly. If you believe a child has provided us with their information, please contact us.

10. Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS for all connections)
  • Encryption at rest for database storage
  • Hashed passwords using bcrypt
  • Regular security updates and dependency audits
  • Role-based access controls for internal systems

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

11. Cookies

The Padlift dashboard uses only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Published sites created with Padlift do not set any cookies on visitors' devices unless the site owner explicitly adds third-party scripts.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise your rights, contact us at:

By using Padlift, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of your information as described herein. See also our Terms of Service.