Privacy Policy

1. Introduction

This Privacy Policy explains how DH Consulting ("we", "us", "our"), operating as LPGenius, collects, uses, discloses, and protects your personal information when you use our AI-powered landing page generation platform at https://lpgenius.online (the "Service").

We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Israeli Privacy Protection Law.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, password (hashed), profile information
• Payment Information: Processed by Paddle.com - we do not store credit card numbers
• Content: Product descriptions, prompts you submit for AI generation, images you upload
• Lead Data: Contacts/leads collected through your landing pages (you are the data controller for this data)
• Communications: Support tickets, feedback, emails you send us

2.2 Information Collected Automatically

• Usage Data: Pages viewed, features used, clicks, generation history
• Device Information: Browser type, operating system, device type, screen resolution
• Log Data: IP address, access times, referring URLs, error logs
• Analytics: Conversion rates, A/B test results, page performance metrics
• Cookies: Session cookies, preference cookies, analytics cookies (see Section 8)

2.3 Information from Third Parties

• Authentication Providers: If you sign in with Google, we receive your email and profile picture
• Payment Processor: Paddle provides transaction status and subscription information
• Analytics: Aggregated usage patterns from analytics providers

3. How We Use Your Information

3.1 To Provide the Service

• Process your AI generation requests
• Host and serve your landing pages
• Manage your account and subscription
• Process payments through Paddle
• Provide customer support

3.2 To Improve the Service

• Analyze usage patterns to improve features
• Train and improve our AI models (using anonymized/aggregated data only)
• Fix bugs and optimize performance
• Develop new features

3.3 To Communicate With You

• Send transactional emails (confirmations, invoices, alerts)
• Respond to support requests
• Send product updates and announcements (with opt-out)
• Send marketing communications (only with your consent)

3.4 For Security and Compliance

• Detect and prevent fraud and abuse
• Enforce our Terms of Service
• Comply with legal obligations
• Protect our rights and the rights of others

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on:

5. How We Share Your Information

5.1 Service Providers

We share data with third-party service providers who assist us in operating the Service:

• Paddle.com - Payment processing, invoicing, tax compliance (Merchant of Record)
• Clerk - Authentication and user management
• OpenAI/Anthropic - AI content generation (prompts only, no personal data)
• Supabase - Database hosting
• Vercel/Render - Application hosting and CDN
• Analytics providers - Usage analytics

5.2 We Do NOT Sell Your Data

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to:

• Comply with legal obligations
• Protect our rights, privacy, safety, or property
• Prevent fraud or illegal activity
• Enforce our Terms of Service

5.4 Business Transfers

If DH Consulting is involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

6. International Data Transfers

DH Consulting is based in Israel, and your data may be processed in Israel and other countries where our service providers operate (including the USA and EU).

For transfers from the EEA:

• Israel has an adequacy decision from the European Commission
• For transfers to other countries, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms

7. Data Retention

After account termination, we retain your data for 30 days to allow for account recovery, then permanently delete it.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

8.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may prevent the Service from functioning properly.

8.3 Do Not Track

We currently do not respond to "Do Not Track" browser signals, as there is no industry standard for handling them.

9. Your Privacy Rights

9.1 Rights for All Users

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data
• Export: Download your data in a portable format
• Opt-out: Unsubscribe from marketing communications

9.2 Additional Rights (GDPR - EEA Users)

• Restriction: Request restriction of processing
• Objection: Object to processing based on legitimate interest
• Withdraw Consent: Withdraw consent at any time
• Complaint: Lodge a complaint with a supervisory authority

9.3 California Privacy Rights (CCPA)

California residents have additional rights:

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to say no to the sale of personal information (we do not sell data)
• Right to equal service and price (no discrimination)

9.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at dimahasin2@gmail.com. We will respond within 30 days (or as required by applicable law).

10. Lead Data and Your Responsibilities

10.1 Your Responsibilities

As a user who collects leads, you are responsible for:

• Having a lawful basis to collect personal data (consent, legitimate interest, etc.)
• Providing your own privacy policy to your leads
• Responding to data subject requests from your leads
• Complying with applicable data protection laws (GDPR, CCPA, etc.)
• Not collecting sensitive personal data without proper safeguards

10.2 Our Role as Data Processor

We process lead data only:

• To provide the CRM functionality you requested
• According to your instructions
• With appropriate security measures
• We delete lead data within 30 days of account termination

11. Data Security

We implement appropriate technical and organizational measures to protect your data:

• Encryption: TLS/SSL encryption for data in transit, encryption at rest
• Access Controls: Role-based access, principle of least privilege
• Infrastructure: Secure cloud hosting with regular security updates
• Monitoring: Security logging and anomaly detection
• Passwords: Hashed using industry-standard algorithms
• Payment Data: Handled entirely by Paddle (PCI-DSS compliant)

While we take security seriously, no system is 100% secure. If you discover a security vulnerability, please report it to dimahasin2@gmail.com.

12. Children's Privacy

LPGenius is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately at dimahasin2@gmail.com and we will delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Email notification to your registered email
• Prominent notice on the website
• Updating the "Last Updated" date above

Your continued use of the Service after changes constitutes acceptance of the updated policy.