Privacy Policy

1. Introduction and Scope

LMAP ("LMAP," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, store, and protect information obtained through our Localized Media Automation Platform (the "Service" or "Platform") and our website at https://lmap.com (the "Website").

This Privacy Policy applies to all users of our Service, including:

• Visitors: Individuals who visit our Website
• Customers: Organizations and individuals who subscribe to our Service
• Users: Authorized individuals who access the Platform on behalf of Customer organizations
• End Recipients: Individuals whose data is processed through our Platform by Customers

By using the Service, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Definitions

For purposes of this Privacy Policy:

• "Personal Information" or "Personal Data" means information that identifies, relates to, describes, or could reasonably be linked to an individual.
• "Customer Data" means data, content, and information that Customers submit to the Service, including end recipient data used for marketing campaigns.
• "Processing" means any operation performed on Personal Information, including collection, storage, use, disclosure, and deletion.
• "Controller" means the entity that determines the purposes and means of Processing Personal Information.
• "Processor" means an entity that Processes Personal Information on behalf of a Controller.
• "Third Party" means any entity other than you and us.

3. Data Controller and Processor Roles

3.1 LMAP as Data Controller

LMAP acts as a Data Controller for:

• Information about Website visitors
• Account and billing information for Customer organizations
• Information about authorized users of the Platform
• Usage data and analytics about how the Platform is used

3.2 LMAP as Data Processor

LMAP acts as a Data Processor for Customer Data, including end recipient data that Customers upload to the Platform for marketing campaigns. In this capacity:

• Customers are the Data Controllers and determine what data is collected and how it is used
• LMAP Processes Customer Data solely on behalf of and according to Customer instructions
• Customers are responsible for obtaining necessary consents and complying with applicable privacy laws
• LMAP implements appropriate security measures to protect Customer Data

4. Information We Collect

4.1 Information You Provide Directly

We collect information that you provide directly to us, including:

Account Registration Information:

• Name (first name, last name)
• Email address
• Phone number
• Company name and business information
• Job title and role
• Password (stored in encrypted form)

Billing and Payment Information:

• Billing name and address
• Payment method information (credit card numbers are processed and stored by our payment processor, not by us)
• Tax identification numbers (if applicable)
• Purchase history and transaction records

Profile and Preference Information:

• User preferences and settings
• Language and time zone preferences
• Notification preferences
• Marketing communication preferences

Customer Data:

• Marketing campaigns and templates
• Creative assets (images, videos, logos)
• Contact lists and end recipient information
• Campaign performance data
• Custom fields and metadata

Communications and Support:

• Customer support inquiries and correspondence
• Feedback, surveys, and testimonials
• Chat messages and support tickets
• Email communications with our team

4.2 Information Collected Automatically

When you use the Service, we automatically collect certain information through cookies, web beacons, and similar technologies:

Usage Information:

• Pages viewed, features accessed, and buttons clicked
• Time spent on pages and features
• Navigation paths through the Platform
• Search queries and filters used
• Campaign creation and editing activity
• Files uploaded and downloaded

Device and Technical Information:

• IP address and geolocation data (city, region, country)
• Browser type, version, and language settings
• Operating system and device type
• Screen resolution and display settings
• Device identifiers (e.g., advertising ID, device ID)
• Referring and exit pages

Log Data:

• Access times and dates
• API calls and requests
• Error messages and crash reports
• System activity and performance metrics
• Security events and authentication logs

Cookies and Tracking Technologies:

• Session cookies (expire when you close your browser)
• Persistent cookies (remain until deleted or expire)
• Analytics cookies (Google Analytics, etc.)
• Marketing cookies (for retargeting and attribution)
• Web beacons and pixel tags

4.3 Information from Third-Party Sources

We may receive information about you from third-party sources, including:

• Advertising Platforms: Performance data from Google Ads, Facebook Ads, and other integrated platforms
• Data Enrichment Services: Business information and contact data from data providers
• Social Media: Profile information if you connect social media accounts
• Partners and Affiliates: Information from referral partners or integration partners
• Publicly Available Sources: Information from public databases, business registries, and websites

5. How We Use Your Information

We use the information we collect for the following purposes:

5.1 Providing and Improving the Service

• Create and manage user accounts
• Provide access to Platform features and functionality
• Process and fulfill transactions
• Execute marketing campaigns on behalf of Customers
• Store and manage Customer Data
• Provide customer support and respond to inquiries
• Troubleshoot technical issues and bugs
• Develop new features and improve existing functionality
• Conduct research and analytics to improve the Service

5.2 Communications

• Send transactional emails (account confirmations, password resets, receipts)
• Send service notifications (system updates, maintenance windows, security alerts)
• Provide product updates and feature announcements
• Send marketing communications about our products and services (with opt-out option)
• Request feedback and conduct surveys
• Respond to your questions, comments, and requests

5.3 Business Operations

• Process billing and collect payments
• Manage subscriptions and renewals
• Prevent fraud and unauthorized access
• Enforce our Terms of Service and legal agreements
• Comply with legal obligations and regulatory requirements
• Resolve disputes and enforce our rights

5.4 Security and Fraud Prevention

• Monitor for security threats and anomalous activity
• Investigate and prevent fraud, abuse, and violations
• Implement access controls and authentication
• Conduct security audits and vulnerability assessments
• Protect the safety and security of our users and systems

5.5 Analytics and Personalization

• Analyze usage patterns and trends
• Measure the effectiveness of marketing campaigns and features
• Create aggregated, anonymized statistics and reports
• Personalize user experience and content
• Conduct A/B testing and experimentation
• Generate insights to improve business performance

5.6 Legal Compliance

• Respond to legal requests and court orders
• Comply with applicable laws and regulations
• Cooperate with law enforcement and regulatory authorities
• Establish, exercise, or defend legal claims
• Protect our rights, property, and safety

6. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your Personal Data based on the following legal grounds:

6.1 Contractual Necessity

Processing is necessary to perform our contract with you, including:

• Providing access to the Service
• Processing your subscription and payments
• Delivering customer support

6.2 Legitimate Interests

Processing is necessary for our legitimate business interests, including:

• Improving and developing the Service
• Marketing our products and services
• Preventing fraud and ensuring security
• Analyzing usage and performance
• Enforcing our Terms of Service

6.3 Consent

Where required by law, we obtain your explicit consent before processing your Personal Data, such as:

• Marketing communications
• Non-essential cookies
• Sensitive personal information

6.4 Legal Obligation

Processing is necessary to comply with legal obligations, such as:

• Responding to legal requests
• Tax and accounting requirements
• Regulatory compliance

7. How We Share Your Information

We do not sell, rent, or trade your Personal Information to third parties. We may share your information in the following circumstances:

7.1 Service Providers and Vendors

We share information with third-party service providers who perform services on our behalf, including:

• Cloud Hosting: AWS, Google Cloud, or similar providers for data storage and infrastructure
• Payment Processors: Stripe, PayPal, or similar providers for payment processing
• Email Services: Email delivery platforms for transactional and marketing emails
• Analytics Providers: Google Analytics, Mixpanel, or similar services for usage analytics
• Customer Support: Help desk and ticketing systems
• Marketing Platforms: Google Ads, Facebook Ads, LinkedIn Ads for advertising
• CRM Systems: Customer relationship management tools
• Security Services: Fraud detection, DDoS protection, and security monitoring

These service providers are contractually obligated to protect your information and use it only for the purposes for which it was disclosed.

7.2 Advertising and Marketing Partners

We may share limited information with advertising partners to:

• Display targeted advertisements
• Measure ad performance and attribution
• Conduct retargeting campaigns
• Analyze marketing effectiveness

You can opt out of interest-based advertising through industry opt-out tools like the Digital Advertising Alliance or Network Advertising Initiative.

7.3 Business Transfers

If LMAP is involved in a merger, acquisition, asset sale, bankruptcy, or reorganization, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Website of any change in ownership or use of your Personal Information.

7.4 Legal Requirements and Protection

We may disclose your information if required by law or in the good faith belief that such action is necessary to:

• Comply with legal obligations, court orders, or government requests
• Enforce or apply our Terms of Service and other agreements
• Protect the rights, property, or safety of LMAP, our users, or others
• Detect, prevent, or address fraud, security, or technical issues
• Protect against legal liability

7.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

7.6 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This information may be shared publicly or with partners for research, analysis, or marketing purposes.

8. Customer Data and Third-Party Recipients

8.1 Customer as Data Controller

When Customers use the Service to conduct marketing campaigns, they act as Data Controllers for end recipient data. Customers are solely responsible for:

• Obtaining necessary consents and permissions
• Complying with applicable privacy and marketing laws (CAN-SPAM, GDPR, CCPA, etc.)
• Providing privacy notices to end recipients
• Handling data subject requests (access, deletion, etc.)

8.2 Third-Party Platform Access

The Service integrates with third-party platforms (Google Ads, Facebook Ads, email service providers, etc.). When you connect these platforms, data may be shared with them according to their respective privacy policies. We are not responsible for how third parties process your data.

9. Data Security and Protection

We implement commercially reasonable administrative, physical, and technical safeguards to protect your information from unauthorized access, use, disclosure, alteration, and destruction.

9.1 Technical Safeguards

• Encryption: Data in transit is protected using TLS/SSL encryption. Data at rest is encrypted using industry-standard encryption algorithms.
• Access Controls: Role-based access controls limit access to Personal Information to authorized personnel only.
• Authentication: Multi-factor authentication is available and encouraged for user accounts.
• Network Security: Firewalls, intrusion detection systems, and DDoS protection.
• Vulnerability Management: Regular security assessments, penetration testing, and patch management.

9.2 Organizational Safeguards

• Employee Training: Regular security and privacy training for all employees.
• Background Checks: Background screening for employees with access to sensitive data.
• Confidentiality Agreements: All employees and contractors sign confidentiality agreements.
• Incident Response: Documented security incident response procedures.
• Vendor Management: Due diligence and security assessments for third-party vendors.

9.3 Physical Safeguards

• Secure data centers with restricted access
• 24/7 monitoring and surveillance
• Environmental controls (fire suppression, climate control)

9.4 Limitations

While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk. You are responsible for maintaining the confidentiality of your account credentials.

9.5 Data Breach Notification

In the event of a data breach that compromises your Personal Information, we will notify you and applicable regulatory authorities as required by law. Notification will include:

• Description of the incident
• Types of data affected
• Steps taken to mitigate harm
• Recommended actions you can take
• Contact information for questions

10. Data Retention and Deletion

10.1 Retention Periods

We retain your Personal Information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods vary based on:

• Account Data: Retained while your account is active and for a reasonable period after closure (typically 90 days) to accommodate account reactivation.
• Customer Data: Retained according to your subscription and deleted within 90 days of account termination, unless you request earlier deletion.
• Billing Records: Retained for 7 years to comply with tax and accounting regulations.
• Communications: Support tickets and correspondence retained for 3 years.
• Usage Logs: Retained for 12-24 months for security and analytics purposes.
• Legal Holds: Data subject to legal holds is retained until the hold is lifted.

10.2 Deletion and Anonymization

When retention periods expire or you request deletion:

• Personal Information is securely deleted or anonymized beyond recovery
• Data is removed from active databases and backups
• Residual copies in backups are deleted during regular backup rotation cycles (typically 30-90 days)
• Aggregated or anonymized data may be retained indefinitely for analytics

10.3 Account Closure

If you close your account or terminate your subscription:

• We will delete or anonymize your Personal Information within 90 days
• You may request immediate deletion by contacting privacy@lmap.com
• We may retain certain information as required by law or for legitimate business purposes (fraud prevention, legal compliance)

11. Your Privacy Rights and Choices

11.1 Access and Portability

You have the right to:

• Access the Personal Information we hold about you
• Request a copy of your Personal Information in a structured, machine-readable format
• Export your Customer Data through the Platform's export tools

11.2 Correction and Update

You have the right to:

• Correct inaccurate or incomplete Personal Information
• Update your account information through your account settings

11.3 Deletion (Right to be Forgotten)

You have the right to request deletion of your Personal Information, subject to certain exceptions such as:

• Completing transactions or providing requested services
• Detecting and preventing fraud or security incidents
• Complying with legal obligations
• Exercising free speech or research purposes

11.4 Objection and Restriction

You have the right to:

• Object to processing of your Personal Information for direct marketing purposes
• Object to processing based on legitimate interests
• Request restriction of processing in certain circumstances

11.5 Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

11.6 Opt-Out of Marketing

You can opt out of marketing communications by:

• Clicking "unsubscribe" in any marketing email
• Adjusting preferences in your account settings
• Contacting us at privacy@lmap.com

Note: You cannot opt out of transactional or service-related communications.

11.7 Do Not Track

Some browsers transmit "Do Not Track" signals. Because there is no industry standard for how to respond to these signals, we do not currently respond to Do Not Track signals.

11.8 Exercising Your Rights

To exercise any of these rights, please contact us at:

• Email: privacy@lmap.com
• Subject line: "Privacy Rights Request"
• Include: Your name, email address, and specific request

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests.

12. Cookies and Tracking Technologies

12.1 Types of Cookies We Use

Essential Cookies (Always Active):

• Required for the Service to function
• Authentication and session management
• Security and fraud prevention
• Load balancing and performance

Functional Cookies:

• Remember your preferences and settings
• Language and region selection
• User interface customization

Analytics and Performance Cookies:

• Understand how you use the Service
• Measure performance and identify issues
• Track feature usage and engagement
• Providers: Google Analytics, Mixpanel

Advertising and Marketing Cookies:

• Deliver targeted advertisements
• Measure ad effectiveness
• Retarget visitors across websites
• Providers: Google Ads, Facebook Pixel, LinkedIn Insight Tag

12.2 Third-Party Cookies

Third-party services integrated into our Platform may set their own cookies. These are governed by the third party's privacy policy:

• Google Analytics: https://policies.google.com/privacy
• Google Ads: https://policies.google.com/technologies/ads
• Facebook: https://www.facebook.com/privacy/explanation

12.3 Managing Cookies

You can control cookies through:

• Browser Settings: Most browsers allow you to block or delete cookies. Consult your browser's help documentation.
• Cookie Preferences: Use our cookie consent tool (if available) to manage preferences.
• Opt-Out Tools: NAI Opt-Out (http://optout.networkadvertising.org/), DAA Opt-Out (http://optout.aboutads.info/)

Note: Disabling cookies may limit functionality and prevent you from using certain features of the Service.

12.4 Web Beacons and Pixels

We use web beacons (also known as pixel tags or clear GIFs) in emails and web pages to track email opens, user engagement, and conversions. These are small graphic images embedded in content.

13. International Data Transfers

13.1 Cross-Border Transfers

Your information may be transferred to, stored, and processed in the United States or other countries where LMAP or our service providers operate. These countries may have data protection laws that differ from your jurisdiction.

13.2 Safeguards for International Transfers

When transferring Personal Data from the EEA, UK, or Switzerland to countries without adequate data protection laws, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): EU-approved contractual terms that protect data transfers
• Data Processing Agreements: Contracts with service providers requiring GDPR-level protection
• Adequacy Decisions: Transfers to countries recognized by the EU as providing adequate protection
• Your Consent: Explicit consent for data transfers where required

13.3 Privacy Shield

Although the EU-U.S. Privacy Shield framework has been invalidated, we continue to comply with Privacy Shield principles where applicable and have implemented alternative transfer mechanisms.

14. Children's Privacy

The Service is not directed to individuals under the age of 18, and we do not knowingly collect Personal Information from children under 18. If you are under 18, do not use the Service or provide any information to us.

If we learn that we have collected Personal Information from a child under 18 without parental consent, we will delete that information as quickly as possible. If you believe we have collected information from a child under 18, please contact us at privacy@lmap.com.

15. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

15.1 Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of Personal Information:

• Identifiers: Name, email address, IP address, account credentials
• Commercial Information: Purchase history, transaction records
• Internet Activity: Browsing history, usage data, cookies
• Geolocation Data: General location based on IP address
• Professional Information: Job title, company name
• Inferences: Preferences and characteristics derived from usage

15.2 Sources of Personal Information

We collect Personal Information from:

• Directly from you (account registration, forms, communications)
• Automatically through the Service (cookies, usage data)
• Third-party sources (data enrichment services, advertising platforms)

15.3 Business Purposes for Collection

We use Personal Information for:

• Providing and improving the Service
• Processing transactions and billing
• Customer support and communications
• Security, fraud prevention, and legal compliance
• Marketing and analytics

15.4 Categories of Third Parties We Share With

• Service providers (hosting, payment processing, analytics)
• Advertising partners
• Professional advisors (attorneys, accountants)
• Government authorities and law enforcement (when required)

15.5 Sale and Sharing of Personal Information

We do not sell your Personal Information. We do not sell Personal Information for monetary or other valuable consideration.

We may share Personal Information with advertising partners for cross-context behavioral advertising. You have the right to opt out of such sharing.

15.6 Your California Privacy Rights

California residents have the right to:

• Know: Request disclosure of Personal Information collected, used, disclosed, and sold
• Delete: Request deletion of Personal Information
• Correct: Request correction of inaccurate Personal Information
• Opt-Out: Opt out of sale or sharing of Personal Information
• Limit Use of Sensitive Information: Limit use of sensitive Personal Information
• Non-Discrimination: Not receive discriminatory treatment for exercising privacy rights

15.7 Exercising California Rights

To submit a request:

• Email: privacy@lmap.com
• Subject: "CCPA Request"
• Toll-Free Number: (310) 362-1083

We will respond within 45 days (with possible 45-day extension). We may require verification of your identity.

15.8 Authorized Agents

You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization.

15.9 Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about disclosure of Personal Information to third parties for direct marketing purposes. We do not share Personal Information with third parties for their direct marketing purposes.

16. Nevada Privacy Rights

Nevada residents have the right to opt out of the sale of certain covered information. We do not sell covered information as defined by Nevada law. If you have questions, contact privacy@lmap.com.

17. Virginia, Colorado, Connecticut, and Utah Privacy Rights

Residents of Virginia, Colorado, Connecticut, and Utah have rights under their respective state privacy laws, including rights to access, correct, delete, and opt out of certain data processing activities. To exercise these rights, contact privacy@lmap.com.

18. European Privacy Rights (GDPR)

18.1 Legal Basis for Processing

We process Personal Data under GDPR based on:

• Contractual necessity
• Legitimate interests
• Consent
• Legal obligation

18.2 Your GDPR Rights

EEA, UK, and Swiss residents have the right to:

• Access your Personal Data
• Rectify inaccurate Personal Data
• Erase Personal Data ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent
• Lodge a complaint with a supervisory authority

18.3 Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at privacy@lmap.com.

18.4 Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we have violated GDPR.

19. Third-Party Links and Services

The Service may contain links to third-party websites, applications, and services that are not operated by us. This Privacy Policy does not apply to third-party sites or services.

We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party services before providing them with your information.

Third-party integrations (Google Ads, Facebook Ads, etc.) are governed by their own privacy policies:

• Google Privacy Policy: https://policies.google.com/privacy
• Facebook Privacy Policy: https://www.facebook.com/privacy/explanation
• Microsoft Privacy Statement: https://privacy.microsoft.com/privacystatement

20. Changes to This Privacy Policy

20.1 Updates and Revisions

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Last Updated" date at the top of this page
• Post the revised Privacy Policy on our Website
• Notify you of material changes via email (to your account email address)
• Provide notice through the Service (banner or notification)

20.2 Material Changes

For material changes that substantially affect your privacy rights, we will provide at least 30 days' advance notice and may require you to re-consent.

20.3 Review and Acceptance

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes become effective constitutes your acceptance of the revised Privacy Policy.

20.4 Prior Versions

Previous versions of this Privacy Policy are available upon request by contacting privacy@lmap.com.

21. Contact Information and Data Protection Officer

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact us:

LMAP Privacy Team

• Email: privacy@lmap.com
• General Inquiries: legal@lmap.com
• Phone: (310) 362-1083
• Website: https://lmap.com

Data Protection Officer (GDPR Inquiries):

Email: privacy@lmap.com with subject line "ATTN: Data Protection Officer"

Mailing Address:

LMAP Privacy Team
9903 Santa Monica Blvd.
Suite 366
Beverly Hills, CA 90212
United States

EFFECTIVE DATE: This Privacy Policy is effective as of the "Last Updated" date above.

BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO ITS TERMS.