Gdpr And Data Privacy

GDPR and data privacy

ProductLift is built EU-side and GDPR-aware. Here's what you need to know as a portal owner.

What personal data does ProductLift store?

For each end user:

• Email
• Name (if provided)
• Optional uid you pass via SSO
• Vote history
• Posts and comments they wrote
• Timestamps of activity

We don't track behavioral profiles, advertising IDs, or content beyond what users actively post and vote on.

Where is data stored?

EU-based servers. See Data location for specifics.

Data Processing Agreement (DPA)

A DPA is available. Email support@productlift.dev to receive the latest signed version.

Sub-processors

We use a small list of sub-processors (Stripe for billing, AWS S3 for file storage, OpenAI / Anthropic for AI features when you've enabled them). The current list is part of the DPA.

User rights: deletion, export, access

End users have GDPR rights you need to be able to fulfill:

• Right to deletion. As an admin, you can delete an end user from Settings → Users. This removes their account and (depending on your choice) anonymizes their posts/comments.
• Right to access / export. Email support@productlift.dev with the email of the user and we'll produce an export of their data.
• Right to rectification. Edit user details from Settings → Users.

Cookie use

ProductLift uses functional cookies only (session, CSRF, preferences). No tracking or advertising cookies on portals you host. If you use Analytics features, those are controlled by you.

AI features and GDPR

If you turn on AI features (auto-reply, auto-tag, KB answers), post and comment text is sent to the AI provider. See Turning off AI and AI features overview.

Related articles

• Data location
• Security & Privacy
• Turning off AI
• Restrict access to your portal