Air Lift

Privacy Guide for Customers

Last Updated: June 2026

1. Privacy Laws and Regulations

Privacy laws and regulations around the world govern the collection, processing, and disclosure of information that relates to or can be used to identify an individual, including (but not limited to) contact information, transaction information, and device information (collectively, "personal data"). The rules vary by jurisdiction and their applicability can depend on your business operations as well as the location of the individual whose personal data you're processing.

For example:

  • If you process personal data from individuals in the EU, you may need to comply with the EU's General Data Protection Regulation (GDPR).
  • If you collect personal data of a California resident, you might need to comply with the California Consumer Privacy Act (CCPA).

These are just examples; there are many privacy laws worldwide.

2. How To Use This Guide

At Air Lift, we take measures to comply with applicable privacy laws. Our customers also remain responsible for ensuring their own compliance. This guide is meant to help our customers understand some core data privacy compliance obligations that may apply to you when using the Air Lift Platform.

Keep in mind:

  • Privacy laws are evolving rapidly.
  • This guide may not remain fully up to date.
  • It does not cover every area of privacy law (such as marketing, advertising, or sensitive data).

We are not your lawyers. This guide is a helpful reference, not a comprehensive summary of all requirements, nor is it tailored to your specific circumstances.

Disclaimer: Air Lift is not a licensed legal representative and cannot provide legal advice or interpret the law for you. Please consult your own legal advisor. This document does not constitute legal advice and should not be used as such.

3. Data Roles

Privacy laws impose different obligations depending on your role:

  • Controller: Decides why and how personal data is processed. Controllers are responsible for providing notice to individuals and granting them rights over their data.
  • Processor: Processes data on behalf of a controller, following their instructions, and usually under a written agreement.

When you use the Air Lift Platform, you may be a controller or processor of the personal data you provide. You are responsible for understanding your role and ensuring compliance.

Air Lift typically operates as a processor (or sub-processor) for its customers, as explained in our Terms of Service, Data Processing Agreement, and Privacy Policy.

Air Lift is built, implemented, and supported by Air Trending, the team behind Air Lift. Air Trending may access your account to implement and support the Platform on Air Lift's behalf, as described in our Data Processing Agreement.

4. Controller Checklist

Privacy law requirement Explanation What you need to do in your Air Lift account What you need to do outside your Air Lift account
Transparency; Right to be Informed You must be transparent about how you process data. Create a privacy notice that explains your practices. Add links to your privacy notice on all Air Lift webforms, landing pages, order forms, shopping carts, etc. Ensure offline collection (in person) is supported by an accessible privacy notice.
Lawfulness of Processing Many jurisdictions require a legal basis for processing (consent, contract, or legitimate interest). Use tags to track lawful bases. Create unticked consent checkboxes on forms. Implement processes for deleting data without a lawful basis. Consult legal counsel to confirm lawful bases. Keep records of consent collected offline.
Consent Consent must be informed, freely given, stand-alone, not bundled, and easy to withdraw. Update Air Lift forms with unticked consent boxes. Include links to your privacy policy. Document consent and changes with timestamps. Maintain offline consent records. Ensure the same rules apply wherever you collect data.
Data Processing Agreements Controllers must have contracts with vendors processing data on their behalf. Use Air Lift's Data Processing Agreement (available online). Review vendor contracts to confirm they meet privacy requirements.
Right to Deletion / Correction Individuals may request deletion or correction of their data. Provide a form or method in Air Lift for deletion/correction requests. Implement internal processes for handling requests and verifying identity. Delete or correct any data stored outside Air Lift systems.
Right to Access & Portability Individuals may request to know what data you process and obtain it in a portable format. Export customer data from Air Lift (CSV or screenshots) when requested. Set up procedures for verifying identity. Provide access or exports for any data stored outside Air Lift.

5. Processor Checklist

Privacy law requirement Explanation What you need to do
Notify and assist controllers with data subject requests If you receive a request directly from an individual, you must notify the relevant controller and, if needed, assist in fulfilling the request. Implement a procedure to respond to such requests and escalate them to the controller.
Notify and assist controllers in case of data breaches If there is unauthorized access or disclosure of data, you must promptly inform the controller and support them with reporting obligations. Have a breach response process in place to notify controllers quickly.
Engaging Sub-Processors Only engage sub-processors with proper privacy and security measures. Notify controllers before adding new sub-processors, allowing time for objections. Review sub-processor contracts and maintain transparency with controllers.

6. Our Approach to Data Privacy

Air Lift adheres to global privacy standards and is certified under the EU-US Privacy Framework, including UK and Swiss extensions.

We:

  • Respect individuals' privacy rights.
  • Collect only necessary information.
  • Protect data with encryption, access controls, and role-based authorizations.
  • Maintain proper retention and deletion practices.
  • Have protocols to respond to potential security incidents.
  • Carefully select and monitor our service providers, including Air Trending, the team behind Air Lift.
  • Provide ongoing privacy and security training for our team.

Each customer's data is logically separated within the Air Lift platform and is never shared with, visible to, or accessible by any other customer. Access to your account is limited to users you authorize, together with the Air Trending implementation and support team, who access your account on a least-privilege basis, with ongoing access during initial onboarding and access at your request thereafter.

For questions about our privacy practices, contact our team at legal@air-lift.ai.

7. More Resources

We hope this guide serves as a useful resource.

Air Lift Resources: