LiFet OS Trust Center

🧙‍♂️ Whoops! No peeking behind the curtain!

This content is protected to ensure security and compliance. Please respect our policies.

| Trust Center

LiFet OS Trust Center

LiFet OS (Operating System), a product by LiFet Media Inc., prioritizes the security and privacy of your data. Our Trust Center provides transparency about our compliance with global data protection standards and our commitment to safeguarding your information.

For more information about how we handle personal data, please review our Privacy Policy

For more details on how we use cookies, please review our Cookie Policy

For more information about your rights and responsibilities, please review our Terms & Conditions

Overview
HIPAA
GDPR
Canada
Subprocessors
FAQs

Overview

Our Commitment to Security and Compliance

LiFet OS is built on a foundation of trust, security, and compliance with global data protection standards. As a product of LiFet Media Inc., we understand the importance of protecting your data and maintaining the highest levels of security in all our operations.

Comprehensive Compliance Framework

LiFet OS adheres to multiple compliance frameworks to ensure your data is protected according to industry best practices and regulatory requirements:

HIPAA Compliance
GDPR Compliance
CCPA Compliance
PIPEDA Compliance

Detailed Security Measures

LiFet OS implements robust security measures to protect your data throughout its entire lifecycle:

Data Encryption

  • In Transit: All data transmitted between your devices and our servers is encrypted using TLS 1.2+ protocols with 256-bit encryption
  • At Rest: All stored data is encrypted using AES-256 encryption, the same standard used by government agencies
  • Database Encryption: Individual database fields containing sensitive information are encrypted with AES-256 CBC encryption

Access Controls

  • Role-based access controls (RBAC) ensure only authorized personnel can access specific data
  • Multi-factor authentication (MFA) required for all administrative access
  • Detailed audit logs track all access to sensitive data
  • Regular access reviews to ensure permissions remain appropriate

Network Security

  • Enterprise-grade firewalls with intrusion detection and prevention systems
  • Distributed denial-of-service (DDoS) protection
  • Regular vulnerability scanning and penetration testing
  • Network segmentation to isolate sensitive systems

Physical Security

  • Data centers with 24/7 monitoring, biometric access controls, and redundant power supplies
  • Strict visitor access policies and logs
  • Environmental controls including fire suppression systems

Operational Security

  • Comprehensive incident response plan with defined roles and responsibilities
  • Regular security awareness training for all employees
  • Background checks for personnel with access to sensitive data
  • Secure development lifecycle with code reviews and security testing

Business Continuity

LiFet OS maintains comprehensive business continuity and disaster recovery plans to ensure service availability:

  • Data replicated across geographically separate data centers
  • Automated backups with 5-minute granularity
  • Regular disaster recovery testing
  • 99.9% uptime SLA for all critical services

HIPAA Compliance

HIPAA Compliance

HIPAA Compliance Overview

The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards for the protection of certain health information in the United States. While HIPAA is a U.S. law, LiFet OS meets all applicable requirements under HIPAA for business associates handling protected health information (PHI) for our U.S. clients. For Canadian clients, we implement equivalent protections that align with PIPEDA and provincial health privacy laws.

Business Associate Agreements (BAAs)

LiFet OS enters into Business Associate Agreements (BAAs) with all covered entities and business associates as required by HIPAA. Our BAA includes:

  • Clear definitions of permitted uses and disclosures of PHI
  • Appropriate safeguards to prevent unauthorized use or disclosure
  • Reporting requirements for breaches of unsecured PHI
  • Obligations to ensure subcontractors comply with HIPAA requirements
  • Access to PHI for individual requests and amendment
  • Return or destruction of PHI at termination of agreement
  • Requirements to make internal practices available for HHS audits

HIPAA Title II Requirements

LiFet OS complies with all relevant provisions of HIPAA Title II, which includes:

Privacy Rule Compliance

We adhere to the Standards for Privacy of Individually Identifiable Health Information by:

  • Implementing policies and procedures to protect the privacy of PHI
  • Limiting uses and disclosures of PHI to the minimum necessary
  • Providing appropriate safeguards for PHI
  • Ensuring workforce members understand and comply with these protections

Security Rule Compliance

We meet the Security Standards for the Protection of Electronic Protected Health Information through:

  • Administrative safeguards including security management processes and workforce training
  • Physical safeguards for equipment and facilities
  • Technical safeguards including access controls, audit controls, and integrity controls
  • Organizational requirements including business associate contracts
  • Policies and procedures documentation requirements

Breach Notification Rule

We comply with requirements for breach notification by:

  • Implementing systems to detect security incidents
  • Having documented procedures for breach assessment
  • Notifying affected parties within required timeframes when breaches occur
  • Maintaining documentation of all breach assessments and notifications

Canadian Health Information Protection

For Canadian clients dealing with personal health information (PHI), LiFet OS implements protections that meet or exceed provincial health privacy laws. See our Canadian health information protections for details on how we comply with:

  • PIPEDA and provincial health privacy laws
  • Equivalent safeguards to those required under HIPAA
  • Canadian breach notification requirements

Technical Safeguards

LiFet OS implements specific technical measures to protect ePHI:

Access Control

  • Unique user identification for all system access
  • Emergency access procedures
  • Automatic logoff after periods of inactivity
  • Encryption and decryption of ePHI

Audit Controls

  • Comprehensive logging of all access to ePHI
  • Regular review of audit logs
  • Alerts for suspicious access patterns

Integrity Controls

  • Electronic mechanisms to corroborate that ePHI has not been altered or destroyed
  • Version control for documents containing ePHI
  • Checksums for data validation

Transmission Security

  • Integrity controls to ensure ePHI isn't improperly modified during transmission
  • Encryption of all ePHI during transmission
  • Secure protocols for all data transfers

GDPR Compliance

GDPR Compliance

General Data Protection Regulation (GDPR)

The GDPR (Regulation (EU) 2016/679) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations processing personal data of individuals in the EU, regardless of the organization's location. LiFet OS complies fully with GDPR requirements as both a data processor and in some cases as a data controller.

Key GDPR Principles

Our compliance program is built around the seven key principles of GDPR:

1. Lawfulness, Fairness and Transparency

We process personal data lawfully, fairly and in a transparent manner. This includes:

  • Clear communication about data processing activities
  • Documented legal bases for all processing
  • Easy-to-understand privacy notices

2. Purpose Limitation

We collect personal data only for specified, explicit and legitimate purposes:

  • Detailed records of processing purposes
  • No further processing incompatible with original purposes
  • Clear documentation of all processing activities

3. Data Minimization

We ensure personal data is adequate, relevant and limited to what is necessary:

  • Regular reviews of data collection practices
  • Minimization built into product design
  • Options to provide only necessary information

4. Accuracy

We keep personal data accurate and up to date:

  • Processes for individuals to update their information
  • Regular data quality checks
  • Systems to correct or erase inaccurate data

5. Storage Limitation

We retain personal data only as long as necessary:

  • Documented retention schedules
  • Automated deletion processes
  • Regular reviews of stored data

6. Integrity and Confidentiality

We process personal data securely:

  • Comprehensive security measures (see Security section)
  • Encryption of all personal data
  • Regular security testing

7. Accountability

We demonstrate compliance with all principles:

  • Documentation of all compliance activities
  • Data Protection Impact Assessments
  • Appointment of Data Protection Officer

Data Subject Rights

We have implemented processes to support all data subject rights under GDPR:

Right to Access

Individuals can request access to their personal data through:

  • Self-service portal for data access
  • Formal request process with verification
  • Timely response within 30 days

Right to Rectification

Individuals can correct inaccurate personal data:

  • Self-service editing where appropriate
  • Process for formal rectification requests
  • Notification of third parties where applicable

Right to Erasure ("Right to be Forgotten")

Individuals can request deletion of their personal data:

  • Automated deletion processes
  • Verification procedures to prevent unauthorized deletion
  • Notification of third parties where applicable

Right to Restriction of Processing

Individuals can request limitation of processing:

  • Systems to flag restricted data
  • Processes to ensure restrictions are honored
  • Notification before lifting restrictions

Right to Data Portability

Individuals can receive their data in a structured format:

  • Export tools for data portability
  • Common machine-readable formats
  • Direct transfer capability where feasible

Right to Object

Individuals can object to certain processing:

  • Simple opt-out mechanisms
  • Immediate cessation of processing upon objection
  • Clear communication of objection rights

Rights Related to Automated Decision Making

We provide:

  • Information about automated decision-making
  • Right to human intervention
  • Right to express point of view

International Data Transfers

For transfers of EU personal data outside the EEA, we implement appropriate safeguards:

  • Standard Contractual Clauses (SCCs) with all data importers
  • Supplementary measures where required
  • Transparency about data transfer mechanisms

Canada Compliance

Compliance with Canadian Data Protection Laws

LiFet OS complies with all applicable Canadian data protection laws, including:

  • Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Provincial health privacy laws (for applicable provinces)
  • Quebec's Law 25 (formerly Bill 64)
  • Alberta's Personal Information Protection Act (PIPA)
  • British Columbia's Personal Information Protection Act (PIPA)

Health Information Protection Across Canada

For health information handling, LiFet OS complies with:

  • Ontario: Personal Health Information Protection Act (PHIPA)
  • Alberta: Health Information Act (HIA)
  • British Columbia: E-Health (Personal Health Information Access and Protection of Privacy) Act
  • Quebec: Act respecting health services and social services
  • Other provinces: Equivalent protections as required by local legislation

Our platform implements safeguards that meet or exceed all provincial requirements for health information protection.

Compliance with Canadian Data Protection Laws

LiFet OS, as a product of LiFet Media Inc., complies with all applicable Canadian data protection laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy laws such as Quebec's Law 25 (formerly Bill 64).

PIPEDA Compliance Framework

The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy law for private-sector organizations in Canada. LiFet OS complies with PIPEDA's 10 fair information principles:

1. Accountability

We have designated individuals responsible for compliance and have implemented policies and practices to protect personal information:

  • Appointed Privacy Officer
  • Documented privacy policies and procedures
  • Regular staff training
  • Third-party compliance assessments

2. Identifying Purposes

We clearly identify the purposes for which personal information is collected:

  • Detailed privacy notices
  • Purpose specification at point of collection
  • No undisclosed secondary uses

3. Consent

We obtain meaningful consent for the collection, use, or disclosure of personal information:

  • Clear, understandable consent requests
  • Granular consent options
  • Easy withdrawal mechanisms
  • Special protections for sensitive information

4. Limiting Collection

We limit the collection of personal information to what is necessary for the identified purposes:

  • Data minimization built into systems
  • Regular reviews of collection practices
  • No collection beyond stated purposes

5. Limiting Use, Disclosure, and Retention

We do not use or disclose personal information for purposes other than those for which it was collected:

  • Strict controls on data use
  • Documented retention schedules
  • Secure destruction procedures
  • No secondary use without consent

6. Accuracy

We keep personal information as accurate, complete, and up-to-date as necessary:

  • Processes for individuals to update information
  • Regular data quality checks
  • Systems to correct inaccurate data

7. Safeguards

We protect personal information with security safeguards appropriate to the sensitivity of the information:

  • Physical, organizational and technical measures
  • Regular security assessments
  • Employee training
  • Incident response plans

8. Openness

We make information about our policies and practices readily available:

  • Comprehensive privacy notices
  • Accessible policies
  • Transparent operations

9. Individual Access

Upon request, we inform individuals of the existence, use, and disclosure of their personal information:

  • Clear access request procedures
  • Timely responses
  • No unreasonable fees
  • Explanation of refusals

10. Challenging Compliance

We provide a process for individuals to challenge our compliance with these principles:

  • Designated complaint process
  • Investigation of all complaints
  • Appropriate remedies
  • Documentation of outcomes

Quebec's Law 25 Compliance

For our customers in Quebec, LiFet OS complies with the requirements of Law 25 (formerly Bill 64), which amended Quebec's Act respecting the protection of personal information in the private sector. Key aspects of our compliance include:

Privacy Governance

  • Appointment of a Privacy Officer responsible for compliance
  • Privacy Impact Assessments for new projects
  • Documented privacy policies and procedures

Enhanced Individual Rights

  • Right to data portability
  • Right to be informed of automated decision-making
  • Right to cessation of dissemination of personal information

Breach Notification

  • Notification to Commission d'accès à l'information (CAI) of breaches involving personal information
  • Notification to affected individuals when breaches present a risk of serious injury
  • Maintenance of breach registers

Data Protection by Default and Design

  • Privacy considerations integrated into product development
  • Default privacy-friendly settings
  • Minimal data collection by default

Cross-Border Data Transfers

While LiFet OS primarily uses cloud infrastructure located in the United States, we ensure that all transfers of Canadian personal data outside of Canada are protected by appropriate safeguards, including:

  • Standard contractual clauses that provide adequate protection for personal data
  • Strong encryption for data in transit and at rest
  • Comprehensive security measures to protect the confidentiality and integrity of personal data
  • Transparency about data locations and transfers

Subprocessors

Third-Party Subprocessors

LiFet OS engages certain third-party subprocessors to assist in providing our services. These subprocessors may have access to or process personal data on our behalf. We carefully select each subprocessor based on their ability to meet our requirements for security and compliance with applicable data protection laws.

We maintain contracts with all subprocessors that include data protection obligations consistent with our obligations under our Data Processing Agreement with you.

Current Subprocessors

Subprocessor Purpose Location Contact Compliance
Google Cloud Platform Cloud infrastructure, data storage, compute services Global (Primarily US) [email protected] SOC 1/2/3, ISO 27001, HIPAA, GDPR
Amazon Web Services (AWS) Cloud infrastructure, data storage, compute services Global (Primarily US) [email protected] SOC 1/2/3, ISO 27001, HIPAA, GDPR
Twilio SMS and voice communication services US [email protected] SOC 2, ISO 27001, HIPAA, GDPR
Stripe Payment processing services US [email protected] PCI DSS Level 1, SOC 1/2/3, GDPR
SendGrid (Twilio) Email delivery services US [email protected] SOC 2, ISO 27001, GDPR
Cloudflare Content delivery network, DDoS protection, security Global [email protected] SOC 2, ISO 27001, GDPR
Auth0 (Okta) Authentication and identity management US [email protected] SOC 2, ISO 27001, GDPR
Intercom Customer support and messaging US, EU [email protected] SOC 2, ISO 27001, GDPR
Zapier Workflow automation and integrations US [email protected] SOC 2, GDPR
Mixpanel Product analytics US [email protected] SOC 2, GDPR
FullStory User experience analytics US [email protected] SOC 2, ISO 27001, GDPR
HubSpot CRM and marketing automation US, EU [email protected] SOC 2, ISO 27001, GDPR
MongoDB Atlas Database services Global [email protected] SOC 2, ISO 27001, GDPR
Snowflake Data warehousing and analytics US [email protected] SOC 2, ISO 27001, GDPR
Datadog Monitoring and observability US [email protected] SOC 2, ISO 27001, GDPR

Subprocessor Engagement Process

When engaging any new subprocessor, we:

  1. Perform thorough due diligence to evaluate the subprocessor's security and privacy practices
  2. Enter into a data processing agreement with the subprocessor that includes data protection obligations consistent with our obligations
  3. Assess the subprocessor's ability to implement appropriate technical and organizational measures to meet GDPR, HIPAA, and other applicable requirements
  4. Monitor the subprocessor's ongoing compliance with our requirements
  5. Maintain an up-to-date list of subprocessors available to customers

Changes to Subprocessors

We will notify you of any planned changes concerning the addition or replacement of subprocessors at least 30 days in advance, giving you the opportunity to object to such changes. If you do not object within 15 days of notice, the new subprocessor will be deemed accepted.

If you object to a new subprocessor, we will work with you in good faith to find a mutually acceptable resolution. If we cannot resolve the objection, you may terminate the affected services without penalty.

Subprocessor Security Requirements

All subprocessors are contractually required to implement security measures that meet or exceed our standards, including:

  • Data encryption in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security testing and vulnerability assessments
  • Incident response and breach notification procedures
  • Physical security controls for data center facilities
  • Compliance with applicable data protection laws
  • Cooperation with audits and inspections

Frequently Asked Questions

General Questions

What is LiFet OS?

LiFet OS is a comprehensive business platform developed by LiFet Media Inc. designed to help agencies and businesses manage their marketing, sales, and customer relationships more effectively. It provides tools for automation, communication, and analytics in a single integrated solution with a strong focus on security and compliance.

Where is my data stored?

LiFet OS primarily stores data in secure data centers located in the United States, with all appropriate safeguards for international data transfers. All data is encrypted both in transit and at rest, and we implement robust security measures to protect your information regardless of its physical location. For specific data residency requirements, please contact our team.

How does LiFet OS ensure the security of my data?

We implement multiple layers of security including:

  • Encryption: All data in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and DDoS protection
  • Physical Security: Biometric access controls at data centers
  • Audits: Regular security audits and penetration testing
  • Compliance: Adherence to industry standards (SOC 2, ISO 27001, HITRUST, PCI‑DSS, IEC 62443, NIST Cybersecurity Framework 2.0, etc.)
  • Monitoring: 24/7 security monitoring and alerting

Compliance Questions

Is LiFet OS GDPR compliant?

Yes, LiFet OS complies with the General Data Protection Regulation (GDPR) for our customers in the European Union and United Kingdom. We have implemented appropriate technical and organizational measures to ensure compliance, including Standard Contractual Clauses for international data transfers, data protection impact assessments, and processes to support all data subject rights. Our Data Processing Agreement incorporates GDPR requirements for processors.

Does LiFet OS offer HIPAA-compliant services?

Yes, LiFet OS offers a HIPAA-compliant version of our platform that meets all requirements for handling protected health information (PHI). This includes signing a Business Associate Agreement (BAA), implementing additional administrative, physical and technical safeguards required by HIPAA, and providing features to support compliance such as audit logging, access controls, and encryption. Please contact us for more information about our HIPAA-compliant offering.

How does LiFet OS comply with Canadian privacy laws?

LiFet OS complies with Canadian privacy laws including PIPEDA and Quebec's Law 25. We implement appropriate safeguards for international data transfers, provide tools to support individual rights requests, and maintain security measures that meet Canadian requirements. Our platform is designed with privacy by default and includes features to help our customers comply with their obligations under Canadian law, including data minimization, consent management, and breach notification support.

Data Processing Questions

What is LiFet OS's role under GDPR?

Under GDPR, LiFet OS acts as a data processor for the personal data our customers (controllers) upload to our platform. We process this data only according to our customers' instructions as specified in our Data Processing Agreement. In some limited cases where we determine the purposes and means of processing (such as for billing information), we may act as a data controller. Our roles and responsibilities are clearly defined in our Data Processing Agreement and privacy notices.

How can I request a copy of LiFet OS's Data Processing Agreement?

Our Data Processing Agreement is available to all customers. You can access it through your account settings or by contacting us at [email protected]. The DPA outlines our commitments as a processor, the security measures we implement, and the rights and responsibilities of both parties under data protection laws. We're happy to answer any questions you may have about the agreement.

What happens to my data if I terminate my LiFet OS account?

Upon termination of your account, we will either delete or return all your personal data in accordance with our Data Processing Agreement, unless we are required by law to retain certain information. You can request a copy of your data before termination through the platform's export tools. Data is typically deleted within 30 days of account termination, with backups being securely erased according to our retention policies. For specific retention requirements, please contact our team.

Technical Questions

What encryption standards does LiFet OS use?

We use industry-standard encryption protocols:

  • Data in transit: TLS 1.2 or higher with 256-bit encryption, using modern cipher suites
  • Data at rest: AES-256 encryption for all stored data
  • Database encryption: AES-256 CBC encryption for sensitive fields
  • Key management: Regular key rotation with hardware security modules (HSMs) where appropriate
  • Backup encryption: All backups encrypted with AES-256
Does LiFet OS conduct regular security testing?

Yes, we conduct comprehensive security testing including:

  • Automated scanning: Daily vulnerability scans of all systems
  • Penetration testing: Annual tests by independent third-party security firms
  • Internal audits: Quarterly security reviews by our internal team
  • Code reviews: All code undergoes security review before deployment
  • Bug bounty: Program for external researchers to report vulnerabilities
  • Compliance audits: Regular assessments against SOC 2, ISO 27001, and other frameworks
How does LiFet OS handle data backups?

We maintain a comprehensive backup strategy:

  • Frequency: Incremental backups every 5 minutes with daily full backups
  • Retention: 35 days of backup retention by default (customizable)
  • Encryption: All backups encrypted with AES-256
  • Location: Backups stored in geographically separate locations
  • Testing: Regular restoration tests to verify backup integrity
  • Security: Backup access strictly limited to authorized personnel
  • Monitoring: Backup success/failure actively monitored with alerts

Have questions about our compliance or security practices?

Email: [email protected]

Phone: 438 256 2515

© LiFet Media Inc. All rights reserved.