Privacy Policy

This Privacy Policy explains how HolyShift, Inc. (“HolyShift,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal data when you access or use our website https://www.holyshift.ai (the “Website”) and our software platform, applications, and services (collectively, the “Service”).

​We are committed to handling personal data responsibly and in compliance with applicable data-protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

1. WHO WE ARE (DATA CONTROLLER)

HolyShift, Inc.
567 University Avenue
Palo Alto, CA 94301
United States

Email: support@holyshift.ai

​For the purposes of GDPR, HolyShift acts as a data controller for personal data described in this Policy, unless otherwise stated.

2. PERSONAL DATA WE COLLECT

We collect different categories of personal data depending on how you interact with us.

2.1 Information You Provide Directly

  • Name
  • Email address
  • Company name
  • Account credentials
  • Billing and payment details (processed via third-party providers)
  • Communications with us (support, feedback, onboarding)

2.2 Content & Usage Data

  • Inputs, prompts, project descriptions, and validation data submitted to the Service
  • AI-generated outputs and reports associated with your account
  • Feature usage, interaction logs, and performance metrics

2.3 Technical & Device Data

  • IP address
  • Browser type and version
  • Device identifiers
  • Operating system
  • Timestamps and log files

2.4 Affiliate & Referral Data Data

If you participate in or are referred through our affiliate or referral program, we may collect:

  • Referral identifiers
  • Affiliate IDs
  • Attribution data (clicks, conversions, timestamps)
  • Limited technical data (IP address, device/browser metadata)

Affiliate tracking is handled through FirstPromoter, acting as a data processor on our behalf.

3. HOW WE USE PERSONAL DATA

We use personal data for the following purposes:

  • To provide, operate, and maintain the Service
  • To create and manage user accounts
  • To process payments and subscriptions
  • To generate AI-powered insights and reports
  • To improve, secure, and optimize the Service
  • To communicate with users (support, product updates)
  • To manage affiliate and referral programs
  • To detect fraud, abuse, or policy violations
  • To comply with legal and regulatory obligations

We do not sell personal data.

4. LEGAL BASES FOR PROCESSING (GDPR)

Where GDPR applies, we process personal data under the following legal bases:

  • Contractual necessity – to deliver the Service you requested
  • Legitimate interests – product improvement, security, analytics, affiliate tracking
  • Consent – where required (e.g., cookies, marketing communications)
  • Legal obligation – accounting, tax, and compliance requirements

5. COOKIES & TRACKING TECHNOLOGIES

We use cookies and similar technologies to operate and improve the Service.

Types of cookies we may use:

  • Strictly necessary cookies – core functionality
  • Analytics cookies – usage insights and performance
  • Affiliate/referral cookies – attribution and commission tracking

Where required by law, we obtain consent before placing non-essential cookies.

You can manage cookie preferences via your browser settings or our cookie banner (where applicable).

6. AFFILIATE & REFERRAL PROGRAM DATA

HolyShift operates an affiliate and referral program.

Key points:

  • Referral tracking uses unique links and technical identifiers
  • Attribution is automated and system-based
  • We do not control third-party browsing behavior
  • Affiliate data is used solely for attribution, fraud prevention, and commission payouts

Affiliates are responsible for complying with applicable disclosure and marketing laws.

7. AI & ANALYTICS DATA USE

HolyShift uses AI systems to analyze user-provided inputs and generate outputs.

Important clarifications:

  • We do not use customer data to train public AI models
  • Inputs and outputs are processed only to deliver the Service
  • Aggregated and anonymized data may be used for benchmarking, research, and product improvement

No personally identifiable information is included in public or shared datasets.

8. DATA SHARING & DISCLOSURE

We may share personal data with:

  • Service providers (hosting, analytics, payments, affiliate tracking)
  • Professional advisors (legal, accounting, compliance)
  • Authorities where legally required
  • Corporate transactions (merger, acquisition, asset sale)

All processors are contractually bound to protect personal data.

9. INTERNATIONAL DATA TRANSFERS

HolyShift operates globally. Personal data may be transferred to and processed in the United States and other jurisdictions.

Where required, we rely on:

  • Standard Contractual Clauses (SCCs)
  • Appropriate safeguards under GDPR

10. DATA RETENTION

We retain personal data only as long as necessary for:

  • Providing the Service
  • Legal, tax, or accounting obligations
  • Resolving disputesEnforcing agreements

Retention periods vary by data type and purpose.

11. YOUR RIGHTS

11.1 GDPR Rights (EU/EEA/UK)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase personal data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

11.2 CCPA/CPRA Rights (California)

You have the right to:

  • Know what personal data we collect
  • Request deletion of personal data
  • Correct inaccurate personal data
  • Opt out of certain data sharing (if applicable)
  • Not be discriminated against for exercising your rights

Requests can be made by contacting us at support@holyshift.ai.

12. DATA SECURITY

We implement reasonable technical and organizational measures to protect personal data, including:

  • Access controls
  • Encryption in transit
  • Secure infrastructure providers
  • Monitoring and incident response procedures

No system is 100% secure, but we continuously improve our safeguards.

13. CHILDREN’S PRIVACY

The Service is not intended for individuals under 18. We do not knowingly collect personal data from children.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. Updates will be posted on the Website with a revised “Last updated” date.

Continued use of the Service constitutes acceptance of the updated Policy.

15. CONTACT US

If you have questions or requests regarding this Privacy Policy or our data practices, contact:

HolyShift, Inc.
Email: support@holyshift.ai
​Website: https://www.holyshift.ai