RetentionLab (“we,” “us,” or “our”) operates a customer retention intelligence platform (the “Service”) accessible at app.retentionlab.ai, and a public marketing website at retentionlab.ai (the “Website”). This Privacy Policy explains how we collect, use, store, and protect information across both the Service and the Website.
By using RetentionLab, you agree to the terms of this Privacy Policy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Your name and business name
- Email address and, optionally, phone number
- Authentication credentials, which are stored only in a securely hashed form — we do not store or have access to your plaintext password
1.2 Payment Information
We use a third-party payment processor to handle billing. We store only the identifiers necessary to manage your subscription (such as a customer reference and subscription ID). We do not store credit card numbers, bank account details, or other payment credentials on our systems. All payment data is handled by our payment processor under its own privacy policy and security standards.
1.3 Customer Data from Your Connected Platforms
When you connect a supported e-commerce, CRM, or marketing platform — or upload a file — we access and process data about your customers, which may include:
- Customer identifiers (such as name, email address, and phone number)
- Order and transaction history (dates, amounts, products, discounts)
- Acquisition source and marketing channel attribution
- Shipping and billing location (city, state, postal code, country)
- Subscription or account status (e.g., active, cancelled, past due)
How we protect this data:
- Sensitive personal identifiers (such as customer email addresses and phone numbers) are protected using industry-standard cryptographic techniques before being stored in our primary database.
- Credentials used to connect your third-party platforms (API keys, OAuth tokens, store credentials) are encrypted at rest and are accessible only to the systems that need them to operate the Service.
- Access to customer data is restricted to authorized personnel and automated systems on a need-to-know basis, and is logged for accountability.
1.4 Predicted and Enrichment Data
To help you understand and serve your customers, we generate predicted demographic and behavioral attributes using:
- Your first-party data (order history, product preferences, purchase timing and frequency)
- Publicly available reference data (such as government demographic and geographic datasets)
Predicted attributes may include characteristics such as likely age range, gender, geographic classification, price sensitivity, shopping preferences, and engagement scoring. These values are statistical predictions, not confirmed facts about any individual.
We do not purchase personal data from third-party data brokers. Enrichment is derived from your own customer data combined with publicly available reference data. You may opt out of enrichment at any time (see Section 6).
1.5 Service and Usage Data
To operate, secure, and improve the Service, we collect limited technical data, including:
- Application and error logs, configured to exclude personal data where practicable
- API request metadata (such as endpoint, method, and response status)
- Basic session and authentication information needed to keep your account secure
We do not use third-party advertising trackers, marketing pixels, or cross-site tracking technologies on the customer dashboard at app.retentionlab.ai. For analytics on our public marketing website, see Section 1.6 below.
1.6 Marketing Website Analytics
Our public marketing website at retentionlab.ai uses Google Analytics 4 (“GA4”), provided by Google LLC, so we can understand how visitors interact with our pages and improve our content, tools, and product information.
When you visit retentionlab.ai, GA4 collects:
- Pages you visit, time on page, and navigation paths through the site
- Approximate location (typically city or region level, derived from your IP address)
- Device type, browser, operating system, and screen size
- The referring website or search query that brought you to retentionlab.ai
- Anonymous identifiers stored in cookies on your browser
GA4 does not collect from the marketing website:
- Your name, email address, or other directly identifying information (unless you submit it through a form on the site, in which case the submission goes directly to our contact management system, not through GA4)
- Payment information
- The content of any forms you fill out
Google may use the data it collects in accordance with its own Privacy Policy and the Google Analytics terms of service. We have configured GA4 to support IP-address shortening where the platform allows it.
How to opt out of analytics on retentionlab.ai:
- Install the Google Analytics Opt-Out Browser Add-on
- Use a browser that blocks third-party cookies, or enable a Do Not Track or Global Privacy Control signal
- Clear or block cookies from
googletagmanager.comandgoogle-analytics.comusing your browser's cookie controls
2. How We Use Your Information
We use the information we collect to:
- Analyze customer retention patterns, including churn risk, cohort behavior, and channel and product performance
- Generate campaign recommendations and identify at-risk or high-value customers
- Deliver approved campaigns by sending customer lists and content to your connected messaging providers
- Track campaign performance and attribute recovered or incremental revenue
- Enrich customer profiles with predicted attributes to improve your targeting
- Bill your account and manage your subscription
- Maintain, secure, monitor, and improve the Service
- Comply with our legal obligations and enforce our Terms of Service
We do not:
- Sell your data or your customers' data to any third party
- Use your data for advertising purposes unrelated to your account
- Share your customer data with other RetentionLab customers
- Use your data to train general-purpose AI models for purposes other than serving your account and improving the Service
3. How We Share Your Information
We share data only with trusted service providers, and only to the extent necessary to operate the Service. These providers are contractually required to protect your data and use it only for the purposes we specify.
3.1 Messaging Providers You Connect
When you connect an email or SMS provider and approve campaigns, we push customer lists and campaign content to that provider on your behalf. Your messaging provider acts as a data processor under your agreement with them.
3.2 Payment Processor
We share limited account information (such as name, email, and billing metadata) with our payment processor to manage your subscription and invoices.
3.3 Cloud Infrastructure
We use reputable cloud infrastructure providers to host our application, database, and file storage. All data is stored in data centers located in the United States, with encryption in transit and at rest.
3.4 Operational Tooling
We use a limited number of operational tools for error monitoring, logging, and customer support. These tools are configured to minimize the collection of personal data, and receive only the information needed to keep the Service running reliably.
3.5 Your Connected Platforms
We access your connected e-commerce, CRM, or marketing platforms through their authorized APIs. Wherever possible, we use read-only access and do not modify your products, inventory, pricing, or customer records on those platforms unless you explicitly enable a feature that requires write access.
3.6 Legal and Safety
We may disclose information if required to do so by law, valid legal process, or to protect the rights, property, or safety of RetentionLab, our customers, or others. Where permitted, we will notify you before disclosing your information in response to a legal request.
We do not share your data with:
- Data brokers or resellers
- Advertising networks or marketing data platforms
- Other RetentionLab customers
4. Data Security
We maintain administrative, technical, and physical safeguards designed to protect your information. These include, at a high level:
- Encryption of data in transit using modern TLS, and encryption of sensitive data at rest
- One-way hashing of passwords and of sensitive customer identifiers where appropriate
- Access controls that limit data access to authorized personnel and services on a need-to-know basis
- Session management using short-lived authentication tokens with rotation
- Network protections including firewalls, restricted administrative access, and rate limiting on sensitive endpoints
- Standard security headers and hardening on all web endpoints
- Ongoing monitoring, logging, and periodic review of our security posture
No method of transmission or storage is 100% secure. While we work hard to protect your information, we cannot guarantee absolute security. If we become aware of a security incident that affects your data, we will notify you in accordance with applicable law.
5. Data Retention
We retain data only as long as necessary to provide the Service and meet legal obligations:
| Data type | Retention period |
|---|---|
| Account information | For the duration of your account, plus a short grace period after cancellation |
| Customer data (orders, profiles, enrichment) | For the duration of your account; deleted upon account termination or on written request, subject to legal holds |
| Campaign history and performance data | For the duration of your account |
| Integration credentials | Deleted promptly upon disconnection of the integration |
| Uploaded files | For the duration of your account, unless deleted earlier on request |
| Payment records | Managed by our payment processor under its own retention policy |
| Error and operational logs | Retained for a limited period for debugging and security purposes |
Upon termination of your account, you may request deletion of all associated data by contacting us at privacy@retentionlab.ai. Some information may be retained where required by law, for dispute resolution, or to enforce our agreements.
6. Your Rights
Depending on where you are located, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate personal information
- Request deletion of your account and associated data
- Disconnect your integrations at any time from the Integrations page
- Export your data in a standard, portable format
- Opt out of enrichment and predicted attribute generation for your customers
- Object to or restrict certain processing, to the extent required by applicable law
- Withdraw consent where processing is based on consent
To exercise any of these rights, contact us at privacy@retentionlab.ai. We will respond within the time required by applicable law. We will not discriminate against you for exercising any of these rights.
For U.S. state residents (including California): You have additional rights under state privacy laws such as the CCPA/CPRA, including the right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.
7. Data Processing Roles and Your Responsibilities
For the customer data you provide or connect to the Service, RetentionLab acts as a data processor (or service provider) on your behalf. You are the data controller and determine what data is shared with us and for what purpose.
As the data controller, you are responsible for:
- Having a valid legal basis to collect and share your customers' data with RetentionLab
- Maintaining your own privacy policy that accurately describes your use of analytics, marketing, and retention tools
- Complying with applicable laws, including CAN-SPAM, TCPA, GDPR, and U.S. state privacy laws
- Honoring opt-out and unsubscribe requests from your customers; we sync suppression lists from your connected providers to help prevent sending to unsubscribed contacts
8. Automated Decision-Making
RetentionLab uses data science and machine learning to:
- Predict which customers are likely to churn and assign risk scores
- Recommend campaign types, timing, offers, and products
- Select content or template variants based on historical performance
- Predict customer attributes from purchase behavior and public reference data
You remain in control. You can review, approve, modify, or override automated decisions through the Service's approval and settings interfaces, and you can disable specific automated features at any time.
9. Children's Privacy
RetentionLab is a business-to-business service not directed to children. We do not knowingly collect personal information from children under the age of 13 (or the equivalent minimum age in the relevant jurisdiction). If you believe a child's information has been submitted to us, please contact privacy@retentionlab.ai and we will delete it promptly.
10. International Data Transfers
Our Service is operated from the United States, and data we collect is stored and processed in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States, which may have data protection laws different from those of your country. Where required, we implement appropriate safeguards (such as standard contractual clauses) for international transfers.
11. Third-Party Services
The Service may link to, or interoperate with, third-party services (such as your e-commerce platform or messaging provider). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy practices of any third party before connecting it to your account.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice in the Service at least 30 days before the changes take effect, unless a shorter period is required by law. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
13. Contact Us
For questions about this Privacy Policy, data requests, or privacy concerns:
- Privacy and data requests: privacy@retentionlab.ai
- General inquiries: insights@retentionlab.ai