Skip to main content
LTV.ai is built with security and compliance at its core. We protect your data and your customers’ data with enterprise-grade security practices.

Data Protection

Encryption

  • In transit — all data is encrypted using TLS 1.2+ for every connection
  • At rest — customer data is encrypted using AES-256 encryption
  • Key management — encryption keys are managed through AWS KMS with automatic rotation

Access Control

  • Role-based access control (RBAC) for all team members
  • Multi-factor authentication available for all accounts
  • Session management with automatic timeouts
  • IP-based access restrictions available for enterprise accounts

Infrastructure Security

LTV.ai runs on AWS infrastructure with:
  • SOC 2 compliant hosting environment
  • Automated security patching and vulnerability scanning
  • DDoS protection via AWS Shield
  • Network isolation with private subnets and security groups
  • 24/7 monitoring with automated alerting

Email Compliance

CAN-SPAM & GDPR

LTV.ai ensures every email sent through our platform is compliant:
  • Unsubscribe links — automatically included in every email
  • Physical address — required sender address in email footer
  • Opt-in management — respect customer consent preferences
  • Right to erasure — customers can request data deletion

Unsubscribe Handling

When a customer unsubscribes:
  1. They’re immediately removed from all active sequences
  2. Added to your brand’s exclusion list
  3. No further marketing emails are sent
  4. Status is synced back to your ecommerce platform
Unsubscribe processing happens in real time. Customers will never receive another marketing email after clicking unsubscribe.

Data Handling

What We Store

Data TypePurposeRetention
Customer profilesEmail targeting and personalizationDuration of account
Purchase historySegmentation and analyticsDuration of account
Email engagementPerformance trackingDuration of account
Email contentCampaign managementDuration of account

What We Don’t Store

  • Credit card or payment information (handled by Stripe/Braintree)
  • Customer passwords
  • Full order financial details

Data Deletion

  • Account cancellation — all data is deleted within 30 days
  • Customer deletion requests — individual customer data can be removed on request
  • Automatic cleanup — inactive data is purged according to our retention policy

Third-Party Services

LTV.ai uses the following trusted third-party services:
ServicePurposeCompliance
AWSCloud infrastructureSOC 2, ISO 27001, GDPR
SendGridEmail deliverySOC 2, ISO 27001
StripePayment processingPCI DSS Level 1

Reporting a Security Issue

If you discover a security vulnerability, please report it responsibly:

Report a Vulnerability

Email security@ltv.ai with details. We take all reports seriously and will respond within 24 hours.