> ## Documentation Index
> Fetch the complete documentation index at: https://docs.ltv.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Compliance

> How LTV.ai protects your data and ensures compliance

LTV.ai is built with security and compliance at its core. We protect your data and your customers' data with enterprise-grade security practices.

## Data Protection

### Encryption

* **In transit** — all data is encrypted using TLS 1.2+ for every connection
* **At rest** — customer data is encrypted using AES-256 encryption
* **Key management** — encryption keys are managed through AWS KMS with automatic rotation

### Access Control

* Role-based access control (RBAC) for all team members
* Multi-factor authentication available for all accounts
* Session management with automatic timeouts
* IP-based access restrictions available for enterprise accounts

## Infrastructure Security

LTV.ai runs on AWS infrastructure with:

* **SOC 2 compliant** hosting environment
* **Automated security patching** and vulnerability scanning
* **DDoS protection** via AWS Shield
* **Network isolation** with private subnets and security groups
* **24/7 monitoring** with automated alerting

## Email Compliance

### CAN-SPAM & GDPR

LTV.ai ensures every email sent through our platform is compliant:

* **Unsubscribe links** — automatically included in every email
* **Physical address** — required sender address in email footer
* **Opt-in management** — respect customer consent preferences
* **Right to erasure** — customers can request data deletion

### Unsubscribe Handling

When a customer unsubscribes:

1. They're immediately removed from all active sequences
2. Added to your brand's exclusion list
3. No further marketing emails are sent
4. Status is synced back to your ecommerce platform

<Info>
  Unsubscribe processing happens in real time. Customers will never receive another marketing email after clicking unsubscribe.
</Info>

## Data Handling

### What We Store

| Data Type         | Purpose                             | Retention           |
| ----------------- | ----------------------------------- | ------------------- |
| Customer profiles | Email targeting and personalization | Duration of account |
| Purchase history  | Segmentation and analytics          | Duration of account |
| Email engagement  | Performance tracking                | Duration of account |
| Email content     | Campaign management                 | Duration of account |

### What We Don't Store

* Credit card or payment information (handled by Stripe/Braintree)
* Customer passwords
* Full order financial details

### Data Deletion

* **Account cancellation** — all data is deleted within 30 days
* **Customer deletion requests** — individual customer data can be removed on request
* **Automatic cleanup** — inactive data is purged according to our retention policy

## Third-Party Services

LTV.ai uses the following trusted third-party services:

| Service      | Purpose              | Compliance             |
| ------------ | -------------------- | ---------------------- |
| **AWS**      | Cloud infrastructure | SOC 2, ISO 27001, GDPR |
| **SendGrid** | Email delivery       | SOC 2, ISO 27001       |
| **Stripe**   | Payment processing   | PCI DSS Level 1        |

## Reporting a Security Issue

If you discover a security vulnerability, please report it responsibly:

<Card title="Report a Vulnerability" icon="bug" href="mailto:security@ltv.ai">
  Email [security@ltv.ai](mailto:security@ltv.ai) with details. We take all reports seriously and will respond within 24 hours.
</Card>