Privacy Policy
03.10.2025
At Go:Lofty we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and safeguard your personal data in accordance with the EU General Data Protection Regulation (GDPR), the Croatian Act on the Implementation of the GDPR, and other applicable laws.
By using our website, purchasing digital products, or subscribing to our AI-SaaS services, you agree to the practices described in this policy.
About golofty.io
Controller: Go:Lofty
Registered address: 10000 Zagreb, Croatia
Email: [email protected]
Go:Lofty is the data controller responsible for your personal data. We provide digital products, consulting, and AI-powered SaaS subscriptions to businesses globally. We do not sell your personal data.
If you have questions, you may contact us at the details above.
The legal information is located here.
Scope of This Privacy Policy
This Privacy Policy applies to individuals who:
Visit our website [golofty.io]
Purchase digital products or subscriptions
Register for accounts or newsletters
Interact with us in a business relationship
If you are an employee or end-user of a business using GoLofty products, please contact that business for information about their data practices.
Data We Collect
We collect personal data in two ways:
A. Information You Provide to Us
Name (first and last)
Email address
Phone number
Company name
Billing and payment information
Job role / function
Location (city, country)
Purpose: Service delivery, account creation, payments, communication, marketing (with consent).
B. Information Collected Automatically
IP address
Device type and browser
Geolocation (city/country level)
Pages visited, features used, session duration
Purpose: Website performance, analytics, security, fraud prevention.
C. Cookies & Tracking Technologies
We use cookies, pixels, and local storage. Please see our Cookie Policy for details.
Legal Bases for Processing
We only process your personal data where a valid legal basis applies under Article 6 GDPR:
| Purpose | Data | Legal Basis |
|---|---|---|
| Service delivery (digital products, SaaS) | Name, email, billing info | Contract (Art. 6(1)(b)) |
| Payment processing | Payment details, billing info | Contract + Legal obligation (Art. 6(1)(b),(c)) |
| Customer support & communication | Name, email, messages | Legitimate interest (Art. 6(1)(f)) |
| Marketing newsletters | Email, preferences | Consent (Art. 6(1)(a)) |
| Analytics & performance | IP, device, usage data | Legitimate interest (Art. 6(1)(f)) |
| Security & fraud prevention | Logs, IP, device data | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance | Any data required by law | Legal obligation (Art. 6(1)(c)) |
How We Use Your Data
Service delivery: Provide and manage subscriptions, accounts, and digital products.
Communication: Respond to inquiries, send service updates, deliver marketing (if you opted in).
Performance analytics: Improve services, monitor usage trends, optimize features.
Legal compliance: Fulfill accounting, tax, and regulatory duties.
Security: Detect and prevent fraud or misuse.
- We do not use your data for automated decision-making that produces legal or significant effects.
Sharing Your Data
We only share data with trusted partners who help us deliver services:
Payment processing: Stripe Payments Europe Ltd. (EU)
Hosting & infrastructure: Hostinger / Google Cloud (EU region)
Analytics: Google Analytics (Google Ireland Ltd)
Email & CRM: HubSpot
All providers are bound by GDPR-compliant data processing agreements and cannot use your data for their own purposes.
We may also disclose data if required by law, court order, or to enforce our terms.
International Transfers
If your data is transferred outside the EU/EEA (e.g. to the U.S.), we apply Standard Contractual Clauses (SCCs) or rely on adequacy decisions of the European Commission.
A copy of these safeguards can be obtained by contacting us at [email protected].
Data Retention
We only keep your data as long as necessary:
Inactive accounts: 24 months
Completed orders: 5 years (legal obligation)
Cancelled orders: 60 days
Pending/failed orders: 30 days
Payment processor (Stripe) data: 30 days after transaction
Marketing subscriptions: until consent withdrawn + 2 years audit record
Support inquiries: 2 years
Analytics data: 13 months
When retention ends, data is securely deleted or anonymized.
Your Rights
Under GDPR you have the right to:
Access: Request a copy of your data
Rectification: Correct inaccuracies
Erasure: Request deletion (“right to be forgotten”)
Restriction: Limit how we process your data
Objection: Stop processing (esp. marketing)
Portability: Receive data in machine-readable format
You can exercise these rights by emailing [email protected].
Security of Your Data
We apply technical and organizational measures including:
Encryption of data in transit and at rest
Access control and role-based permissions
Regular system monitoring and patching
Secure data storage within EU data centers
However, no system is 100% secure, and we cannot guarantee absolute security.
Children’s Privacy
Our services are not intended for individuals under 16 years of age (Croatian legal minimum for digital consent). We do not knowingly collect personal data from children under this age. If we learn we have collected such data, we will delete it promptly.
Changes to This Privacy Policy
We may update this policy to reflect legal or business changes. The “Last Updated” date indicates the latest version. Significant changes will be communicated via email or website notices.
Contact Us
Go:Lofty
10000 Zagreb, Croatia
Email: [email protected]