Summary of Key Points
- What personal information do we process? Information depends on how you interact with our Services, including account data, customer lists you upload, and usage data.
- Do we process sensitive personal information? In some cases we may process customer contact lists uploaded by users, which may include personal contact details.
- Do we collect information from third parties? Yes, from integrations such as Google Business Profile and analytics providers.
- How do we keep your information safe? We use industry-standard technical and organizational security safeguards including encryption and access controls.
- What rights do you have? Depending on your location, you may request access, correction, or deletion of your personal data.
- Do we sell your data? No. We do not sell personal data to third parties.
1. Who We Are
Karavaan LLC, a limited liability company organized under the laws of the State of Delaware, United States, operates the Lapio platform ("Lapio," "we," "us," or "our"). Lapio is a Google review management and customer re-engagement service built for home service businesses. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our website and services (collectively, the "Service").
If you have questions about this Policy, contact us at privacy@lapio.io.
2. Information We Collect
2.1 Information You Provide
- Account data: Name, email address, phone number, business name, and business type when you sign up.
- Customer data you upload: Contact information (names, phone numbers, email addresses) of your customers that you import to send review requests or rebooking messages on your behalf.
- Payment information: Billing details processed securely through our payment processor. We do not store full card numbers.
- Communications: Messages you send to our support team.
2.2 Information Collected Automatically
- Usage data: Pages visited, features used, time spent, and actions taken within the Service.
- Device and log data: IP address, browser type, operating system, referring URLs, and timestamps.
- Cookies and similar technologies: See Section 9 for details.
2.3 Information from Third Parties
When you connect your Google Business Profile, we receive review data from that platform necessary to provide the Service.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Service
- Send review request SMS and email messages to your customers on your behalf
- Send rebooking messages to your past customers on your behalf
- Run reactivation campaigns to your uploaded customer lists
- Process payments and manage your subscription
- Create and manage your account
- Send you service-related notices, updates, and support responses
- Send promotional communications about Lapio (you can opt out at any time)
- Analyze usage trends to improve product features and performance
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
4. Legal Bases for Processing
We process personal information only when we have a valid legal basis to do so, including:
- Consent: Where you or your End Customers have given express consent to receive specific communications.
- Contractual necessity: Processing necessary to perform our contract with you, including operating the Service.
- Legal compliance: Processing necessary to comply with our legal obligations.
- Legitimate interests: Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and maintaining security, where those interests are not overridden by your rights.
5. How We Share Your Information
We do not sell your personal data. We may share information in the following circumstances:
5.1 Service Providers
We share data with trusted vendors who help us operate the Service, including:
- Cloud hosting and infrastructure providers
- SMS and email delivery providers
- Payment processors (e.g., Stripe — see Stripe's privacy policy for how they handle payment data)
- Analytics providers
- CRM tools (e.g., HubSpot) for managing leads and customer communications
- Authentication service providers
These vendors are contractually required to protect your data and may only use it to provide services to us.
5.2 Your Customers' Data
Customer contact data you upload is used solely to send review requests or rebooking messages on your behalf. We do not use your customers' data for our own marketing purposes.
5.3 Business Transfers
If Karavaan LLC is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will provide notice before your data is transferred and becomes subject to a different privacy policy.
5.4 Legal Requirements
We may disclose your data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Lapio, our users, or the public.
5.5 Third-Party Platform Disclaimer
The Service integrates with third-party platforms such as Google. These platforms operate independently and may remove or modify reviews at their own discretion. Lapio cannot guarantee the visibility, permanence, or availability of reviews on any third-party platform. We are not responsible for the privacy practices of third-party platforms you connect to the Service.
6. Customer Data You Upload
You are the data controller for the customer contact information you upload to Lapio. You are responsible for:
- Ensuring you have the legal basis and appropriate consents to share your customers' data with us and to contact them via the Service
- Complying with applicable privacy laws (including TCPA, CAN-SPAM, GDPR, CCPA, and any other applicable federal or state legislation) governing communications sent to your customers
- Honoring your customers' requests to opt out of communications promptly
- Keeping your uploaded customer data accurate and up to date
We process this data solely on your instructions as your data processor. Lapio does not independently verify how customer contact information was obtained and relies on your representations that such data was collected lawfully.
6.1 Mobile Messaging and SMS Opt-In Data
The following specific rules govern the collection, use, and sharing of mobile phone numbers and SMS consent data through the Service:
- No third-party marketing use: Mobile phone numbers and SMS/MMS opt-in consent data collected through the Service will not be shared with, sold to, or used by any third party for their own marketing or promotional purposes.
- Carrier transmission: To deliver messages, we share phone numbers and message content with SMS gateway providers and US wireless carriers (including AT&T, T-Mobile, Verizon, and others) solely for message delivery. These parties are contractually prohibited from using this data for any other purpose.
- Consent records: The platform records the timestamp, method, and confirmation of each SMS opt-in. These records are available to you as the data controller upon request.
- Opt-out suppression: When a recipient replies STOP (or any standard opt-out keyword), the number is immediately added to a suppression list and no further messages will be sent to that number. Suppression lists are maintained indefinitely.
- Data minimization: We collect and retain only the minimum data necessary to operate the SMS program and satisfy carrier and regulatory requirements.
- 10DLC registration data: As part of A2P 10DLC campaign registration with US carriers, we may share your business name, campaign description, and message samples with The Campaign Registry (TCR) and wireless carriers. This is used solely for campaign vetting and not for marketing.
7. Marketing Use of Your Business Information
We may use certain business-related information to create case studies or marketing materials about our Services. This may include your business name, publicly available reviews and testimonials, and high-level performance results such as increased review volume.
If you prefer not to have your business included in our marketing materials, contact us at privacy@lapio.io and we will make commercially reasonable efforts to honor your request going forward.
We will not use any personally identifiable information about your End Customers in our marketing without explicit consent.
8. Data Retention
We retain your account data for as long as your account is active or as needed to provide the Service. When you close your account, we will delete or anonymize your personal data within 90 days, unless we are required to retain it longer for legal, regulatory, or legitimate business purposes (for example, financial records or dispute resolution).
Customer contact data you upload will be deleted within 30 days of account closure upon request. We may retain certain account-associated information in internal records or aggregated analytics in compliance with applicable law.
9. Cookies and Tracking
We use cookies and similar tracking technologies to:
- Keep you logged in to your account
- Remember your preferences
- Maintain platform security and authentication
- Understand how the Service is used (analytics)
- Improve platform performance and personalize your experience
You can control cookies through your browser settings. Disabling cookies may limit some features of the Service.
10. Do Not Track
We currently do not respond to browser "Do Not Track" signals due to the lack of a standardized industry approach to how such signals should be interpreted.
11. Security
We implement industry-standard technical and organizational measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure. We encourage you to use a strong, unique password for your Lapio account.
In the event of a data breach that affects your rights, we will notify you as required by applicable law.
12. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request that we correct inaccurate or incomplete data.
- Deletion: Request that we delete your personal data, subject to certain legal exceptions.
- Portability: Request your data in a machine-readable format.
- Objection / Restriction: Object to or request restriction of certain processing activities.
- Withdraw consent: Where processing is based on consent, withdraw that consent at any time.
- Opt out of marketing: Unsubscribe from promotional emails at any time via the unsubscribe link in any email we send.
To exercise any of these rights, email us at privacy@lapio.io. We will respond within 30 days. We may verify your identity before processing your request.
13. United States Privacy Rights
Residents of certain US states have specific privacy rights under their state's laws. We describe the most significant below.
13.1 California (CCPA / CPRA)
California residents have the right to: (a) know what personal information we collect, use, disclose, or sell; (b) request deletion of personal information we hold; (c) opt out of the sale or sharing of personal information; and (d) not be discriminated against for exercising these rights. We do not sell personal information. To exercise your rights, contact us at privacy@lapio.io.
13.2 Other States
Residents of Virginia, Colorado, Connecticut, Texas, and other states with comprehensive privacy laws may have similar rights to access, correct, delete, and opt out of certain data uses. To exercise your rights, contact us at privacy@lapio.io and specify your state of residence. We will respond in accordance with applicable law.
14. International Transfers
Karavaan LLC is incorporated in the State of Delaware and operates the Lapio Service in the United States. Your data may be transferred to and processed in the United States or other countries where our service providers operate. Data protection laws in those countries may differ from those in your home jurisdiction. By using the Service, you consent to such transfer and processing.
15. Children's Privacy
The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a person under 18, we will delete it promptly. If you believe a minor has provided us with personal information, please contact us at privacy@lapio.io.
16. Links to Other Sites
The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal information to them.
17. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect when changes were made. For material changes, we will notify you by email or by posting a prominent notice on our website before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.
18. Review, Update, or Delete Your Data
You have the right to request access to the personal information we collect from you, to correct that information, or to delete it. To submit a request, email us at privacy@lapio.io with the subject line "Data Request." For security purposes, we may need to verify your identity before processing your request. We will respond within 30 days.
19. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Company: Karavaan LLC
- Address: 8 The Green, STE B, Dover, DE 19901, United States
- Email: privacy@lapio.io
- Website: lapio.io