LISPSI ← Back to Lispsi

Privacy Policy

Effective date: 2026-06-17 · Last reviewed: 2026-06-17

This policy applies to the Lispsi website builder (the "Service"), operated by BizTransit Sdn Bhd (Co. No. 891234-X) ("Lispsi", "we", "us"). It explains what we collect, why, the third parties we rely on, and your rights. Capitalised terms not defined here have the meaning given in our Terms of Service.
Contents
  1. Data we collect
  2. How & why we use it
  3. Legal bases (GDPR)
  4. Third parties & sub-processors
  5. AI content generation
  6. Cookies
  7. Retention
  8. Your rights
  9. International transfers
  10. Children
  11. Security
  12. Changes
  13. Contact

1. Data we collect

Account data

When you sign in with Google, we receive the name, email address, and profile picture associated with your Google account, and confirmation that Google has verified your email. We do not receive your Google password.

Content you create

The websites, pages, text, and images you generate, upload, or edit. This includes business descriptions you type for AI generation, uploaded media, and the conversation history used to edit pages. This data is stored to provide and host your site.

Usage & technical data

Plan, billing state, feature usage (message/media counts used to enforce your plan), approximate IP address (derived for rate-limiting and abuse prevention), browser type, and service logs.

Billing data

We store a reference to your Stripe/PayPal customer and subscription. Card numbers are handled entirely by Stripe/PayPal — we never receive or store full card details.

2. How and why we use it

DataPurpose
Account dataIdentify you, secure your account, prevent fraud/abuse
ContentBuild, host, and publish your websites; enable AI-assisted editing
UsageEnforce plan limits, bill correctly, improve the Service
Billing referencesProcess subscriptions, taxes, refunds, and disputes
Technical/logsOperate, monitor, secure, and troubleshoot the Service

3. Legal bases (EEA / UK / Switzerland — GDPR)

  • Performance of a contract — hosting your site and providing features you requested.
  • Legitimate interests — security, fraud/abuse prevention, and service improvement, balanced against your rights.
  • Legal obligation — tax and record-keeping duties.
  • Consent — for non-essential cookies or optional analytics, where applicable.

4. Third parties & sub-processors

We rely on the following providers, each under their own terms and data practices:

ProviderUsed forData shared
GoogleSign-in (OAuth)Name, email, profile picture
Stripe / PayPalPaymentsBilling references (not card numbers)
MiniMaxAI content generationText prompts you submit for generation/editing
CloudflareMedia storage (R2), CDN, Pages hostingYour site content & media
Cloud infrastructureHosting the ServiceAll Service data

We do not sell your personal data.

5. AI content generation

To generate and edit website content, the text you provide (such as a business description or an edit instruction) is sent to our AI provider. Generated content is validated by our sandbox before it is stored or shown. Avoid submitting personal data about other people (e.g. customer lists) in prompts. AI output may be inaccurate; review before publishing.

6. Cookies

We use a strictly necessary authentication cookie (HttpOnly, Secure over HTTPS, SameSite=Strict) to keep you signed in, and a short-lived cookie during Google sign-in to prevent CSRF. We do not use advertising cookies. See our Cookie Policy for detail.

7. Retention

We keep your data for as long as your account is active. When you delete your account, we cancel any subscription, delete your sites and their content, remove uploaded media (including from object storage), and clear your session. Limited records (e.g. billing references, tax records) are kept as required by law. Published sites remain online only while the account/site exists.

8. Your rights

Depending on where you live, you may have the right to:

  • Access the data we hold about you;
  • Correct inaccurate data;
  • Delete your data (you can do this instantly via Delete account in the dashboard);
  • Export a copy of your site content (backup);
  • Object to or restrict certain processing;
  • Withdraw consent where we rely on it;
  • Lodge a complaint with your local data protection authority.

California residents: see the CCPA note below. To exercise any right, email [email protected].

California (CCPA / CPRA)

We do not sell personal information. California residents may request disclosure, deletion, and correction of their personal information and may designate an authorised agent.

9. International transfers

Your data is processed in the region where our infrastructure and providers operate (including Singapore, the United States, and the EU, depending on the provider). Where data leaves the EEA/UK/Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses.

10. Children

The Service is not directed to children under 16 (or the minimum age in your country). We do not knowingly collect their data. If you believe a child has provided data, contact us and we will delete it.

11. Security

Access is authenticated, data is isolated per site, traffic is encrypted (HTTPS), inputs are validated, and secrets are kept out of the application. No method of transmission or storage is fully secure; we aim for strong, defence-in-depth controls appropriate to the data.

12. Changes to this policy

We may update this policy. For material changes we will notify you (e.g. in-app or by email) and update the "Effective date" above. Continued use after a change constitutes acceptance.

13. Contact

Questions or requests: [email protected].

EU/UK representative (where required): BizTransit Sdn Bhd, Level 28, Lingkaran Syed Putra, Mid Valley City, 59200, Kuala Lumpur, Malaysia. Email: [email protected].

Terms of Service Cookie Policy Copyright / DMCA Acceptable Use © 2026 Lispsi · BizTransit Sdn Bhd (Co. No. 891234-X)