Privacy Policy
Last Updated: July 25, 2025
Introduction
Lapel is on a mission to help internet businesses serve their customers more effectively. To achieve this, we build software that helps organizations unify customer data and automate operational workflows.
This Privacy Policy explains how Lapel, Inc. ("Lapel," "we," "our," or "us") collects, uses, and discloses personal data ("Personal Information") in connection with our websites, applications, communications, and services (collectively, the "Business").
Lapel’s products and services are designed for use by businesses, not for personal, family, or household purposes. We process Personal Information in a commercial context to provide these services and operate our business.
This Privacy Policy applies to certain information we collect and process as a controller about you when:
You use or interact with our software platform, APIs, integrations, and related tools (the “Services”)
You visit our website at www.lapel.com (the “Website”)
You communicate with us through forms, chat, or support channels
You engage with our social media pages, marketing emails, newsletters, advertisements, events, and any other online or offline places where you engage with our Business
It also applies to Personal Information we collect about:
Visitors to our Website
Representatives of organizations that are or may become Lapel customers
End users of the Lapel platform and related Services
Event attendees and individuals who participate in Lapel-hosted programs
Individuals who contact us or otherwise interact with our Business
If you have any questions, contact us at privacy@lapel.com.
Applicability & Roles
This Privacy Policy applies to your use of the Business and your interactions with Lapel. We collect and process Personal Information in two primary contexts:
As a Controller: When Lapel collects Personal Information for its own purposes, such as to operate our website, manage prospective customer relationships, run our marketing campaigns, or fulfill our own legal obligations—we act as a data controller.
As a Processor: When Lapel provides Services to customers and processes Personal Information on their behalf, such as when customers connect their CRM, support platforms, email or calendar tools, or analytics systems—we act as a data processor and follow our customers’ instructions.
This policy does not apply to third-party services you may use in connection with Lapel (e.g., email, CRM, analytics, or communication tools). These are governed by their own terms and privacy notices, and each integration is operated by an independent controller of the data it collects or accesses.
If you are an applicant or candidate for a role at Lapel, this policy does not apply. Please refer to our separate Applicant Privacy Notice.
Personal Information We Collect
Information You Provide
We collect the following types of Personal Information when you engage with our Business directly:
Contact Information: such as your name, email address, phone number, company name, and job title.
Account Credentials: such as login identifiers and authentication information, as directed by our customers.
Customer-Supplied Data: such as CRM records, support tickets, product usage data, and communication content provided by your organization.
Content: such as any documentation, files, or information you provide, which may include Personal Information about you.
Communications: such as emails, chat messages, feedback, and other correspondence you send to our business teams
Audio and/or Video Recordings: which may be collected during sales or support calls or meetings, unless you opt out or do not provide consent, as applicable.
Third-Party Information: such as Personal Information you provide about any co-workers, contractors, vendors, or potential referrals, such as their name, email address, phone number, employer, job title, or address.
Information Collected Automatically
We collect certain information automatically when you interact with our Business:
Usage Data: including the features you use, workflows you create, time spent in the product, and crash logs.
Device Data: including browser type, operating system, device type, IP address, and unique identifiers.
Location Data: approximate geographic location derived from your IP address.
We collect this information using cookies, SDKs, pixels, server logs, and similar technologies.
Information from Other Sources
We may also receive Personal Information about you from:
Connected systems such as CRMs, support platforms, email or calendar tools.
Business partners, service providers, and analytics tools.
Public sources such as LinkedIn or corporate websites.
Special Categories of Data
Lapel does not intend to collect sensitive or “special category” Personal Information (e.g., health, biometrics, religious or political beliefs). If you believe such data has been submitted in error, please contact us to request its removal.
How We Use Personal Information
We collect and process Personal Information when you submit it to our Business, including:
To Provide & Operate our Business: including account setup, authentication, provisioning, and access to product features. This includes processing information at your direction, including as expressed through your or your Company's use of certain features in the Services.
To Communicate with You: including transactional emails, product updates, and responding to support requests or feedback.
To Improve & Develop our Business: including debugging, usage analytics, performance tuning, and feature development. This may also include training and improving models and automated systems (such as those used for workflow recommendations or content suggestions), using de-identified or aggregated data only.
For Security & Fraud Prevention: including monitoring user behavior and detecting abuse or suspicious activity.
For Legal & Compliance Purposes: including meeting regulatory requirements, responding to legal requests, and enforcing our rights.
For Marketing & Advertising: including email campaigns, audience targeting, and brand awareness efforts, subject to your preferences.
For Business Operations: including internal audits, planning, forecasting, and investor or stakeholder communications.
To Evaluate or Complete a Corporate Transaction: such as a merger, acquisition, or sale of assets.
Disclosure of Personal Information
We may disclose your Personal Information to the following categories of recipients:
Affiliates: our subsidiaries and other entities under common ownership.
Service Providers: including those who support hosting, analytics, customer support, communications, and marketing operations.
Connected Platforms: where you or your organization have chosen to integrate third-party services. Each third-party integration available within the Lapel platform is operated by its respective provider, which acts as an independent data controller. Lapel is not responsible for their privacy practices.
Business Customers: if your employer or organization is a Lapel customer, we may share information about your use of our Business with them.
Legal, Regulatory, and Advisory Parties: including auditors, legal counsel, consultants, and regulatory authorities.
Successor Entities: in connection with a merger, acquisition, or sale of company assets.
Public Authorities: if required to respond to legal process or protect rights, safety, or property.
We do not sell Personal Information for monetary value.
Your Rights and Choices
Access, Correction, Deletion, And Objection / Restriction
Lapel is designed for use by organizations, and many individuals who interact with our Business do so on behalf of a customer (e.g., an employer). Where we process Personal Information on behalf of a customer as a processor, you should direct any data rights requests to that customer. If you are an authorized user, you may also be able to access, update, or delete certain Personal Information within the Lapel platform.
When we process your Personal Information as a controller, subject to applicable law, you may have the right to:
Know what Personal Information we process about you and to access and receive a copy of it.
Correct inaccurate Personal Information about you.
Request that we delete your Personal Information.
Under certain circumstances, restrict or object to the processing of your Personal Information.
Withdraw consent where processing is based on your consent.
These rights may be limited, for example, if fulfilling your request would reveal Personal Information about another person or if we are required by law to retain certain information.
To exercise any of your rights, email us at privacy@lapel.com. We may request additional information to verify your identity and understand the scope of your request. If we cannot verify your identity, we may deny the request.
In jurisdictions where required, you may also have the right to appeal our decision to deny a data rights request. To do so, contact us with the subject line "Privacy Request Appeal."
If your Personal Information has been processed by Lapel as a processor on behalf of a customer, we will forward your request to the appropriate customer, and we will support them as required by applicable law.
Residents of the E.U., U.K., and Switzerland have the right to lodge a complaint with the appropriate data protection authority in their jurisdiction.
Residents of certain U.S. states—including California, Colorado, Virginia, Connecticut, and other U.S. states with comprehensive data privacy laws—may have additional rights related to “sharing” for targeted advertising or sensitive data collection. Lapel does not sell Personal Information and honors opt-out preference signals (e.g., via GPC) as required by law.
To exercise any rights related to your Personal Information, please email privacy@lapel.com. We may require identity verification to process your request.
Communication Preferences
We may send you service-related or promotional communications. You can:
Opt out of marketing emails using the "unsubscribe" link.
Disable push notifications in your device settings.
Contact privacy@lapel.com to opt out of phone or direct mail.
Please note that some communications (e.g., account or billing notices) are considered transactional and may still be sent.
Cookies and Tracking
We use cookies, web beacons, and similar technologies to operate our website, analyze traffic, and support marketing efforts. Cookies help us understand how users interact with our site and Services and allow us to customize content and features.
You may also exercise certain opt-out rights through Global Privacy Control (GPC) signals in supported browsers. We do not respond to legacy “Do Not Track” signals.
You can manage or disable cookies through your browser settings. If you do, some features of the site may not function properly.
International Data Transfers
Lapel is based in the United States. If you access our Services from outside the U.S., your Personal Information may be transferred to and processed in the U.S. or other countries that may not provide the same level of data protection as your home country.
Where legally required, we implement appropriate safeguards to support cross-border transfers. These include Standard Contractual Clauses approved by regulators, participation in the EU-U.S. and U.K.-U.S. Data Privacy Frameworks (DPF), and supplemental security measures such as encryption and access controls.
Security
We implement reasonable administrative, technical, and physical safeguards to protect Personal Information from unauthorized access, loss, misuse, or disclosure. These include access controls, encryption, and regular monitoring.
However, no system is completely secure. If you suspect a security incident, please contact us at security@lapel.com.
Data Retention
We retain Personal Information for as long as reasonably necessary to fulfill the purposes described in this Policy, including to comply with legal, regulatory, tax, accounting, or reporting requirements. We may also retain information for business continuity, dispute resolution, and enforcement of agreements.
Where retention is no longer necessary, we take steps to securely delete or anonymize data.
Use by Minors
Our Services are not directed to individuals under the age of 16, and we do not knowingly collect Personal Information (as defined by the U.S. Children's Privacy Protection Act, or "COPPA") from anyone under that age. We also do not knowingly "share" or "sell," as those terms are defined under applicable law, the Personal Information of minors under the age of 18.
If you are a parent or guardian of a minor and believe your child has provided us with their information, please contact us at privacy@lapel.com.
Changes to This Policy
We may update this Privacy Policy periodically. If we make material changes, we will notify you by email or a prominent notice on this website.
The “Last Updated” date at the top of this page reflects the effective version of this Policy.
Contact Us; Data Controller
If you have any questions about this Privacy Policy or our data practices, or if you have difficulty accessing this Policy, you can contact us at:
By email: privacy@lapel.com
By mail: Lapel, Inc., Attn: Privacy, 2261 Market Street #22368, San Francisco, CA 94114
Unless otherwise stated, Lapel, Inc. is the data controller of the Personal Information described in this Privacy Policy.
If you are located in the European Union, United Kingdom, or other jurisdiction with similar requirements, we will support the exercise of your privacy rights in accordance with applicable law. For inquiries related to international data protection or cross-border transfers, please use the contact information above.