Skip to main content
LVL Up Performance

Privacy Policy

Last updated: February 25, 2026

LVL Up Performance ("we," "us," or "our") operates the lvlupperformance.com website and the LVL Up Performance platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our QR-powered performance management platform. By using the Service, you agree to the practices described in this policy.

1. Data We Collect

We collect information that you provide directly, information generated through your use of the Service, and information from third-party authentication providers.

Account and Organization Data

  • Name, email address, and hashed password (or OAuth credentials via Google)
  • Organization name, size, and industry
  • Billing information (name, address, and payment card details processed by Stripe — we do not store full card numbers)
  • User role within your organization (employee, manager, CEO, admin, HR admin)

Employee and Performance Data

  • Employee names, email addresses, and team assignments
  • Performance feedback submitted via QR code (including anonymous feedback from employees who do not have accounts)
  • Goals, OKRs, and progress tracking data
  • Competency and skills ratings
  • 360-degree review responses and overall ratings
  • AI-generated coaching insights and performance summaries

Usage and Technical Data

  • Browser type, operating system, and device information
  • IP address and approximate location
  • Pages visited, features used, and session duration
  • Authentication events and session tokens

2. How We Use Your Data

We use the information we collect to:

  • Provide, operate, and maintain the LVL Up Performance platform
  • Process QR-code-based feedback submissions and route them to the appropriate teams and managers
  • Generate AI-powered coaching insights and performance summaries using aggregated and anonymized feedback data
  • Manage subscriptions, process payments, and send billing-related communications
  • Send transactional emails such as account verification, password resets, and feedback notifications
  • Enforce multi-tenant data isolation using Row Level Security policies
  • Monitor platform health, detect abuse, and maintain security
  • Improve the Service based on usage patterns and feedback

3. AI Usage Disclosure

LVL Up Performance uses artificial intelligence, powered by Anthropic's Claude, to provide coaching insights and performance analysis. Here is how AI interacts with your data:

  • What is sent to AI: Aggregated and de-identified feedback text, competency ratings, and goal progress data. We do not send personally identifiable employee information to the AI model unless it is embedded in user-authored feedback text.
  • What AI generates: Coaching recommendations, team performance summaries, trend analysis, and development suggestions. AI insights are automatically triggered when a team accumulates five or more feedback entries.
  • AI data retention: Anthropic does not use data submitted through our API to train its models. Prompts and responses are retained by Anthropic for up to 30 days for safety monitoring, then deleted. Refer to Anthropic's Privacy Policy for details.
  • AI credit usage: AI features are governed by credit limits based on your subscription tier. Usage is tracked per organization.

4. Data Sharing and Third-Party Services

We do not sell your personal information. We share data only with the following third-party service providers, each of which is necessary to operate the platform:

  • Supabase (Database & Auth): Hosts our PostgreSQL database and manages authentication. Your account data, feedback, and performance records are stored in Supabase-managed infrastructure with Row Level Security enforcement. See Supabase Privacy Policy.
  • Stripe (Payments): Processes subscription payments and manages billing. Stripe receives your name, email, and payment card details. We do not store full card numbers on our servers. See Stripe Privacy Policy.
  • Anthropic (AI): Provides the Claude AI model used for coaching insights and performance analysis. Receives de-identified feedback and performance data via API. See Anthropic Privacy Policy.
  • Vercel (Hosting): Hosts and serves the LVL Up Performance web application. Vercel processes request metadata (IP addresses, headers) to deliver content. See Vercel Privacy Policy.
  • Resend (Email): Delivers transactional emails including account verification, password resets, and feedback notifications. Resend receives recipient email addresses and email content. See Resend Privacy Policy.

We may also disclose your information if required by law, court order, or governmental regulation, or if disclosure is necessary to protect the rights, property, or safety of LVL Up Performance, our users, or the public.

5. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled without breaking core functionality.
  • Preference cookies: Store your settings such as theme preference (light/dark mode) and dashboard layout.
  • Analytics cookies: Help us understand how visitors use the platform so we can improve the experience. These can be opted out of.

You can control cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the Service.

6. Data Retention

We retain your data according to the following schedule:

  • Active accounts: Data is retained for as long as your account remains active and your subscription is in effect.
  • Account deletion: When you or your organization administrator deletes an account, we delete or anonymize all associated personal data within 30 days.
  • Feedback data: Anonymized, aggregated feedback data may be retained after account deletion for service improvement purposes, but it will no longer be linked to any identifiable individual.
  • Billing records: Transaction records are retained for up to 7 years to comply with tax and accounting regulations.
  • Audit logs: Security and access logs are retained for up to 1 year for incident investigation purposes.

7. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Request a machine-readable export of your data.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at support@lvlupperformance.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Your Rights Under CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

  • Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to delete: Request deletion of personal information we have collected from you.
  • Right to opt-out of sale: We do not sell personal information. No opt-out is necessary.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at support@lvlupperformance.com. We will verify your identity and respond within 45 days.

9. International Data Transfers

LVL Up Performance is operated from the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States and other countries where our service providers operate. We rely on Standard Contractual Clauses and the data processing agreements of our sub-processors (Supabase, Stripe, Vercel, Anthropic, Mailgun) to provide appropriate safeguards for international data transfers.

10. Children's Privacy

The Service is designed for use by businesses and their employees and is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@lvlupperformance.com and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date above. For significant changes, we will also notify account administrators by email. Your continued use of the Service after a change constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your data rights, please contact us:

Email: support@lvlupperformance.com

Website: lvlupperformance.com

LVL Up Performance, Inc.