Privacy Policy

Effective date: January 1, 2026

This Privacy Policy explains how Design Sensei LLC (doing business as Design Shifu, “Design Shifu,” “we,” “us,” “our”) collects, uses, discloses, and protects personal information when you visit www.designshifu.com (the “Site”), use our dashboards/apps, subscribe to our services, interact with our email/SMS communications, or partner with us (collectively, the “Services”). If you do not agree with this Policy, please do not use the Services.

Legal entity & contact
Design Sensei LLC, 30 N Gould St STE R, Sheridan, WY 82801, USA
Email: privacy@designshifu.com • Support: support@designshifu.com

Controller vs. Processor

We generally act as an independent business/“controller” for Site visitors, prospects, and direct subscribers. If you purchased through a White-Label Partner (WLP) , the White-Label Partner (WLP) is usually the controller and we act as a processor/service provider on their behalf. Send your privacy requests to your White-Label Partner (WLP); we’ll support them as required.

1) Notice at Collection (what we collect, why, and how long)

We collect the categories below for the purposes stated. We retain data only as long as needed for those purposes (see §12).

Category Examples Why we collect Typical retention
Identifiers name, email, phone, IP, device IDs account creation, authentication, support, security; limited marketing with unsubscribe life of account + up to 3 years; marketing: up to 24 months since last interaction
Customer records billing contact, company, addresses billing, tax compliance, invoices 7 years (tax/audit)
Commercial info plan, transactions, request history provide Services, account management, analytics life of account + 3 years
Internet/usage data pages viewed, clicks, timestamps, referrers, approximate location via IP improve Services, security, debug; basic analytics 12–24 months
Professional info role/title (optional) B2B sales/support life of account + 3 years
Inferences likely interests (basic) tailor service communications up to 24 months
Sensitive PI (limited) login email, hashed password; 2FA tokens secure access/authentication only (no inference use) life of account; logs 12–24 months

We do not knowingly collect government IDs, precise geolocation, health, biometric, or other special categories. We do not use sensitive personal information to infer characteristics.

2) Sources of personal information

  • Direct: forms, checkout, dashboard submissions, support chats/calls.
  • Automatic: cookies/pixels strictly for functionality and basic analytics; server logs.
  • Third parties: your employer/White-Label Partner (WLP); payment providers; publicly available sources (B2B contact info).

3) How we use personal information

  • Provide and operate the Services (accounts, dashboards, design requests, support).
  • Billing and administration (payments via PCI-compliant processors, invoicing, fraud prevention).
  • Security and integrity (detect, prevent, and respond to security incidents; debug).
  • Communications (transactional emails/SMS; service notifications; legal/ToS updates).
  • Service improvement (usage insights and basic analytics to improve features/quality).
  • Legal compliance (tax, audits, regulatory, law enforcement requests).
  • Corporate transactions (merger, acquisition, asset sale; data may transfer as permitted by law).
  • Portfolio displays (B2B marketing): If you have not opted out under our Terms of Service, we may display your company name, logo, and non-confidential examples of deliverables for marketing. You can opt out anytime by emailing privacy@designshifu.com.

EEA/UK legal bases: performance of a contract; legitimate interests (service improvement, security); consent where required (e.g., cookies/SMS/email in certain regions); legal obligation.

4) Email marketing

We follow CAN-SPAM and applicable laws.

  • You can unsubscribe at any time via the link in our emails or by emailing privacy@designshifu.com.
  • Unsubscribing from marketing will not stop transactional/service emails (e.g., invoices, password resets).

5) SMS & Phone Communications

We may collect and use your phone number to send service-related communications via SMS (text messages).

How We Collect Phone Numbers
We collect your phone number when you voluntarily provide it through our website, including but not limited to demo booking forms, onboarding scheduling forms, trial sign-up, or account registration flows where phone number entry and SMS disclosure are presented.

How We Use Phone Numbers
We use phone numbers solely for service-related and account-related communications, including but not limited to:

  • Call scheduling confirmations
  • Call reminders
  • Follow-up messages after calls or meetings
  • Trial or plan confirmations
  • No-show follow-up messages to reschedule calls
  • Reminders to book onboarding or setup calls

We do not send promotional or marketing SMS messages unless explicit consent is separately obtained.

Consent to Receive SMS
By providing your phone number and submitting a form where SMS disclosure is presented, you consent to receive automated SMS messages from Design Shifu for the service-related purposes described above. Consent to receive SMS messages is not a condition of purchase.

We maintain records of SMS consent and opt-out requests as required by applicable law and carrier guidelines.

Opt-Out and Help
You may opt out of receiving SMS messages at any time by replying STOP to any message.
For assistance, you may reply HELP to any message or contact us at privacy@designshifu.com.

Message & Data Rates
Message and data rates may apply depending on your mobile carrier and plan.
Message frequency may vary based on your interactions with us, such as booking, rescheduling, or onboarding activity.
Mobile carriers are not responsible for delayed or undelivered messages.

Data Sharing
We do not sell, rent, or share your phone number with third parties for their marketing purposes.
We may share your phone number with trusted service providers solely as necessary to deliver SMS communications and related services on our behalf, in accordance with this Privacy Policy.

Data Retention and Security
We retain phone numbers only as long as necessary to provide the services described or as required by law. We implement reasonable administrative, technical, and organizational measures to protect your personal information.

6) Cookies & analytics

We use strictly necessary cookies and basic analytics to operate the Site, keep you signed in, remember preferences, and understand aggregate usage.

Your choices: You can manage cookies via your browser settings. If you block cookies, some features may not work.

We do not use cross-context behavioral advertising or retargeting cookies.

When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email. We (or service providers on our behalf) may then send communications and marketing to these email. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.

7) “Sale” / “Share” of personal information (US state laws)

We do not “sell” or “share” personal information as those terms are defined under the California Privacy Rights Act (CPRA) and similar state laws. If this ever changes, we will update this Policy and provide a method to opt out.

We do not knowingly sell/share personal information of minors under 16.

8) Disclosure of personal information

We disclose data to:

  • Service providers/processors (cloud hosting, analytics, security, billing, email/SMS, support tools) under contracts limiting use to our instructions;
  • White-Label Partner (WLP)s/partners (if you purchased through them, or you instruct us to integrate);
  • Professional advisors and authorities where required by law;
  • Transaction parties (if we enter an M&A or similar deal);
  • At your direction (e.g., you connect Slack, Zapier, or upload licensed assets).

We do not permit service providers to use your data for their own marketing.

9) International transfers

We are US-based. If you are outside the US, your information may be processed in the United States and other countries with different data-protection laws. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses, and the UK Addendum).
Subprocessors: We use vetted service providers to deliver the Services. A current list of core subprocessors is available on request at privacy@designshifu.com.

10) Security

We use administrative, technical, and physical safeguards appropriate to the risk (encryption in transit, hardened cloud infrastructure, access controls, least-privilege, audit logging, 2FA for internal access). No method is 100% secure.

Incident response: If we discover a security incident affecting your data, we will notify you and/or regulators as required by law.

11) Children

Our Services are not directed to minors under 18. We do not knowingly collect data from minors under 18. If you believe a minor provided data, contact privacy@designshifu.com and we will delete it.

12) Retention

We keep data only as long as necessary for the stated purposes, to comply with law, and to resolve disputes. Typical periods:

  • Account/profile: life of account + up to 3 years
  • Billing/tax records: 7 years
  • Usage logs & basic analytics: 12–24 months
  • Marketing CRM: up to 24 months since last interaction
  • SMS metadata: up to 12 months after last message

When no longer needed, we delete or de-identify data in a commercially reasonable manner.

13) Your privacy rights

Your rights depend on your location. We honor requests as required by law and, where reasonable, more broadly.

California (CPRA/CCPA) – If and to the extent these laws apply, you may have the right to know/access, correct, delete, data portability, and non-discrimination. Because we do not “sell” or “share” PI, there is no sale/share opt-out to provide.
No financial incentives: We do not offer price or service differences, rewards, or other incentives in exchange for your personal information.
EEA/UK (GDPR) – You may have rights to access, rectify, erase, restrict, object, portability, and to withdraw consent (where used). You may lodge a complaint with your supervisory authority.

Other US states – You may have similar rights under VA/CO/CT/UT, etc.

How to exercise your rights

Email privacy@designshifu.com with subject “Privacy Request.” We’ll verify your identity (e.g., email verification/account sign-in). If we deny a request (e.g., cannot verify, legal exception applies), we’ll explain why and how to appeal if your state law provides an appeal right.

Appeals: If we deny your request, you may appeal by replying to our decision email or emailing privacy@designshifu.com with subject line ‘Privacy Appeal’. We’ll respond within the timeframe your state law requires and explain our decision.

14) Third-party links & integrations

Our Site may link to third-party sites or allow integrations (e.g., Slack, Zapier, storage providers). Their privacy practices are their own. Review those policies before enabling or sharing data. We are not responsible for third-party practices.

15) Licensed content, client assets, and IP rights

If you upload assets (including fonts) or instruct us to use third-party Licensed Content, you represent you have the necessary rights. We process such assets only to provide the Services, under your direction (as controller, in White-Label Partner (WLP) scenarios).

16) Changes to this Policy

We may update this Policy from time to time. We’ll post the updated version with a new “Effective date” and, where required, provide additional notice. Your continued use of the Services means you accept the updated Policy.

17) Contact us

Design Sensei LLC (Design Shifu)
30 N Gould St STE R, Sheridan, WY 82801, USA
Email: privacy@designshifu.com • Support: support@designshifu.com

Appendix: Email & SMS Legal Summary (plain-English)

  • Email (CAN-SPAM): clear sender identity; non-deceptive subject lines; physical mailing address; working unsubscribe honored within 10 business days.

SMS (TCPA/CTIA): prior express consent for automated or service-related texts (and additional consent where marketing messages are sent); disclose purpose, frequency, “Msg & data rates may apply,” “Consent not a condition of purchase,” STOP/HELP instructions, and carrier liability disclaimer; maintain opt-out logs; promptly honor STOP.