Effective date: June 8, 2026
Last updated: June 18, 2026
This Privacy Policy describes how Mulholland Capital Partners LLC, doing business as Siftr.AI ("Siftr," "we," "us," or "our"), collects, uses, and discloses personal information in connection with our website and our AI assistant platform (together, the "Services"). It also explains the choices and rights available to you.
By using the Services, you acknowledge the practices described in this Privacy Policy. If you do not agree, please do not use the Services.
If you are an end user chatting with a Siftr-powered assistant and you simply want to stop messages or delete your conversation history, you can find quick instructions at siftr.ai/help-users.
1. Our two roles: controller and processor
Siftr handles personal information in two distinct roles, and it is important to understand which one applies to you.
When we decide how and why personal information is processed, we act as a controller (or, under California law, a business). This is the case for information about visitors to our website, people who join our waitlist or contact us, and the businesses and individuals who register for an account to configure and operate AI assistants (each, an "Assistant") on our platform ("Customers").
When a Customer uses an Assistant to interact with its own audience, the Customer decides how and why the personal information of those end users ("End Users") is processed. In that case the Customer is the controller, and Siftr acts as a processor or service provider that handles End User personal information on the Customer's behalf and under the Customer's instructions. Our processing in that role is governed by our Data Processing Agreement and by the Customer's own privacy notice. If you are an End User and have questions about how a particular business uses your information, you should contact that business directly.
This Privacy Policy describes our practices as a controller. Where we act as a processor for a Customer, the relevant terms are set out in our Data Processing Agreement.
2. Information we collect
The information we collect depends on how you interact with us.
Information you provide directly. This includes account registration details for Customers, such as name, email address, and organization information; information you provide when you join our waitlist, request a demo, or contact us; and the content of communications you send to us.
Information from End User interactions (handled mainly as a processor). When End Users interact with an Assistant, we process information on the relevant Customer's behalf, including a messaging identifier such as a mobile phone number or a social messaging account identifier, account names and handles associated with a messaging account, the content of the messages exchanged with the Assistant, and optional information an End User chooses to provide during a conversation.
Information collected automatically. This includes metadata such as message and interaction timestamps and logs; device and network information such as IP address, general location derived from IP or area code, browser type, and the messaging platform or carrier used; and website usage information collected through cookies and similar technologies as described below.
Information from third parties. We may receive information from the platforms and service providers that help us operate the Services, such as messaging and social platforms that a Customer connects, and from Customers who configure an Assistant.
We do not intentionally collect special categories of sensitive personal information, and we ask that you not submit such information through the Services.
3. How we use information
As a controller, we use personal information to:
- provide, operate, maintain, and secure the Services;
- create and administer Customer accounts and provide support;
- improve and personalize the performance and responses of the Services;
- communicate with you about the Services, including service-related and, where permitted, product announcements;
- monitor for and prevent fraud, abuse, and misuse of the Services;
- generate aggregated or de-identified analytics that do not identify any individual; and
- comply with legal obligations and protect the rights, property, and safety of Siftr, our users, and the public.
We do not sell your personal information, and we do not use it for third-party advertising or cross-context behavioral advertising. We do not use End User information to build advertising profiles.
Where we rely on consent as our legal basis (for example, certain messaging or analytics cookies), you may withdraw that consent at any time.
4. Messaging and SMS consent
Where the Services are used to send SMS or other messages, messages are sent only to recipients who have provided the consent required by applicable law and the relevant carrier and platform rules. Standard message and data rates may apply. Recipients can opt out at any time by replying STOP, and can request help by replying HELP.
We do not share mobile contact information, or text-messaging originator opt-in data and consent, with third parties or affiliates for their own marketing or promotional purposes. This information is used only to deliver the messaging service and is shared with our service providers only as needed to operate that service.
5. How we disclose information
We disclose personal information only in the following circumstances:
- Service providers and sub-processors. We share information with vendors that perform services for us, such as cloud hosting, database and search infrastructure, AI model providers, messaging delivery, transactional email, and website analytics. These providers are bound by contracts that limit their use of the information to providing services to us. The sub-processors that handle End User information we process on a Customer's behalf are listed in our Data Processing Agreement.
- Customers. Where we process End User information on a Customer's behalf, that information is made available to the relevant Customer.
- Legal and safety. We may disclose information if required by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect the rights, property, or safety of Siftr, our users, or the public.
- Business transfers. If we are involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to this Privacy Policy.
We do not sell personal information, and we do not share it for cross-context behavioral advertising.
6. Cookies and tracking
We use cookies and similar technologies on our website. These fall into two categories. Essential cookies are required for the operation, delivery, and security of the website. Analytics cookies help us measure traffic and usage so we can improve performance and content. We use a third-party website analytics service for this purpose. Our marketing website does not require an account or login, and the analytics data we collect is not used to identify individual visitors. We do not use cookies for advertising, marketing, or cross-site tracking.
You can control or delete cookies through your browser settings. If you disable certain cookies, parts of the website may not function correctly. Third-party sites we link to may use their own cookies, which are governed by their own privacy policies.
7. Data retention
We retain personal information only as long as necessary to provide the Services, to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Where we process End User information on a Customer's behalf, retention is governed by our agreement with the Customer and our Data Processing Agreement, and we delete or return that information as described there following termination, subject to limited exceptions required by law.
8. Data security
We implement technical and organizational measures designed to protect personal information, including encryption of data in transit and at rest through our cloud infrastructure, access controls that limit access to authorized personnel, and logging and monitoring. A more detailed description of our security measures is set out in our Data Processing Agreement. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
9. International transfers
We are based in the United States, and we process and store information in the United States and in other countries where our service providers operate. If you access the Services from outside the United States, your information may be transferred to, stored in, and processed in countries that may not provide the same level of data protection as your jurisdiction. Where required, we use appropriate safeguards for international transfers, such as the European Commission's Standard Contractual Clauses, as described in our Data Processing Agreement.
10. Your privacy rights
Depending on where you live, you may have some or all of the following rights regarding your personal information: the right to access or obtain a copy of it; the right to correct inaccurate information; the right to delete it; the right to restrict or object to certain processing; the right to data portability; and the right to withdraw consent where processing is based on consent.
California residents. Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, you have the right to know what personal information we collect and how we use and disclose it, the right to access and delete it, the right to correct it, and the right to opt out of any sale or sharing of personal information. We do not sell or share personal information as those terms are defined under California law. We will not discriminate against you for exercising your rights.
EEA, UK, and Switzerland. If you are in the European Economic Area, the United Kingdom, or Switzerland, you may exercise the rights described above under the General Data Protection Regulation and equivalent laws, and you have the right to lodge a complaint with your local data protection authority.
To exercise any of these rights, contact us using the details in the "Contact us" section. We may need to verify your identity before responding. If your request concerns information we process on behalf of a Customer (as a processor), we will refer your request to that Customer or assist them in responding.
11. Children's privacy
The Services are not directed to children, and we do not knowingly collect personal information from individuals under the age of 13, or under the applicable minimum age in their jurisdiction. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to delete it.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. We will revise the "Last updated" date above and, where required by law, take additional steps to notify you. Your continued use of the Services after an update takes effect constitutes acknowledgement of the revised policy.
13. Contact us
If you have questions about this Privacy Policy or wish to exercise your rights, you can contact us at:
Mulholland Capital Partners LLC dba Siftr.AI
PO Box 260063, Los Angeles, CA 91426 USA
Privacy and data protection: privacy@siftr.ai
General inquiries: support@siftr.ai