La Lista
Log inGet started
Legal

Privacy policy

Effective March 30, 2026

How La Lista collects, uses, and shares personal data when you use our websites, product, and related services.

We respect your privacy. This policy explains what we process, why, how long we keep it, and what choices you have. If your organization needs a data processing agreement (DPA), see Data processing agreement and Contact. You should have qualified legal counsel review this document for your jurisdictions before relying on it as a binding notice.

Related. For security practices and subprocessors, see Security & trust and Subprocessors. Cookies are covered in our Cookie policy.

Jump to section

On-page anchors — works best on desktop and mobile browsers.

Who we are

La Lista (“we”, “us”) provides software that connects your inventory or job listings to advertising workflows on social platforms. For the purposes of applicable data protection law, we act as the controller of personal data described in this policy, except where we process personal data strictly on behalf of a customer — in those cases we act as a processor, as set out in our agreement with that customer and, where required, our DPA.

What this policy covers

This policy applies to visitors to our marketing sites, users of the La Lista application, and individuals who contact us or receive communications from us. It does not govern third-party sites or services you link to from our product (for example Facebook, Instagram, TikTok, X, or LinkedIn), which have their own policies.

Personal data we process

Depending on how you use La Lista, we may process the following categories of information:

  • Account and billing. Name, work email, company name, authentication identifiers, subscription and payment-related records (payment processing may be handled by a payment provider; we typically receive limited billing metadata rather than full card numbers).
  • Content you or your organization provide. URLs and data from crawled public listings (for example vehicles or jobs), text and media used in creatives, campaign settings, and similar operational content needed to run the service.
  • Integration and advertising platform data. OAuth tokens, technical identifiers, and configuration for connected accounts (for example ad account, Page, or catalog identifiers) as authorized by you in each platform’s settings.
  • Usage and technical data. Log data, approximate location derived from IP where available, device and browser type, timestamps, error reports, and in-product analytics needed to operate and improve the service.
  • Communications. Messages you send via forms (for example Contact), email, or support channels, and records we keep to resolve requests.
  • Marketing preferences. Where permitted, records of consent or opt-out for marketing communications.

Where the GDPR or similar law applies, we rely on one or more of the following legal bases:

  • Performance of a contract — to provide La Lista, authenticate users, sync content you choose to connect, and bill for paid plans.
  • Legitimate interests — to secure the service, prevent abuse, debug and improve features, analyze aggregated usage, and communicate with you about service-related matters, where those interests are not overridden by your rights.
  • Consent — where required for non-essential cookies, certain marketing messages, or other processing we expressly ask you to agree to. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
  • Legal obligation — to comply with applicable law, regulation, or lawful requests from public authorities.

How we share personal data

We do not sell your personal data. We may share it in these situations:

  • Service providers (subprocessors). Hosting, email delivery, analytics, customer support tooling, security monitoring, and similar vendors that process data on our instructions. See Subprocessors.
  • Advertising platforms. When you connect accounts, data needed to publish campaigns is transmitted according to your configuration and each platform’s terms. Those platforms process data under their own policies as independent controllers or as specified in your agreement with them.
  • Professional advisers. Lawyers, accountants, or auditors where necessary and subject to confidentiality.
  • Business transfers. In connection with a merger, acquisition, or sale of assets, subject to appropriate safeguards and notice where required.
  • Legal and safety. When we believe disclosure is required to comply with law, enforce our terms, or protect rights, safety, and security.

International transfers

We may process and store data in the EU/EEA, the United Kingdom, the United States, or other countries where we or our subprocessors operate. Where we transfer personal data from the EU/EEA, UK, or Switzerland to countries not deemed adequate by the relevant authority, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms, together with supplementary measures where appropriate. You may request more detail via Contact.

Retention

We keep personal data only as long as needed for the purposes above, including legal, accounting, and dispute-resolution needs. Retention periods vary by data type: for example, account data is kept for the life of the account and a reasonable period after closure; logs may be retained for a shorter rolling window unless longer retention is required for security investigations. Specific retention rules may also be set out in your agreement with us.

Security

We implement technical and organizational measures appropriate to the risk, including access controls, encryption in transit where applicable, and vendor review. No method of transmission or storage is completely secure. See Security & trust for a high-level overview.

Your rights

Depending on where you live, you may have the right to access, rectify, or erase your personal data; restrict or object to certain processing; request portability of data you provided; withdraw consent where processing is consent-based; and lodge a complaint with a supervisory authority. To exercise these rights, contact us at the details below. We may need to verify your request and may decline requests that are manifestly unfounded or excessive.

Cookies and similar technologies

Our websites and app may use cookies and similar technologies. See Cookie policy for categories and choices.

Children

La Lista is not directed at children under 16 (or the age required in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected such data, contact us and we will take steps to delete it.

Automated decision-making

We do not use personal data for solely automated decisions that produce legal or similarly significant effects concerning you within the meaning of the GDPR.

Changes to this policy

We may update this policy from time to time. We will post the revised version on this page and update the effective date. Where required, we will provide additional notice (for example by email or in-product notification). Continued use of the service after changes become effective constitutes acceptance of the updated policy where permitted by law.

Contact

For privacy questions, requests, or complaints, use Contact or the contact details we provide for your account. For EU/EEA supervisory authorities, you may contact the authority in your country of residence or workplace.

Other legal pages

Keep subprocessors, cookies, and security review in one place.

Security & trust

How we approach access, encryption, and vendors.

Cookie policy

Cookies and similar technologies on our sites.

Subprocessors

Vendors that process data on our behalf.

Data processing agreement

For GDPR-style customer agreements.

Questions about your data?

Reach out for privacy requests, DPAs, or procurement — we’ll route you to the right person.

Contact usData processing agreement