Lighthouse

Privacy Policy

Effective date: August 31, 2023

1. About

Dominik Weber and affiliates' (Lighthouse “we,” “us,” and “our”) goal is to provide a feed reader. This Privacy Policy will help you understand how we collect, use and share your personal information and assist you in exercising the privacy rights available to you.

2. Scope

This Privacy Policy applies to personal information collected, processed, and shared by us, including on our websites and any other services that we own or operate (collectively, the “Services”).

This Privacy Policy does not apply to any processing by third-party websites, services or applications, even if they are accessible through our Services. It does apply to data received by us from such third-parties.

3. Personal information we collect

When we use the term “personal information” in this Privacy Policy, we mean all information that can be used to identify a natural person, either alone or when combined with other information.

Account Information. When you create a Lighthouse account, we collect the personal information you provide to us, your email address and account password. We use AWS Cognito to manage our user accounts, and account information is stored with them.

Payment Information. Where we sell products and services through the Services, we use a third-party application, Paddle, to process your payments. This third-party application will collect information from you to process a payment on behalf of Lighthouse, including your name, email address, location, payment card information, and other billing information. Lighthouse does not receive or store your payment information, but it may receive and store information associated with your payment information (e.g., the fact that you have paid, the last four digits or your credit card information, and your country of origin).

Automatic Data Collection. We collect certain information automatically when you use the Services. This information may include your Internet protocol (IP) address, user settings, MAC address, cookie identifiers, details about your browser, operating system or device, location information (inferred from your IP address), internet service provider, pages that you visit before, during and after using the Services, information about the links you click, and information about how you interact with and use the Services.

Analytics. We use Plausible and Mixpanel to collect and process analytics information on our Services.

4. How we use your information and our legal basis for processing

In this section we describe all the ways we use your personal information, and the legal bases we rely on to do so.

In certain situations, we require your data to pursue our legitimate interests in a way which is reasonable for you to expect as part of running our business and which does not materially affect your rights and freedoms. We have identified below what our legitimate interests are.

When we process your information based on your consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on such consent before it is withdrawn. To exercise your rights, see the Contact Us section of this Privacy Policy.

We use the personal information that you provide to us, that we collect (automatically), and that we receive from third parties for a variety of business purposes, including:

1. Providing and managing the Services or information requested, such as:
  • account creation;
  • managing your information and account;
  • responding to questions, comments, and other requests;
  • processing payment card and/or other financial information to facilitate your use of the Services;
  • managing payments and recovery of debts due to us;
  • providing access to certain areas, functionalities, and features of our Services, including the sharing of content with friends, colleagues and other users;
  • answering requests for customer or technical support; and
  • responding to requests in relation to personal information processed about the individual.

Legal Basis: Performance of the contract with you. Necessary for our legitimate interests to recover debts due to us. Necessary for our legitimate interests to respond to and communicate with you (where we do not have a contractual relationship or legal obligation to do so). Necessary to comply with a legal obligation (including national data protection and consumer protection laws, for example to respond to requests in relation to personal information processed about the individual)

2. Communicating with you about your account, activities on our Services and Privacy Policy or terms of service changes. This includes: the processing of your Account Information Communication Information, Service Use Information, and Customer Service Information.

Legal Basis: Performance of the contract with you. Necessary to comply with a legal obligation (including national data protection and consumer protection laws).

3. Administering and protecting our business and Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting, internal quality control and safety and hosting of data).

Legal Basis: Performance of the contract with you. Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, and to prevent fraud.). Necessary to comply with a legal obligation (including national data protection and information security laws)

4. Using data analytics to improve our website, products/Services, marketing, customer relationships and experiences.

This includes: the processing of your Technical Information, Service Use Information, and Customer Service Information.

Legal Basis: Necessary for our legitimate interests (to define types of customers for our products and Services, to keep our Services updated and relevant, to develop our business and to inform our marketing strategy).

5. De-identifying data and creating aggregated information.

This could include any personal information we process about you.

Legal Basis: Necessary for our legitimate interests

5. Disclosing your information to third parties

We may share any personal information we collect with the following categories of third parties for the purposes described above and as follows:

Service Providers. We may share personal information we collect about you with our service providers. The categories of service providers to whom we entrust personal information include service providers for: (i) the provision of the Services; (ii) payment and transaction processing; (iii) customer service activities.

Disclosures to Protect Us or Others. We will access, preserve, and disclose information we have associated with you to competent law enforcement bodies, regulatory and government agencies, courts or other third parties if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process; (ii) protect your, our or others' rights, property, or safety; (iii) enforce Lighthouse' policies and contracts; (iv) collect amounts owed to us; (v) prevent financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vi) if we, in good faith, believe that disclosure is otherwise necessary or advisable.

6. International data transfers

The personal information we process may be transferred to, processed, and stored anywhere in the world, in jurisdictions which may have data protection laws that are different from the laws where you are located (and, in some cases, may not be as protective), and may be subject to access requests from governments, courts, or law enforcement in those jurisdictions according to applicable laws. We endeavor to safeguard your personal information in accordance with the requirements of applicable laws

Specifically, all personal information we process is transferred to, processed, and stored in the European Union, where our headquarters and our main servers are located. Our third party service providers and partners operate in the geographies identified in the section "Sub Processors". This means that when we collect your personal information, we will process it in any of these countries.

If you have any questions or concerns related to international data transfers, please contact us using the information set forth below.

7. Your choices

General. You have the right to opt out of certain uses of your personal information.

Email. If you receive an unwanted marketing email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future marketing emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (e.g., communications regarding the Services or updates to our Terms of Service or this Privacy Policy).

Cookies. Cookies are only used for authentication and payment processing. Cookies are NOT used for advertising or any other purposes. You cannot opt-out of cookies, as they are vital for providing the services to you.

8. Your privacy rights

In accordance with applicable law, you may have the right to:

  • Confirm whether we are processing your personal information;
  • Request access to and portability of your personal information about you, including: (i) obtaining access to or a copy of your personal information; and (ii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company (the “right of data portability”);
  • Request correction of your personal information where it is inaccurate or incomplete. In some cases, we may provide self-service tools that enable you to update your personal information;
  • Request deletion of your personal information (including to request deletion of your account). In limited circumstances, it may be necessary to retain your Personal Information to comply with legal requirements even if a deletion request is made;
  • Request restriction of or object to our processing of your personal information;
  • Withdraw your consent to our processing of your personal information; and
  • Opt-out of marketing communications. Please see more on this in Section 7, above.

If you would like to exercise any of these rights, please contact us as set forth below.

9. Data retention

We store the personal information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and/or comply with applicable laws. The specific retention periods depend on the nature of the information and why it is collected and processed and the nature of the legal requirement.

When we have no ongoing legitimate business need or legal reason to process or retain your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. You may request deletion of your personal information at any time as noted in “Your Privacy Rights”, above, but that will require you to delete your account with us, as we need your personal information to maintain your account.

10. Third-party websites and applications

The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Visiting these other websites or applications is at your own risk.

11. Changes to our privacy policy

We may revise this Privacy Policy from time to time at our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law. The date that this Privacy Policy was last updated appears at the top of this page.

12. Subprocessors

To support delivery of our Services, Figma, Inc. may engage and use data processors with access to certain Customer Personal Data (each, a "Subprocessor"). This page provides important information about the identity, location and role of each Subprocessor.

Lighthouse may use the following Subprocessors to host Customer Data, provide infrastructure that helps with delivery of our Services, or perform other Service functions:

Entity Name: Vercel Inc.
Additional details: Used for website hosting.
Company location: United States of AmericaData location: European Union

Entity Name: Amazon Web Services
Additional details: Used for server infrastructure, user management, and data storage.
Location: United States of AmericaData location: European Union

Entity Name: MongoDB, Inc.
Additional details: Used for data storage.
Location: United States of AmericaData location: European Union

Entity Name: Paddle.com Inc
Additional details: Used for payment processing.
Location: United States of AmericaData location: United States of America

Entity Name: OpenAI
Additional details: Used for LLM interaction.
Location: United States of AmericaData location: United States of America

Entity Name: Anyscale
Additional details: Used for LLM interaction.
Location: United States of AmericaData location: United States of America

Entity Name: Plausible
Additional details: Used for analytics.
Location: European UnionData location: European Union

Entity Name: Mixpanel, Inc.
Additional details: Used for analytics.
Location: United States of AmericaData location: European Union

13. Contact us

If you have any questions about this Privacy Policy or our privacy practices, or if you wish to submit a request to exercise your rights as detailed in this Privacy Policy, please contact us at:

Email: dominik@lighthouseapp.io