Privacy Policy

This Privacy Policy explains how LightSite AI ("LightSite", "we", "us") collects, uses, stores, and protects personal information when you visit www.lightsite.ai, use the LightSite AI dashboard at app.lightsite.ai, or interact with our Generative Engine Optimization, AI search visibility, and Answer Engine Optimization services.

What Information We Collect

We collect three categories of data: (1) account information you provide, including name, work email, company name, and billing address; (2) website integration data, including the domain you connect to LightSite, structured data we generate on your behalf, AI bot crawl logs we observe on your domain, and aggregated visibility metrics across ChatGPT, Gemini, Claude, and Perplexity; and (3) usage data such as IP address, browser type, pages viewed, and interactions with the LightSite dashboard.

How We Use Your Data

We use your data to deliver the LightSite AI service: deploy machine-readable infrastructure on your domain, measure how AI assistants interact with your brand, surface visibility insights and competitor gaps, send service-related communications, prevent abuse and secure the platform, and comply with our legal obligations. We never sell personal data to third parties.

Lawful Basis (GDPR)

For visitors and customers in the EU/UK, we process personal data under the lawful bases of contract (delivering services you signed up for), legitimate interest (improving the platform, detecting abuse, and securing infrastructure), and consent (for non-essential cookies and marketing communications, where applicable).

Data Retention

Account and billing data is retained for the life of the account plus seven years for tax and legal compliance. AI bot crawl logs and visibility metrics are retained for 24 months by default to support trend analysis. You may request earlier deletion of any non-billing data by contacting stas@lightsite.ai.

Sub-Processors and Third-Party Services

LightSite uses a small number of trusted sub-processors to deliver the service, including Supabase (database and authentication), Netlify (hosting and edge delivery), Stripe (billing), HubSpot (CRM and marketing), Resend (transactional email), and Google Analytics / Microsoft Clarity (anonymous usage analytics). All sub-processors are bound by data processing agreements that meet GDPR and CCPA requirements.

Your Rights

You have the right to access, correct, export, or delete your personal data; restrict or object to processing; withdraw consent for non-essential processing; and lodge a complaint with your local data protection authority. To exercise any of these rights, email stas@lightsite.ai with the subject line "Data Request" and we will respond within 30 days.

Cookies and Tracking

We use a minimal set of essential cookies for authentication and session management, plus optional analytics cookies (Google Analytics, Microsoft Clarity) that you can decline. We do not use third-party advertising cookies.

Security

LightSite encrypts data in transit (TLS 1.3) and at rest (AES-256), enforces least-privilege access for the engineering team, runs continuous security monitoring, and follows industry best practices including the OWASP Top 10. Detailed security commitments are described in the LightSite Service Level Agreement.

Contact Us

For privacy questions, data requests, or to report a concern, contact stas@lightsite.ai. See also the Terms of Service, SLA, and Refund Policy.