Privacy Policy

Last Updated: December 15, 2025

1. Introduction

Welcome to Light Club ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience on our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Data Controller

Controller: Light Club
Email: privacy@lightclub.com
Address: [Your Business Address]

If you have any questions about this Privacy Policy or our data practices, please contact us at the email address above.

3. Information We Collect

3.1 Personal Information

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, username, password (hashed)
  • Profile Information: Bio, avatar, social media links, personal branding preferences
  • Content: Digital assets, libraries, blog posts, knowledge base articles, media files
  • CRM Data: Contact information, company details, leads, activities
  • Communication: Messages, comments, and other communications

3.2 Automatically Collected Information

When you use our services, we automatically collect:

  • Usage Data: Pages visited, features used, time spent
  • Device Information: IP address, browser type, operating system
  • Cookies: See our Cookie Policy for details
  • Log Data: Access logs, error logs, security logs

3.3 Third-Party Information

We may receive information from third-party services you connect to our platform, such as:

  • OAuth providers (Google, GitHub, Microsoft)
  • Integration services (Notion, Airtable, MMFC, MCP)
  • Payment processors (Stripe)

4. How We Use Your Information

We use your information for the following purposes:

4.1 Service Delivery

  • Provide, maintain, and improve our services
  • Process transactions and manage your account
  • Authenticate users and prevent fraud
  • Deliver content and features you request

4.2 Communication

  • Send service-related notifications
  • Respond to your inquiries and support requests
  • Send marketing communications (with your consent)
  • Notify you of important changes to our services

4.3 Analytics and Improvement

  • Analyze usage patterns and trends
  • Improve user experience and platform performance
  • Develop new features and services
  • Conduct research and analytics

4.4 Legal Compliance

  • Comply with legal obligations
  • Enforce our terms of service
  • Protect our rights and prevent fraud
  • Respond to legal requests

5. Legal Basis for Processing

We process your personal data based on the following legal bases:

  • Contract: To provide services you have requested
  • Consent: For marketing communications and optional features
  • Legitimate Interests: For security, fraud prevention, and platform improvement
  • Legal Obligation: To comply with applicable laws and regulations

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

6.1 Service Providers

We share data with third-party service providers who perform services on our behalf:

  • Cloud infrastructure providers (data hosting)
  • Payment processors (Stripe)
  • Email service providers (SendGrid)
  • Analytics providers

These providers are bound by contractual obligations to protect your data.

6.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

6.3 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests.

6.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

  • Account Data: Until account deletion or 3 years after last activity
  • Content: Until content deletion or account deletion
  • Logs: 7 years (compliance requirement)
  • Backups: 30 days to 7 years (based on backup type)

For more details, see our Data Retention Policy.

8. Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) for EU to US transfers
  • GDPR-compliant data processing agreements
  • Encryption and security measures

9. Your Rights (GDPR)

Under GDPR, you have the following rights:

9.1 Right to Access (Article 15)

You have the right to request a copy of your personal data. You can export your data at any time using our data export endpoint.

9.2 Right to Rectification (Article 16)

You can update your personal information at any time through your account settings or by contacting us.

9.3 Right to Erasure (Article 17)

You can request deletion of your account and personal data. Submit a deletion request through your account settings or contact us. We will process your request within 30 days.

9.4 Right to Restrict Processing (Article 18)

You can request that we restrict the processing of your personal data in certain circumstances.

9.5 Right to Data Portability (Article 20)

You can request your data in a machine-readable format. Use our data export endpoint.

9.6 Right to Object (Article 21)

You can object to processing of your personal data for marketing purposes. Update your consent preferences in your account settings or contact us.

9.7 Right to Withdraw Consent (Article 7)

You can withdraw your consent at any time. Update your consent preferences in your account settings or contact us.

9.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your rights.

10. Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption at rest (AES-256-CBC) and in transit (HTTPS/TLS)
  • Role-based access control (RBAC)
  • Regular security audits and assessments
  • Secure authentication and session management
  • Regular backups and disaster recovery procedures

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

  • Email: privacy@lightclub.com
  • Address: [Your Business Address]

← Back to Home