Privacy Policy

Last updated: February 28, 2026 · Version 1.0

LightningTrack ("we", "our", "us") operates lightningtrack.io (the "Service"). This Privacy Policy describes how we collect, use, and protect your information when you use the Service.

1. Data We Collect

• Account data: your name, email address, and password (hashed, never stored in plain text).
• Workspace data: issues, projects, comments, time entries, email sources, and settings that you create within your workspace. This data is stored in a dedicated database isolated to your workspace.
• Billing data: subscription plan and payment method details are handled by Stripe. We store only a Stripe customer ID and the last four digits of your card for display purposes.
• Usage data: server logs, API request metadata, and error reports used for debugging and service improvement. Logs are retained for 30 days.
• Cookies & sessions: we use server-side sessions to keep you logged in. No third-party tracking or advertising cookies are used.

2. How We Use Your Data

• To provide, operate, and improve the Service.
• To send transactional emails: account registration, password reset, team invitations, billing receipts.
• To send service notifications such as trial expiry reminders (you cannot opt out of these while on a trial).
• To investigate abuse, enforce our Terms of Service, and comply with legal obligations.

3. Data Isolation & Storage

Each workspace is stored in a separate, isolated database. There is no shared table between workspaces. Workspace data is stored on servers in the European Union / United States (depending on plan). Backups are encrypted at rest and retained for 30 days.

4. Data Retention

• Active workspaces: data retained indefinitely while a subscription is active.
• Cancelled subscriptions: workspace data is retained for 30 days after cancellation, then permanently deleted. You will receive an email reminder before deletion.
• Trial workspaces: if a trial expires without subscribing, data is retained for 14 days after expiry, then deleted.
• Account deletion requests: data is permanently erased within 30 days of the request.

5. Your Rights (GDPR / UK GDPR)

If you are in the EU or UK, you have the following rights:

• Access: request a copy of all data we hold about you and your workspace.
• Portability: export your workspace data as a JSON archive at any time via Settings → Privacy & Data.
• Erasure: request deletion of your workspace and all associated data via Settings → Privacy & Data → Delete Workspace. Deletion is executed within 30 days.
• Rectification: update your name and email in your account settings.
• Restriction / Objection: contact us at privacy@lightningtrack.io.

6. Data Sharing

We do not sell your data. We share data only with:

• Stripe — payment processing. See Stripe Privacy Policy.
• Infrastructure providers — our hosting provider(s) have access to server resources but are bound by data processing agreements.
• Law enforcement — only when legally required.

7. Security

We use TLS encryption in transit, database encryption at rest, hashed passwords (bcrypt), and separate tenant databases to prevent cross-customer data access. API keys are stored as SHA-256 hashes. Webhook signing secrets are stored in plain text in your workspace database (not the shared landlord database).

8. Cookies

We use a single session cookie to authenticate your browser session. No advertising, analytics, or third-party tracking cookies are used.

9. Contact

For privacy questions, data requests, or to exercise your rights, contact us at:
privacy@lightningtrack.io

© 2026 LightningTrack. All rights reserved. Terms of Service