Privacy Policy

Last updated: May 24, 2026

LoLight AI ("LoLight", "we", "us", "our") is operated by Strong Tower Media LLC in Texas, United States. This policy describes what we collect, how we use it, and the choices you have. It applies to your use of lolight.ai and any service we provide through it.

Plain-English summary: we collect what we need to run the advisor, we do not sell your data, you can export or delete everything at any time, and the third parties listed below are the only places your information goes.

1. What we collect

Account information. Your email address, a hashed password (we never store passwords in plain text), and — if you sign in with Google — the basic profile information Google returns (name, email, profile picture URL).
Business profile. The information you provide during onboarding and updates: industry, business size, goals, pain points, tools you use, your self-reported AI familiarity, and any free-text notes you add.
Conversations. The messages you exchange with the advisor, including any artifacts the advisor generates from those conversations (action plans, profile updates).
Documents. Files you upload to give the advisor more context (PDFs, spreadsheets, text files, images). These are stored privately in your account.
Usage and operations data. Timestamps, error reports, request logs (with a correlation ID), and aggregated counts of feature usage. Used to debug and improve the service.
Beta feedback. If you submit feedback through the in-app "Feedback" button during the beta, we store your message, the category you selected, an optional 1–5 rating, and the page you were on when you submitted.
Payment information (post-beta). When the paid plan activates, payment details are handled by Stripe. We do not store or have access to your card number. We receive only a customer ID, subscription status, and billing period.

2. How we use it

To run the advisor: load your business profile into every conversation so the advice is specific to your business.
To send service emails: weekly recap, important account notifications, and transactional messages (password reset, billing).
To improve the product: debug bugs, evaluate response quality, prioritize features based on actual usage. We use aggregated and de-identified data where possible.
To process payments (post-beta) and manage your subscription.
To enforce our Terms of Service and comply with legal obligations.

We do not sell your personal information. We do not use your conversations or documents to train models for general public use.

3. Third parties

These are the only third parties that receive your information, and only for the specific purpose listed. Each operates under its own privacy policy.

Anthropic — processes your conversations to generate advisor responses. Anthropic's privacy policy. We use the API, not consumer Claude — your data is not used to train Anthropic's public models.
Supabase — hosts our database, authentication, and document storage. Supabase's privacy policy.
Stripe (post-beta) — processes payments and stores card details. Stripe's privacy policy.
Resend — delivers our service emails. Resend's privacy policy.
Google (only if you choose to sign in with Google) — provides authentication. Google's privacy policy.

4. Cookies and local storage

We use one HttpOnly session cookie (lolight_token) to keep you signed in. We do not use third-party advertising cookies or cross-site trackers. The site stores a small amount of profile information in your browser's local storage to make the first-paint feel faster after sign-in; clearing your browser data removes it.

5. Your rights

You can:

Access the data we have about you from the Profile page.
Export a complete copy of your data (profile, conversations, documents) using the export button on the Profile page.
Correct or update your profile information at any time.
Delete your account, which permanently removes your profile, conversations, documents, and any active subscription. This action cannot be undone.
Contact us at support@lolight.ai for any privacy question or to exercise rights under applicable laws (GDPR, CCPA, or other regional regulations where they apply).

6. Data retention

We keep your data while your account is active. When you delete your account, we delete your profile, conversations, documents, and beta feedback within 30 days, except where we are required by law to retain certain records (for example, financial records related to past charges, which Stripe and we may retain for up to seven years for tax and compliance purposes).

7. Security

We use HTTPS for all traffic, store data in regions with industry-standard security practices, and follow the principle of least privilege internally. Passwords are hashed using bcrypt. Session tokens are stored in HttpOnly cookies and have a limited lifetime. No system is perfectly secure; if we become aware of a breach that affects your data, we will notify you in line with the law of the jurisdiction in which you are based.

8. Children

LoLight is intended for business owners and is not directed at children under 18. We do not knowingly collect data from anyone under 18. If you believe a minor has provided information to us, contact support@lolight.ai and we will delete it.

9. International users

LoLight is operated from the United States. By using the service, you consent to the transfer and processing of your information in the United States, which may have different data protection laws than the country you live in. If you are in the European Economic Area or the United Kingdom, we rely on standard contractual clauses where applicable.

10. Changes to this policy

We may update this policy as the product evolves. When we make material changes, we will update the "Last updated" date above and, for significant changes, notify you by email or in the app. Continued use of LoLight after a change means you accept the updated policy.

11. Contact

Privacy questions, data requests, or anything that doesn't sit right with you: support@lolight.ai.