LightKeeper

Privacy Policy

Last Updated: January 4, 2026

This Privacy Policy describes how lightkeeper.cloud ("we," "us," or "the service") collects, uses, and protects your information in accordance with the General Data Protection Regulation (GDPR).

We operate as a self-employed individual (Recibos Verdes) in Portugal and comply with the requirements of the Portuguese data protection authority, CNPD (Comissão Nacional de Proteção de Dados).

1. Information We Collect

We only collect data that is necessary to provide our website performance monitoring services and comply with legal and tax obligations.

1.1 Data Provided by You:

  • Account Information: First name, last name, and email address used for registration, authentication, transactional notifications, and marketing communications.
  • Security Credentials: Passwords, which are stored in a secure, encrypted (hashed and salted) format. We do not have access to your plain-text password.
  • Profile and Billing Data:
    • Account type (Individual or Company).
    • VAT identification number (if applicable).
    • Country of residence, used to determine applicable taxes (IVA/VAT), regional settings, and compliance with local regulations.
  • Configuration Data: Website URLs and configuration parameters for performing Lighthouse performance tests.

1.2 Technical Data (Collected Automatically):

  • IP Address and User Agent: Collected for security purposes, fraud prevention, and technical analysis of requests.
  • Identifiers (User ID): We use anonymous unique identifiers to link user sessions. This data is only transmitted to Google Analytics 4 (GA4) if you have provided explicit consent.
  • Email Interaction Data: Our emails may contain tracking pixels (web beacons) that collect information about whether an email was opened and which links were clicked. This helps us measure the effectiveness of our communications and improve our services.

2. Legal Basis for Processing

We process your data based on the following grounds:

  • Contract Performance: To provide the SaaS services, manage your user profile, process payments, and send transactional communications (e.g., password resets, subscription updates, and invoices).
  • Legal Obligation: To comply with Portuguese tax laws (Autoridade Tributária e Aduaneira) regarding invoicing and VAT reporting.
  • Legitimate Interest: To ensure website security, analyze technical performance via Vercel Speed Insights, and track the delivery of critical service communications.
  • Consent: For marketing and analytical data collection through Google Analytics 4.

3. Third-Party Services and Data Transfer

To ensure the operation of our SaaS, we use reliable partners. Some of these partners may process data outside the EU (e.g., in the USA) while providing Standard Contractual Clauses (SCC) for data protection.

Infrastructure and Storage:

  • AWS (Amazon Web Services): Cloud computing and infrastructure provider. This infrastructure hosts our Performance runners, which directly measure website speed from specific geographic locations. The list of available testing regions depends on your subscription plan.
  • Supabase: User database, authentication management, and storage of performance reports, hosted on the AWS infrastructure in the eu-west-1 (Ireland) region.
  • Vercel: Hosting for the frontend and backend of the SaaS application, and Core Web Vitals monitoring.

Analytics and Monitoring:

  • Google Analytics 4: User behavior analysis (via Google Tag Manager).
  • Sentry: Error monitoring and code stability tracking.

Communications and Marketing:

  • MailerSend: Used for sending transactional and marketing emails.
  • Stripe Billing: Communications regarding your subscription, invoices, and payment receipts may be sent directly by us or through Stripe's automated systems.

Compliance and Payments:

  • CookieYes: Management of your cookie consent preferences.
  • Stripe: Payment processing and billing management. Your billing information (including VAT number and account type) may be stored on our servers and/or Stripe's secure infrastructure to facilitate recurring billing and tax compliance.

4. Consent Management (CookieYes & GA4)

We use CookieYes to manage your privacy preferences.

  • By default, all analytical cookies are blocked for users in the EU and UK.
  • The transmission of your User ID to Google Analytics 4 only occurs after you click the "Accept" button on the consent banner.
  • You can opt-out of marketing emails at any time by clicking the "Unsubscribe" link provided in each email.

5. Data Retention and Storage

Your personal information (Email, name, country, VAT number, and profile data) is stored in the AWS eu-west-1 (Ireland) region via our infrastructure and database providers.

  • Billing Data: In accordance with Portuguese tax law, we are required to retain billing information and invoices (which may include your name, address, and VAT number) for a period of 10 years.
  • Account Data: We retain other profile data as long as your account is active or as necessary to fulfill the purposes described in this policy.

6. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Right to Access: You can request a copy of your data.
  • Right to Rectification: You can update incorrect information.
  • Right to be Forgotten: You have the right to request the complete deletion of your account and all associated personal data (subject to legal retention requirements for billing).

How to Exercise Your Right to Deletion:

To delete all your data, please send a request to the following email address: denys@lightkeeper.cloud. We commit to processing your request within 30 days.

7. Contact Information

If you have any questions regarding this policy, please contact us:
Email: denys@lightkeeper.cloud
Location: Portugal