Privacy Policy

1. Introduction

GuidelightIQ ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at https://www.guidelightiq.com and our related services, applications, and platforms (collectively, the "Service").

Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

This Privacy Policy is incorporated into and subject to our Terms of Service.

2. Information We Collect

2.1 Information You Provide to Us

We collect information you voluntarily provide when you:

• Create an Account: Name, email address, and password
• Use the Service: Vault names, item names (metadata), and organizational preferences
• Contact Us: Any information you include in communications with us
• Subscribe to Paid Plans: Billing information processed through our third-party payment provider

2.2 Encrypted Vault Data

2.3 Information Collected Automatically

When you access the Service, we may automatically collect:

• Device Information: Device type, operating system, browser type, and version
• Usage Data: Pages visited, features used, time and date of visits, and interaction patterns
• Log Data: IP address, access times, and referring URLs
• Cookies and Similar Technologies: As described in Section 6 below

2.4 Information We Do NOT Collect

Due to our zero-knowledge encryption architecture, we do not have access to:

• Your encrypted vault item contents (account numbers, passwords, sensitive notes, etc.)
• Your master password or encryption keys
• The decrypted contents of any shared vault items

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Maintain the Service: To operate, maintain, and improve our platform
• Account Management: To create and manage your account, authenticate your identity, and provide customer support
• Communications: To send you service-related notices, updates, security alerts, and support messages
• Process Transactions: To process subscription payments and manage billing
• Security: To detect, prevent, and address technical issues, fraud, and security threats
• Analytics: To understand how users interact with our Service and improve user experience
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

4. How We Share Your Information

We may share your information only in the following limited circumstances:

4.1 Service Providers

We may share information with third-party vendors and service providers who perform services on our behalf, such as:

• Cloud hosting and infrastructure providers
• Payment processors (for subscription billing)
• Email delivery services
• Analytics providers

These service providers are contractually obligated to protect your information and may only use it to provide services to us.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, such as:

• Court orders or subpoenas
• Government or regulatory agency requests
• Law enforcement investigations

Note: Due to our zero-knowledge encryption, we cannot provide access to your encrypted vault contents even if legally compelled, as we do not possess the decryption keys.

4.3 Business Transfers

If we are involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5. Data Security

We implement robust security measures to protect your information:

• Zero-Knowledge Encryption: Sensitive vault data is encrypted on your device before transmission using industry-standard encryption algorithms
• Transport Security: All data transmitted between your device and our servers is protected using TLS/SSL encryption
• Access Controls: Strict access controls limit who can access our systems and data
• Multi-Factor Authentication: Optional MFA adds an additional layer of security to your account
• Regular Security Audits: We regularly review and update our security practices
• Secure Infrastructure: Our servers are hosted in secure, industry-standard data centers

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to implementing and maintaining appropriate safeguards.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of the Service.

6.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function properly, including authentication and session management
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how visitors interact with the Service

6.2 Your Cookie Choices

Most web browsers allow you to control cookies through their settings. You can typically:

• View what cookies are stored on your device
• Delete some or all cookies
• Block cookies from being set
• Configure your browser to notify you when cookies are being set

Please note that disabling essential cookies may affect the functionality of the Service.

7. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.

• Account Data: Retained while your account is active and for a reasonable period thereafter
• Vault Data: Retained until you delete it or close your account
• Usage Logs: Typically retained for 90 days for security and operational purposes
• Backup Data: May be retained in encrypted backups for a limited period for disaster recovery

When you delete your account, we will delete or anonymize your personal information within a reasonable timeframe, except where we are required to retain it for legal, regulatory, or legitimate business purposes.

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

8.1 General Rights

• Access: Request a copy of the personal information we hold about you
• Correction: Request that we correct inaccurate or incomplete information
• Deletion: Request that we delete your personal information, subject to legal retention requirements
• Portability: Request a copy of your data in a portable format
• Objection: Object to certain processing of your personal information

8.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and disclose
• Right to request deletion of your personal information
• Right to opt-out of the sale of personal information (note: we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

8.3 European Residents (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to access, rectify, or erase your personal data
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

8.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@guidelightiq.com. We will respond to your request within the timeframe required by applicable law.

9. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@guidelightiq.com.

If we discover that we have collected personal information from a child under 18, we will take steps to delete that information as soon as possible.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer personal information internationally, we implement appropriate safeguards to protect your information in accordance with applicable law, including standard contractual clauses approved by relevant authorities.

11. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access.

We are not responsible for the privacy practices or content of third-party websites or services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

• Update the "Last Updated" date at the top of this Privacy Policy
• Notify you by email (if you have provided an email address) for material changes
• Post a prominent notice on the Service

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at: