Welcome to www.lightup.ai (“Site”), hosted by Lightup Data, Inc. (“Lightup”, “we”, “us” and/or “our”). Lightup provides data analytics services (“Services”). In order to provide our Site and Services (collectively, “Platform”), we collect personal data from our corporate customers (“Customers”).
Summary of Key Points
We collect and process personal information from visitors to our Site in connection with our Services.
Lightup collects personal information when you visit our Site, sign up for marketing communications, register as a Customer, and/or otherwise share information with us.
Lightup uses the personal information that you share or that we collect to provide our Platform, to enhance our Site, to market the Services to you, for security purposes, and to comply with applicable laws, regulations, and other legal requirements.
We do not sell the personal information that we collect. We do share personal information with certain authorized third parties (including our Customers), but only in connection with providing our Site and Services.
Who We Are and How To Contact Us
Lightup is a Delaware corporation with the following contact information:
Lightup Data, Inc.
800 W El Camino Real, Suite #180, Mountain View, CA 94040
For users in the EEA and the U.K., note that we may collect your personal data as a ‘data controller’ when we determine the means and purpose of processing, such as when we process the personal data of our Site Visitors and/or Customers.
We otherwise process personal data as a ‘data processor’ when we collect and process End User personal data on behalf of our Customers who use our Services. In other words, with respect to personal information that we process in order to provide Services to our Customers, we are acting as a service provider. Customer End Users may click here for more information.
To Whom Does This Policy Apply
Customers: as noted above, this includes any individual who registers individually or on behalf of an entity or organization in order to use the Services.
Site Visitors: visitors to our Site, including those who request a demo or opt in to receive commercial communications from Lightup. This does not include any visitors to our Customers’ individual websites.
Customer End Users
If you have reason to believe that a child under the age of 18 has provided personal data to Lightup through the Platform, please contact email@example.com and we will endeavor to delete such information from our systems.
Customers are responsible for ensuring compliance with applicable rules where the personal information of children is collected and transmitted.
What Information Do We Collect
What personal information we collect and process depends on how and why you use our Platform. Generally, we process personal information that we receive:
Directly from you when you provide it to us, such as in connection with our Services.
Indirectly, through automated technologies such as cookies, or from third parties.
On behalf of our Customers, when we process the personal data of their Customer End Users as part of our Services.
Information We Collect Directly From You
You can generally visit our Site without having to submit any personal information. If you request more information, or sign up for marketing communication and/or our Services, we will collect personal information as follows.
Marketing Communications or Demo Requests. When you request a demo or sign up for marketing communications we collect the following information:
First and last name
Work email address
Customer Account Information. When you register for a Lightup Customer account (including when you join for free) we request the following information:
First and last name
Communications. When you communicate with us, we collect information, including what’s contained in those communications.
Information We Collect Indirectly
Device and Usage Information
When you use or interact with our Site, even if you do not have an account, we, or authorized third parties engaged by us, may automatically collect information about your use of the Site via your device, some of which is considered personal information. “Device and Usage Information” that we collect consists of:
Information About your Device: information about the devices and software you use to access the Site – primarily the internet browser or mobile device that you use, the website or source that linked or referred you to the Site, your IP address or device ID (or other persistent identifier that uniquely identifies your computer or mobile device on the Internet), the operating system of your computer or mobile device, device screen size, and other similar technical information.
Usage Information: information about your interactions with the Platform, including access dates and times, hardware and software information, device event information, log data, crash data, cookie data. This information allows us to understand the screens that you view, how you’ve used the Site (which may include administrative and support communications with us), and other actions on the Site. We, or authorized third parties, automatically collect log data when you access and use the Platform, even if you have not created an account or logged in. We use this information to administer and improve the Services, analyze trends, track users’ use of the Platform, and gather broad demographic information for aggregate use.
Location Information: based on Device and Usage Information, we are also able to determine general location information (“Location Information”).
Cookies and Similar Technologies
Information from Customers and Third Parties
We process personal information from third parties, which consists of data from our Customer End Users, as well as information from our CRM service. What we collect from Customer End Users, how we access the data and how we use it is subject to our Customers terms and privacy policies.
Information We Process on Behalf of Our Customers
As noted above, our Services consist of data analytics for our Customers. These Customers may collect personal information from Customer End Users in connection with the products or services that they offer to Customer End Users and make some information – at their discretion – available to us in order to provide the Services. Such information is stored on our Customers’ systems or in the cloud, and our Customers are responsible for any personal information they collect.
With the information that we collect (or that is collected by our third-party analytics services, such as Google Analytics), we generate and process aggregated information, such as statistical or demographic data (“Aggregated Information”). For example, we may track the total number of visitors to our Platform, track the number of visitors to each page of our Site. We aggregate this data to calculate the percentage of users accessing a specific feature of the Platform and analyze this data for trends and statistics. We do the same with the data that we process on behalf of our Customers.
Aggregated Information may be derived from personal data, but is not considered personal data if it does not directly or indirectly reveal your identity. However, if we or our third-party analytics service providers combine or connect Aggregated Information with your personal data such that it can directly or indirectly identify or re-identify you, we treat the combined data as personal data.
Marketing and Advertising
If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by clicking visiting https://www.youronlinechoices.com/ or https://optout.networkadvertising.org/?c=1 or set your browser to block cookies. Please note that opting-out does not opt you out of being served generic ads.
How We Use Personal Information That We Collect
We use your personal information for a number of different reasons, as further explained below.
In addition, for individuals located in the EEA and the U.K. and when we act as the data controller, we must have a valid legal basis in order to process your personal data. The main legal bases under the European Union’s General Data Protection Regulation (GDPR) that justify our collection and use of your personal information are:
Performance of a contract – When your personal information is necessary to enter into or perform our contract with you.
Consent – When you have consented to our use of your personal information via a consent form (online or offline).
Legitimate interests – When we use your personal information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
Legal obligation – When we must use your personal information to comply with our legal obligations.
Legal claims – When your personal information is necessary for us to defend, prosecute or make a claim.
Below are the general purposes and corresponding legal bases (in brackets) for which we may use your personal information:
Providing you access to and use of the Site and Services [depending on the context, performance of a contract, legitimate interests, and in some cases, legal claims]
Responding to your queries and requests, or otherwise communicating directly with you [depending on the context, performance of a contract, legitimate interests, and in some cases, legal claims]
Improving the content and general administration of the Platform, including system maintenance and upgrades, enabling new features and enhancing both Site visitor and Customer experience [legitimate interests]
Detecting fraud, illegal activities or security breaches [legitimate interests]
Providing our Services to our Customers [depending on the context, performance of a contract or legitimate interests]
Ensuring compliance with applicable laws [compliance with a legal obligation]
Conducting statistical analyses and analytics by monitoring and analyzing trends, usage, and activities in connection with the Platform [consent where required (e.g. 3rd –party cookies), or legitimate interests]
Increasing the number of customers who use our Platform through marketing and advertising, including sending commercial communications, in line with your communication preferences, [consent where required, or legitimate interests]
When We Share Information
We only disclose your personal information as described below.
Third-Party Service Providers
Lightup discloses users’ information to our third party agents, contractors, or service providers who are hired to perform services on our behalf. These companies do things to help us provide the Site and Services. Below is an illustrative list of functions for which we may use third-party service providers:
Hosting and content delivery network services
Marketing and social media partners
Functionality and debugging services
Professional service providers, such as auditors, lawyers, consultants, accountants and insurers
As we continue to grow, we may purchase websites, applications, subsidiaries, other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities and/or sell assets or stock, in some cases as part of a reorganization or liquidation in bankruptcy. As part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation or other corporate reorganization in which Lightup participates, or to a purchaser or acquirer of all or a portion of Lightup’s assets, bankruptcy included.
When we act on behalf of our Customers (as a data processor), we may process Customer End Users’ personal information to our Customers in order to comply with their requests, Customer End Users’ requests and/or regulator requests, among others.
We also provide our Customers with aggregated information that does not identify Customer End Users directly, in order to provide information about usage, demographics (such as location) or other general information.
We share aggregated, automatically-collected or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) for business or marketing purposes; (iii) to assist us and other parties in understanding our users’ interests, habits and usage patterns for certain programs, content, services, marketing and/or functionality available through the Platform. We do not share personal information about you in this case.
Legal Obligations and Security
In the unlikely case that we are required to disclose personal information by law, such as pursuant to a subpoena, warrant or other judicial or administrative order, our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty). Note that if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), to be determined on a case-by-case basis.
Social Media Plugins
We use social media plugins on our Site and include icons that allow you to interact with third-party social networks such as LinkedIn, Twitter and Facebook. For example, you may “like” us on Facebook or follow us on Twitter. The third-party social plugin may set a cookie when your browser creates a connection to the servers of such social networks and the plugin may transmit your personal information to the social networks. Your use of these social plugins is subject to the privacy policies of the third-party social networks.
“Do Not Track”
Lightup does not respond to Do Not Track (“DNT”) browser signals. For more information on DNT settings generally, please visit https://allaboutdnt.com.
How to Change Your Communication Preferences
To keep your information accurate, current, and complete, please contact us at firstname.lastname@example.org. We will take reasonable steps to update any information in our possession that you have previously submitted via the Platform.
Note that you may also manage your communications preferences and the receipt of any commercial communication by clicking the “unsubscribe” link included at the bottom of all emails from Lightup. You may also adjust your preferences through your account settings if you have a Lightup account, or send an email to email@example.com.
How Long Do We Keep Your Personal information?
We use the following criteria to determine our retention periods:
The amount, nature and sensitivity of your information
The reasons for which we collect and process the personal data
The length of time we have an ongoing relationship with you and provide you with access to our Platform
Applicable legal requirements.
We retain personal information for as long as needed to provide our Services. Note, however, that with respect to our Customers with active accounts, we may retain certain essential account information, but otherwise regularly delete other information that is less essential to the provision of our Services in order to minimize our storage of data.
We also will retain personal information that we’ve collected from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax or accounting requirements). Additionally, we cannot delete information when it is needed for the establishment, exercise or defense of legal claims (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we no longer have an ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible. When we choose to anonymize personal data, we make sure that there is no way that it can be linked back to you or any specific user.
Data Security And Integrity
We take steps that are reasonably necessary to securely provide our Platform. We have put in place reasonably appropriate security measures designed to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. We limit access to personal data only to those employees, agents, contractors and the third parties who have a business need-to-know.
Notwithstanding, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from the Services may not be secure. Therefore, take special care in deciding what information you send to us via email. For any questions about the security of your information, please contact firstname.lastname@example.org.
Lightup is a United States Delaware corporation with primarily storage of your information in the United States and the EEA. To facilitate our global operations, we may process personal information from around the world, including from other countries in which Lightup has operations, in order to provide the Platform.
If you are accessing or using our Platform or otherwise providing personal information to us, you are agreeing to the processing of your personal information in the United States and other jurisdictions in which we operate.
If you are a Customer, you are responsible for informing your Customer End Users of how and where their personal data will be processed at the time of collection.
Additional Information for Users in the EEA and the U.K.
If the GDPR applies to you because you are in the EEA or the U.K., you have certain rights in relation to your personal data:
The right of access – your right to request a copy of the personal data we hold about you (also known as a ‘data subject access request’)
The right to rectification – your right to request that we correct personal data about you if it is incomplete or inaccurate (though we generally recommend first making any changes in your Account Settings)
The right to erasure (also known as the ‘right to be forgotten’) – under certain circumstances, you may ask us to delete the personal data we have about you (unless it remains necessary for us to continue processing your personal data for a legitimate business need or to comply with a legal obligation as permitted under the GDPR, in which case we will inform you)
The right to restrict processing – your right, under certain circumstances, to ask us to suspend our processing of your personal data
The right to object – your right to object to us processing your personal data (for example, if you object to us processing your data for direct marketing)
Rights in relation to automated decision-making and profiling – our obligation to be transparent about any profiling we do, or any automated decision-making
These rights are subject to certain rules around when you can exercise them.
Customers and Site visitors in the EEA or the U.K.
If you are located in the EEA or the U.K. and you are a Customer or have registered for a demo or marketing communications, and wish to exercise any of the rights set out above, you may contact us at email@example.com using the term “DSR” as your email subject line.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under those circumstances.
If we cannot reasonably verify your identity, we will not be able to comply with your request(s). We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Note that this is especially true when you engage a third party to assist you in exercising your rights.
We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law. In addition, we will always balance your rights against those of other data subjects in connection with any requests, and in some cases this may require us to redact our responses or deny a request.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first.
Customer End Users in the EEA or the U.K.
Lightup has no direct relationship with Customer End Users. Our Customers are solely responsible for ensuring compliance with all applicable laws and regulations with respect to their Customer End Users, and this includes handling all data subject requests. We rely on our Customers to comply with the underlying legal requirements and respond directly to Customer End Users when Customer End Users wish to exercise the rights set forth above. However, if an End User sends a request to Lightup to access, correct, update, or delete his/her information, or no longer wishes to be contacted by a Customer that uses our Services, we will direct that End User to contact the Customer’s website(s) with which he/she interacted directly, and cooperate with our Customers as required by applicable law in order to ensure that our Customers satisfy their Customer End Users’ requests.
TERMS OF SERVICE EFFECTIVE AUGUST 4th, 2020