Built for Growth.
Designed for Trust.

We turn signals into action while protecting your information with encryption, minimal data use, and transparent controls.

Privacy Policy

Lighthouse Insights Privacy Policy
Last updated: October 21, 2025

Who we are
Lighthouse Insights (“Lighthouse,” “we,” “us,” or “our”) provides evidence‑based growth intelligence for businesses. We unify your data (“MyData”) with market benchmarks (“MarketData”) to generate clear recommendations and actions. See the Whole Picture. Lead with Clarity.

Scope
This Policy explains how we collect, use, disclose, and protect information when you visit lighthouseinsights.io (the “Site”), use our products and services (the “Services”), or interact with us.

Roles

  • For Site visitors and our marketing operations, Lighthouse acts as a data controller.

  • For customer content processed in the Services, Lighthouse acts as a data processor under a Data Processing Addendum (see “Data Processing & AI Safety”).

  • For MarketData (e.g., public listings, SERPs, marketplaces, public reviews), Lighthouse acts as an independent controller of de‑identified or aggregated insights.

What we collect

  1. Site & Support data: device/usage data, cookies (essential, optional analytics), form submissions, and support communications.

  2. Customer Content (MyData) you connect or upload for use in the Services (e.g., your listings, site data, pricing, keywords).

  3. MarketData we lawfully collect from public sources to power benchmarks and insights—e.g., local listings (name/address/phone/website), SERP features, marketplace stock/rank, and public reviews. We analyze these to produce metrics such as Operational Stability, Prevalent Search, Market Rank, Service Availability, Listings Health (NAP), SERP Feature Coverage, Market Intent Mix, and Price/Value—all table‑first, benchmarkable outputs.

How we use information

  • Provide, secure, and improve the Services; generate benchmarks and insights; and support customers.

  • Comply with legal obligations and enforce terms.
    EU/UK lawful bases include performance of a contract, legitimate interests (e.g., analytics, service improvement balanced against your rights), consent (where required), and compliance with law. (Legitimate interests require a purpose test, necessity test, and balancing test.)

Public reviews & platform terms

  • We do not store full review text as a general rule. We de‑identify public reviews by stripping personal identifiers (e.g., names/handles) and storing short opinion snippets or aspect‑sentiment tags only—used to produce aggregate metrics and trends. Where a minimal excerpt is kept, we cap it to brief snippets and maintain the source reference; we do not republish complete reviews.

  • We respect platform terms. For Google Places/Maps, we follow Places API policies/attribution and service‑specific terms (e.g., restrictions on use and mixing with non‑Google maps). For Yelp, we do not scrape or republish content contrary to Yelp terms; where allowed, we use official APIs/licensed providers.

AI use—no model training on your data or on researched MarketData
We do not use your Customer Content or researched MarketData to train our or third‑party foundation models. When we use third‑party enterprise AI providers, we configure them not to use prompts/outputs for training (e.g., OpenAI enterprise/API, Google Vertex AI, Anthropic commercial/API).

US state privacy rights
If you are a resident of California, you have rights under the CCPA/CPRA (e.g., access, deletion, correction, opt‑out of sale/share, and to signal via Global Privacy Control). We honor user‑enabled GPC signals. Similar rights may apply in other states (e.g., CT, VA, UT).
Publicly available information: Under CPRA, certain publicly available information (including info a business reasonably believes is lawfully made available to the general public by the consumer or widely distributed media) is carved out from “personal information.” We work to process only what’s needed and de‑identify where possible.

Your choices

  • Opt‑out of sale/share (where applicable).

  • Manage cookies and analytics preferences.

  • Access/Correct/Delete your personal data or appeal a decision (for applicable states).

  • EU/UK: exercise GDPR rights (access, rectification, erasure, restriction, portability, objection).

International data transfers
We may transfer data to the United States and rely on Standard Contractual Clauses (SCCs) and/or the EU‑US Data Privacy Framework (DPF) when applicable. (DPF adequacy decision in force; upheld by the EU General Court.)

Security
We use AWS with encryption at rest (SSE‑S3/AES‑256 or SSE‑KMS) and encryption in transit (TLS 1.2+), plus least‑privilege IAM, logging/monitoring, and network controls. AWS maintains third‑party certifications (e.g., ISO/IEC 27001) and a shared responsibility model.

Retention
We retain personal data only as long as needed for the purposes above or as required by law, and then delete or de‑identify it.

Children
Our Site and Services are not directed to children under 13 (or 16 where applicable).

Contact
Email: privacy@lighthouseinsights.io (or use our contact form)
Mailing: [Your Company Legal Name], [Address]

Terms of Service

Lighthouse Insights Terms of Service
Last updated: October 21, 2025

Agreement
These Terms govern your access to and use of lighthouseinsights.io and our Services. By using the Site or Services, you agree to these Terms.

Eligibility & Account
You must be legally capable of forming a contract. You are responsible for your account credentials and all activity under your account.

Your Content; Our Services

  • Your Content (MyData): You retain ownership of Customer Content you submit. You grant Lighthouse a limited, revocable license to process it solely to provide the Services to you and as otherwise permitted in our Data Processing & AI Safety policy.

  • Derived Outputs: Metrics, benchmarks, and models we produce are Lighthouse IP; we grant you a license to use outputs internally, subject to these Terms.

Acceptable Use
You will not: (a) reverse engineer or misuse the Services; (b) upload unlawful or infringing content; (c) attempt to bypass platform/API terms (e.g., do not upload scraped Yelp data or use Google Places content in ways that violate their terms); (d) use the Services to generate or disseminate fake reviews or to gate/manipulate reviews; or (e) use outputs as the sole basis for decisions with legal or similarly significant effects without human review.

Fair Reviews & Testimonials
We follow the FTC Endorsement Guides/Consumer Reviews & Testimonials Rule and the Consumer Review Fairness Act (CRFA). You agree not to engage in fake, compensated‑without‑disclosure, or gated reviews; and you won’t restrict customers from posting honest reviews.

AI‑Specific Terms
We use AI to synthesize evidence; outputs can be wrong. You are responsible for validating critical decisions and complying with laws governing your use of outputs.

Platform Terms
If you connect third‑party platforms, you must comply with their terms (e.g., Google Maps/Places policies; Yelp API Terms).

Confidentiality & Security
We protect Customer Content using industry‑standard measures on AWS (encryption at rest/in transit; access controls). You must protect your credentials and promptly inform us of suspected misuse.

Fees; Trials
If applicable, fees are billed per order form. Trials may be limited and can be withdrawn.

Termination
Either party may terminate for material breach after notice and cure period. We may suspend accounts for misuse.

Warranty Disclaimer
TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SITE AND SERVICES ARE PROVIDED “AS IS.”

Limitation of Liability
We are not liable for indirect, incidental, special, consequential, or exemplary damages; our aggregate liability is limited to fees paid in the prior 12 months.

Governing Law & Disputes
[Select your governing law/jurisdiction]. Parties consent to exclusive jurisdiction of the courts located in [jurisdiction].

Changes
We may update these Terms; material changes will be notified.

Data Processing & AI Safety

Lighthouse Insights — Data Processing & AI Safety
Last updated: October 21, 2025

1) Roles & Definitions

  • Controller vs Processor: For Customer Content, Lighthouse acts as a processor and Customer is the controller. For Site data, Lighthouse is controller.

  • Personal Data: GDPR Art. 4(1). Special categories receive heightened protection. We avoid processing special categories unless required and lawfully justified.

2) Processing Details (Art. 28)

  • Subject matter & duration: Processing Customer Content for the term of your subscription.

  • Nature & purpose: Ingestion, analysis, benchmarking, and generation of insights/dashboards; support and security.

  • Categories of data: Business contact info, listing data (NAP+W), site/SEO/pricing/product signals, and public review snippets (de‑identified).

  • Data minimization: We avoid full review text, remove names/handles, and store short opinion spans for aspect‑based sentiment (ABSA).

  • Instructions: We process only on documented customer instructions.

  • Confidentiality: Personnel are under duty of confidentiality.

  • Subprocessors: See Exhibit B.

3) International Transfers

We use SCCs and/or rely on the EU‑US Data Privacy Framework adequacy decision; the DPF was upheld by the EU General Court (2025).

4) Security Measures (summary; Exhibit A for detail)

  • AWS encryption at rest (SSE‑S3/AES‑256 or KMS) and in transit (TLS 1.2+); access controls, logs/monitoring, backups, and vulnerability management. AWS maintains ISO/IEC 27001 and other certifications and operates under a shared responsibility model.

5) AI Safety & Model Governance

  • No training on your data or on researched MarketData: Lighthouse does not use Customer Content or MarketData to train our or third‑party foundation models.

  • Third‑party providers: When we use enterprise AI (e.g., OpenAI API/enterprise, Google Vertex AI, Anthropic commercial/API), we configure no‑training settings and respect providers’ commitments that customer inputs/outputs are not used to train models by default.

  • Human oversight: We require human review for high‑stakes use cases.

  • Anti‑manipulation: We prohibit using our Services (or agents) to generate fake reviews or violate platform rules; we follow FTC review rules and CRFA.

  • EU AI Act posture: Lighthouse provides analytics/advisory—not high‑risk systems—and implements transparency, risk management, and record‑keeping consistent with the AI Act’s framework and timelines.

6) Data Subject Requests & State Rights

We support access, correction, deletion, portability, and opt‑out of sale/share where applicable, including honoring Global Privacy Control. (CA OAG; CT/VA/UT AG resources).

Have a question?