Privacy Policy

1. Who we are

Light in the Dark Analytics LLC(“we,” “us,” or “our”), a Pennsylvania limited liability company with its principal place of business at 1310 Twin Stacks Dr, Dallas, PA 18612, operates the Referral Reminders web application (the “Service”). This Privacy Policy explains what personal information we collect, how we use it, with whom we share it, and the rights you have.

2. Information we collect

Account data

• Name, email address, and hashed password when you sign up with email
• OAuth identifiers from Google or Microsoft — including display name, email, and profile picture URL — when you sign in via those providers

Content you enter

• The short “asks” you write on your profile describing what you need
• Connections you form with other users, including approved, pending, and declined status and the date of each request
• External partner contacts you add — first name, last name, email, phone, and company of third parties you wish to remember. You are responsible for having a lawful basis to store this information (see Section 7)
• Digest preferences, including days of the week and time zone
• Pending invites (emails of people you have invited but who have not yet signed up)

Billing data

• Stripe customer ID, subscription ID, subscription status, and current period end
• We do not store credit-card numbers or other payment-instrument data. Payment information is collected and processed directly by Stripe

Consent records

• For each policy you accept (Terms, Privacy, marketing communications), we record the consent type, whether you consented, the policy version, your IP address at the time, and the timestamp. We retain this to demonstrate compliance

Automatically collected data

• Server logs including IP address, user-agent, request paths, and timestamps, held by our hosting provider for security and debugging
• If you have accepted analytics cookies (see our Cookie Policy), product-analytics events describing pages you visit and features you use
• If the application encounters an error while you are using it, an error report containing the error type, stack trace, and a short session replay (with text and inputs masked) may be sent to our error-monitoring provider

3. How we use your information

• Create and secure your account, authenticate requests, and prevent abuse
• Display your asks, connections, and external partners inside the app
• Send scheduled digest emails at the days and times you have chosen
• Send transactional emails such as connection invites, receipts, password resets, and security notifications
• Process subscription payments through Stripe
• Diagnose and fix errors in the application
• Measure how the Service is used so we can improve it
• Comply with legal obligations and enforce our Terms of Service

4. Legal bases for processing

• Performance of a contract. Providing the Service you signed up for, including accounts, connections, digests, and billing
• Consent. Marketing emails and non-essential analytics cookies. You may withdraw consent at any time
• Legitimate interests. Fraud prevention, security, error monitoring, product improvement, and keeping the Service running. You may object as described in Section 8
• Legal obligation. Tax and accounting records related to paid subscriptions

5. Service providers with whom we share data

We use the following providers to operate the Service. Each processes personal information on our behalf under a written data-processing agreement.

• Clerk(authentication) — stores account information including name, email, password hash, OAuth identities, and session data
• Neon(managed Postgres database) — stores application data including connections, asks, subscriptions, and digest preferences
• Fly.io(application hosting) — processes HTTP requests and holds server logs
• Upstash(Redis rate limiting and QStash scheduling) — stores short-lived rate-limit counters and schedules hourly digest dispatch
• Stripe(payments) — collects and processes all payment-instrument data; receives subscription metadata from us
• Resend(transactional email) — sends digest emails, connection invites, and system notifications on our behalf
• Sentry(error monitoring) — receives error reports and masked session replays when the application encounters errors
• PostHog(product analytics) — receives pageview and event data if you have accepted analytics cookies and we have configured analytics
• Google and Microsoft(OAuth sign-in) — authenticate you and share a minimal profile with us when you choose to sign in via their services

We do not sell your personal information. We may disclose personal information where required by law, court order, or lawful government request, and to protect the rights, property, or safety of Light in the Dark Analytics LLC, our users, or the public.

6. International transfers

The Service is operated from the United States. If you access the Service from outside the United States, your personal information may be transferred to, stored in, and processed in the United States and other countries where our service providers operate, which may have data-protection laws different from those of your country. Where required by law, transfers rely on the European Commission’s Standard Contractual Clauses or equivalent safeguards.

7. External partner contacts

The Service allows you to store contact information about people who are not users of the Service (“external partners”). When you upload information about a third party:

• You are the controller of that information, and we act as your processor with respect to it
• You must have a lawful basis to store it (for example, a pre-existing business relationship or the contact’s consent)
• You must honor any rights request the external partner exercises directly with you
• On request, we will help you export or delete any external partner data stored in your account

8. Your rights

Depending on where you live, you have some or all of the following rights:

• Access the personal information we hold about you
• Correct inaccurate or incomplete information
• Delete your personal information (“right to be forgotten”)
• Export your personal information in a portable format
• Object to or restrict processing based on our legitimate interests
• Withdraw consent at any time for processing that relies on consent
• Lodge a complaint with your local data-protection authority or the Pennsylvania Attorney General’s Office

To exercise any of these rights, email referral@lightinthedarkanalytics.com. We respond within thirty (30) days (or forty-five (45) days for California residents as required by the CCPA/CPRA). We may need to verify your identity before fulfilling a request.

9. California privacy rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act gives you the following additional rights:

• Right to know. Request the categories and specific pieces of personal information we have collected about you in the preceding twelve months
• Right to delete. Request deletion of personal information we collected from you, subject to exceptions
• Right to correct. Request correction of inaccurate personal information
• Right to opt out of sale or sharing. We do not sell personal information and do not share personal information for cross-context behavioral advertising. No opt-out is required because we do not engage in these activities
• Right to limit use of sensitive information. We do not use or disclose sensitive personal information beyond the limited purposes permitted under the CPRA
• Right to non-discrimination. We will not deny, charge a different price for, or provide a different level of service because you exercised a privacy right

Categories of personal information collected in the preceding twelve months: identifiers (name, email, IP address, account ID), commercial information (subscription status, billing history held by Stripe), internet or network activity (usage data, analytics events where consented), and inferences drawn from the above to provide the Service. Categories of sources: you, your browser, Clerk, Stripe, and our service providers. Business purposes of collection: providing the Service, billing, security, analytics (with consent), and legal compliance. We retain each category only as long as necessary for those purposes or as described in Section 11.

To exercise California rights, email referral@lightinthedarkanalytics.com. You may designate an authorized agent to make a request on your behalf; we will require written authorization and may still verify your identity directly.

10. Do Not Track

Some browsers transmit a “Do Not Track” signal. Our analytics provider, where configured, honors that signal by default. Beyond that, we do not currently respond to DNT signals because there is no uniform industry standard.

11. Data retention

We keep your account data for as long as your account is active. When you delete your account, we remove personal information within thirty (30) days, except:

• Consent records, retained for the longer of six (6) years or as legally required
• Billing records, retained for seven (7) years to meet tax and accounting obligations
• Anonymized or aggregated analytics data that cannot be linked back to you, which may be retained indefinitely
• Records necessary to comply with legal holds, resolve disputes, or enforce our agreements

12. Security

We protect your personal information with industry-standard measures, including TLS in transit, encryption at rest provided by our hosting and database providers, password hashing by Clerk, per-user rate limiting, access controls, and masked session replays. No system is perfectly secure. If a breach occurs that is likely to cause material harm to you, we will notify you and applicable authorities without undue delay.

13. Children

The Service is not intended for children under sixteen (16). We do not knowingly collect personal information from children under sixteen. If you believe we have collected information from a child under sixteen, contact us at referral@lightinthedarkanalytics.com and we will delete it.

14. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email and in-app, and the policy version and effective date above will change. Continued use of the Service after the effective date of the updated Policy constitutes acceptance.

15. Contact

Light in the Dark Analytics LLC
1310 Twin Stacks Dr, Dallas, PA 18612
Email: referral@lightinthedarkanalytics.com