Privacy Policy

Effective Date: 2026-04-30 | Last Updated: 2026-06-10

Laight AI Inc. ("Laight AI", "we", "us", or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website (https://laight.ai), use our services (https://app.laight.ai), or interact with us in any way (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Who We Are

Laight AI Inc. is a company that provides digital advertising performance analytics services. We help advertisers connect to digital advertising platforms (such as Meta, Google, TikTok, and others) via official APIs, ingest performance data through our proprietary ETL pipeline, and deliver analytical insights to optimize advertising performance.

  • Company Name: Laight AI Inc.

  • Website: https://laight.ai

  • Service Name: Laighthouse by Laight AI

  • Service website: https://app.laight.ai

  • Contact Email: contact@laight.ai

  • Address: H101, Offices 904-905, Cheongsu 5-ro, Dongnam-gu, Cheonan-si, Chungcheongnam-do, Republic of Korea 31157

2. Information We Collect

We collect the following categories of information:

2.1 Information You Provide Directly

  • Account Information: Name, email address, company name, job title, and password when you register an account.

  • Billing Information: Payment details, billing address, and tax information processed through trusted third-party payment processors.

  • Communications: Information you provide when you contact us, request support, or respond to surveys.

2.2 Information Collected Automatically

  • Usage Data: Pages viewed, features used, click activity, session duration, and referral URLs.

  • Device & Log Data: IP address, browser type, operating system, device identifiers, and timestamps.

  • Cookies and Similar Technologies: As described in our Cookie Policy section below.

2.3 Information Collected via Third-Party Advertising Platforms

With your explicit authorization (for example, through OAuth-based login on Meta, Google, or other advertising platforms), we access and process advertising performance data via official APIs, including but not limited to:

  • Ad account IDs, campaign, ad set, and ad-level metadata

  • Performance metrics such as impressions, clicks, conversions, spend, CTR, CPM, CPA, and ROAS

  • Audience and creative metadata (non-personal, aggregated)

With your explicit authorization via Google OAuth, we access and process your Google Ads account IDs, campaign metadata, performance metrics (e.g., impressions, clicks, spend), and/or Google Analytics property data, including website traffic, conversion, and user behavior metrics retrieved via the Google Analytics Data API.

We do not collect end-user personally identifiable information (PII) of consumers who interact with your advertisements unless explicitly authorized and requested by you and permitted by the applicable platform's terms.

3. How We Use Information Collected

We use the information we collect for the following purposes:

  • To provide, operate, and maintain our Services

  • To process advertising performance data through our ETL pipeline and generate analytics

  • To authenticate users and manage accounts

  • To process payments and transactions

  • To communicate with you regarding service updates, technical notices, and customer support

  • To improve, personalize, and develop new features and services

  • To detect, investigate, and prevent fraudulent or illegal activities

  • To comply with legal obligations

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal bases for processing your personal data include:

  • Contractual Necessity: To perform our agreement with you.

  • Legitimate Interests: To operate, secure, and improve our Services.

  • Consent: Where you have given clear consent (e.g., marketing communications, OAuth authorizations).

  • Legal Obligation: To comply with applicable laws and regulations.

5. How We Share Information

We do not sell your personal information. We may share information in the following limited circumstances:

  • Service Providers / Sub-processors: Cloud hosting (e.g., AWS, Google Cloud), data warehousing, analytics, customer support, and payment processing partners under strict confidentiality obligations.

  • Advertising Platforms: When you authorize, we exchange data with platforms such as Meta, Google, etc., solely to provide the Services.

  • Legal Compliance: When required by law, court order, or governmental authority.

  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.

  • With Your Consent: For any other purpose disclosed to and agreed by you.

-Exception for Google API Data: Notwithstanding any other provisions in this Privacy Policy, any data collected from Google APIs (including Google Analytics 4) will never be used or shared for third-party advertising, profiling, or data brokerage purposes.

6. International Data Transfers

Laight AI Inc. is headquartered in the Republic of Korea. Your information may be processed in countries outside your country of residence. We implement appropriate safeguards such as Standard Contractual Clauses (SCCs) to ensure your data is protected in accordance with applicable data protection laws.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce agreements. When data is no longer required, it is securely deleted or anonymized.

Typical retention periods:

  • Account data: For the duration of your active account, plus up to 3 years thereafter.

  • Advertising performance data: Up to 3 years, unless otherwise instructed by you.

  • Log data: Up to 12 months.

8. Data Security

We implement industry-standard technical and organizational safeguards, including:

  • Encryption in transit and at rest AWS's certified cloud environment

  • Role-based access controls and least-privilege principles

  • Regular security audits, vulnerability scans, and penetration testing

  • Secure software development lifecycle (SSDLC)

  • Employee training on data protection and confidentiality

While we strive to protect your information, no method of transmission or storage is completely secure.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access to your personal data

  • Correction of inaccurate or incomplete data

  • Deletion of your data ("right to be forgotten")

  • Restriction or objection to certain processing

  • Data portability

  • Withdrawal of consent at any time

  • Lodging a complaint with a supervisory authority

Data Deletion Instructions:

You maintain complete control over your connected platform accounts and data. You may revoke access or request data deletion at any time through the following methods:

  • Account Disconnection: You can disconnect your Google Analytics 4 (GA4), Google Ads, or Meta accounts from Laighthouse at any time directly through the platform's settings interface, or by revoking access within your respective Google or Meta Security Account settings.

  • Data Deletion Requests: Upon disconnecting an account, or upon your explicit request via contact@laight.ai, all cached or stored data retrieved from those platform APIs will be permanently deleted from our servers within 7 days.

To exercise any of these rights or if you have questions about your data, please contact us at contact@laight.ai. We will respond to and process all requests promptly and within the timeframes required by applicable law.

To exercise these rights, contact us at contact@laight.ai. We will respond within the timeframe required by applicable law.

10. Remedies and Dispute Resolution for Korean Data Subjects

If you are located in the Republic of Korea, you may seek consultation, dispute mediation, or report any infringement of your personal information rights to the following independent agencies. These organizations operate separately from Laight AI and provide neutral support for data subjects.

1) Personal Information Infringement Report Center (KISA) For reporting privacy violations and receiving advisory consultation regarding the misuse of personal information.

  • Website: https://privacy.kisa.or.kr

  • Phone: 118 (no area code required)

  • Scope: Reporting, consultation, and guidance on personal information breaches

2) Personal Information Dispute Mediation Committee (KOPICO) For civil-level mediation of disputes involving personal information, including collective disputes.

  • Website: https://www.kopico.go.kr

  • Phone: 1833-6972 (no area code required)

  • Scope: Mediation of individual and collective privacy-related disputes

3) Supreme Prosecutors' Office — Cybercrime Investigation Division For reporting criminal matters related to personal information, including unlawful access, hacking, or data theft.

4) Korean National Police Agency — Cyber Bureau For reporting cybercrimes such as identity theft, illegal data collection, or unauthorized use of personal information.

In addition, if your rights or interests have been violated due to actions or omissions by a public agency in connection with your personal information, you may file an administrative appeal under the Administrative Appeals Act. For further details, please refer to the Central Administrative Appeals Commission at https://www.simpan.go.kr.

For inquiries that can be resolved directly with Laight AI, we strongly encourage you to first contact our privacy team at contact@laight.ai, and we will make our best efforts to address your concerns promptly.

11. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to operate properly, analyze traffic, and improve user experience. You may manage cookie preferences through your browser settings. For more details, please refer to our Cookie Policy.

12. Children's Privacy

Our Services are not directed to children under 16. We do not knowingly collect personal data from children. If we become aware of such data, we will delete it promptly.

13. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these third parties.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by a revised "Last Updated" date. Material changes will be notified via email or through prominent notice on our Services.

15. Meta Platform Compliance

In accordance with Meta's Developer Policies, we explicitly state that Meta-derived data is used only for the purpose of providing advertising performance analytics to the respective user. We do not sell, license, or purchase any Platform Data. Furthermore, we do not use Meta Platform Data to build, improve, or train any machine learning or AI models without explicit separate consent.

The following Meta permissions are requested by Laighthouse and used as follows:

  • ads_read: To retrieve advertising performance metrics (impressions, clicks, conversions, spend, ROAS) for reporting and analytics dashboards shown to the authorizing user.

  • ads_management: To allow the authorizing user to create, edit, and manage their Meta ad campaigns from within the Laighthouse platform, with your explicit approval for each change.

  • business_management: To list and access the ad accounts and business assets the authorizing user has explicitly granted access to, enabling multi-account management.

No other Meta permissions are requested. Data retrieved via these permissions is used solely for providing the services described above to the individual client who explicitly authorized access.

Meta User Data Deletion Instructions

At Laighthouse, we value your data privacy and control. If you have connected your Meta account to our service and wish to remove our application's access or delete your stored data, please follow these steps:

① Go to your Meta/Facebook Account's Settings & Privacy. Click Settings.
② In the left menu, navigate to Apps and Websites.
③ Find Laighthouse and click Remove.
④ To request the erasure of any data stored inside the Laighthouse platform, please submit a deletion request directly to our support team at contact@laight.ai. We process all data erasure requests within 7 days in compliance with Meta's Platform Terms.

16. Google API Data Usage and Limited Use Policy Compliance

Laight AI’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, this includes read-only website performance metrics (such as sessions, conversions, traffic sources, and user behavior) accessed via the Google Analytics 4 (GA4) API as well as marketing performance data via the Google Ads API. We explicitly state that Google-derived data is used only for the purpose of providing advertising performance analytics, unified ROI reporting, and platform insights to the respective user.

We do not use Google Analytics data to serve advertisements or for any purpose other than providing the Laighthouse analytics service directly to the authorizing user.

We do not sell, license, or purchase any Google Platform Data. Furthermore, we do not use Google API data to build, improve, or train any machine learning or AI models without explicit separate user consent.

17. Contact Us

  • Email: contact@laight.ai

  • Postal Address: H101, Offices 904-905, Cheongsu 5-ro, Dongnam-gu, Cheonan-si, Chungcheongnam-do, Republic of Korea 31157

  • Personal Information Protection Officer: Sungjoo Kang, sung.kang@laight.ai