LightYear Cloud Legal

Privacy Policy

LightYear Cloud is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your personal information when you use our services.

Last updated: April 12, 2026Effective: April 12, 2026

1. Overview

LightYear Cloud Ltd. ("LightYear," "we," "us," or "our") operates the LightYear Cloud platform at lightyear.host. This Privacy Policy describes how we collect, use, disclose, and protect information about you when you use our cloud infrastructure services, website, and related tools.

We are committed to transparency and giving you meaningful control over your data. If you have questions about this policy, please contact us at [email protected].

2. Information We Collect

2.1 Information You Provide

  • Account information: Name, email address, password (stored as a bcrypt hash), and company name when you register.
  • Billing information: Payment card details (processed and stored by Stripe; we do not store raw card numbers), billing address, and transaction history.
  • Support communications: Messages, attachments, and metadata from support tickets and emails you send us.
  • Profile information: Optional information such as profile photo, job title, or SSH public keys you add to your account.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, API calls made, server deployments, and other interactions with the Services.
  • Log data: IP addresses, browser type and version, operating system, referrer URLs, timestamps, and error logs.
  • Device information: Device type, screen resolution, and browser capabilities.
  • Performance data: CPU, memory, network, and storage metrics for your deployed instances (used to provide monitoring features).

2.3 Information from Third Parties

  • OAuth providers: If you sign in via a third-party OAuth provider, we receive basic profile information (name, email, profile photo) from that provider.
  • Payment processors: We receive confirmation of payment status and limited card metadata (last 4 digits, card brand, expiry) from Stripe.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Services.
  • Process payments and manage your account balance.
  • Send transactional emails (account confirmation, password resets, billing receipts, service alerts).
  • Send service announcements and maintenance notifications.
  • Respond to support requests and troubleshoot issues.
  • Monitor for and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations and enforce our Terms of Service.
  • Analyze aggregate usage patterns to improve our products (using anonymized or aggregated data).
  • Send marketing communications, where you have opted in to receive them.

We do not sell your personal information to third parties. We do not use your Customer Content (data stored on our infrastructure) for any purpose other than providing the Services.

4. Information Sharing

We share your information only in the following circumstances:

4.1 Service Providers

We share information with trusted third-party vendors who assist us in operating the Services, including: Stripe (payment processing), Resend (transactional email), cloud infrastructure providers, and analytics services. These providers are contractually bound to use your information only as directed by us and in accordance with this policy.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Services. Specifically:

  • Account data: Retained for the duration of your account and for up to 90 days after account deletion.
  • Billing records: Retained for 7 years to comply with financial regulations.
  • Server data and snapshots: Deleted within 30 days of service termination.
  • Log data: Retained for up to 90 days for security and debugging purposes.
  • Support communications: Retained for 3 years after resolution.

You may request deletion of your account and associated data at any time by contacting [email protected]. We will honor deletion requests within 30 days, subject to legal retention requirements.

6. Data Security

We implement industry-standard security measures to protect your information, including:

  • TLS/SSL encryption for all data in transit.
  • AES-256 encryption for sensitive data at rest.
  • bcrypt hashing with 12 rounds for password storage.
  • Regular security audits and penetration testing.
  • Role-based access controls limiting employee access to customer data.
  • Multi-factor authentication for internal systems.
  • 24/7 security monitoring and incident response.

Despite our efforts, no security system is impenetrable. If you discover a security vulnerability, please report it responsibly to [email protected].

7. Cookies & Tracking

7.1 Cookies We Use

  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Analytics cookies: Help us understand how users interact with our platform (e.g., page views, feature usage). We use privacy-respecting analytics that do not track you across other websites.
  • Preference cookies: Remember your settings such as theme preference and dashboard layout.

7.2 Managing Cookies

You can control non-essential cookies through your browser settings. Disabling essential cookies will prevent you from using authenticated features of the Services.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information ("right to be forgotten").
  • Portability: Request a machine-readable export of your personal data.
  • Objection: Object to processing of your personal information for marketing purposes.
  • Restriction: Request restriction of processing in certain circumstances.
  • Withdrawal of consent: Withdraw consent for processing based on consent at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. If you are in the EU/EEA, you also have the right to lodge a complaint with your local data protection authority.

9. International Data Transfers

LightYear Cloud operates globally and may transfer your information to countries other than your country of residence. When we transfer personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Children's Privacy

The Services are not directed to children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have inadvertently collected information from a child, please contact us at [email protected].

11. Third-Party Services

Our Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you use in connection with our platform.

Key third-party services we use include:

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated "Last Updated" date and, where required by law, by sending you an email notification at least 14 days before the changes take effect.

Your continued use of the Services after the effective date of the revised policy constitutes your acceptance of the changes.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For EU/EEA residents, our Data Protection Officer can be reached at [email protected].

Questions about our policies?

Our legal team is happy to clarify anything in our policies.

Contact [email protected]