Privacy Policy

1. Introduction

Nightowls, LLC, doing business as Lightning Logs ("Company", "we", "us", or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our logging and observability platform (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address (required for account creation and communication)
• Password (encrypted and stored securely)
• Account preferences and settings
• Billing information (processed through third-party payment processors)

2.2 Log Data

You may send log data to the Service, which may contain personally identifiable information (PII) or other sensitive data. We store and process this data on your behalf to provide the Service. The content of your logs is determined by you, and we do not control what information you include in your logs.

Log data may include, but is not limited to:

• Application logs, error messages, and debugging information
• User activity logs and system events
• Performance metrics and monitoring data
• Any other data you choose to send to the Service

2.3 Usage Data

We automatically collect information about how you use the Service, including:

• Volume of logs ingested
• API usage and request patterns
• Feature usage and interaction data
• Performance metrics and error rates

2.4 Technical Data

We collect technical information about your use of the Service, including:

• IP addresses and geolocation data
• Browser type and version
• Device information
• Cookies and similar tracking technologies (see Section 8)

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain the Service: Process and store your logs, enable search and analysis, and deliver features you request
• Manage your account: Authenticate users, process payments, and manage subscriptions
• Communicate with you: Send service-related notifications, respond to support requests, and provide important updates
• Improve the Service: Analyze usage patterns, identify and fix bugs, and develop new features
• Ensure security: Detect and prevent fraud, abuse, and security threats
• Comply with legal obligations: Meet legal requirements, respond to legal process, and protect our rights

We do not sell your personal information or log data to third parties. We do not use your log data for advertising or marketing purposes unrelated to the Service.

4. Data Storage and Encryption

We take data security seriously. All data stored in the Service is encrypted at rest using industry-standard encryption algorithms. Data transmitted to and from the Service is encrypted in transit using TLS/SSL.

Your log data is stored in secure, partitioned databases with access controls and monitoring. We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

5. Data Sharing and Third-Party Services

We share your information only in the following circumstances:

5.1 Service Providers

We use third-party service providers to help us operate the Service. These providers have access to your information only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose:

• Supabase: We use Supabase for database hosting, authentication, and edge function execution. Your data is stored in Supabase's infrastructure, which is subject to Supabase's privacy policy and security practices.
• Stripe: We use Stripe for payment processing. Payment information is handled directly by Stripe and is subject to Stripe's privacy policy. We do not store your full payment card information.
• Email Service Providers: We may use third-party email services (such as Resend or SendGrid) to send transactional and notification emails.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

5.3 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

6. Customer Responsibility for PII in Logs

Important: You may send log data to the Service that contains personally identifiable information (PII) or other sensitive data. You are solely responsible for:

• Ensuring that you have the legal right to collect and process any PII contained in your logs
• Obtaining all necessary consents and authorizations from individuals whose PII is included in your logs
• Complying with all applicable privacy laws and regulations, including but not limited to:
  • General Data Protection Regulation (GDPR) for EU residents
  • California Consumer Privacy Act (CCPA) for California residents
  • Health Insurance Portability and Accountability Act (HIPAA) for health information
  • Other applicable federal, state, and local privacy laws
• Implementing appropriate data minimization practices before sending data to the Service
• Notifying affected individuals in the event of a data breach involving their PII

While we encrypt data at rest and in transit, we are not a Business Associate under HIPAA and do not provide HIPAA-compliant services unless specifically agreed upon in a separate Business Associate Agreement. If you require HIPAA compliance, please contact us to discuss appropriate safeguards.

We are not responsible for your compliance with privacy laws or regulations. You agree to indemnify us against any claims arising from your failure to comply with applicable privacy laws.

7. Data Retention

Data retention periods vary based on your subscription plan:

• Free plans: 3 days
• Pro plans: 7 days
• Growth plans: 15 days
• Custom plans: As specified in your agreement

After the retention period expires, your log data may be automatically deleted. We may retain certain metadata and account information for longer periods as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

Upon account termination, we will delete your data within 30 days, except where we are required to retain data by law or for legitimate business purposes (such as resolving disputes or enforcing agreements).

8. Your Rights and Choices

You have the following rights regarding your personal information:

8.1 Access

You can access and update your account information at any time through your account settings. You can also request a copy of your personal information by contacting us.

8.2 Deletion

You can request deletion of your account and associated data at any time. We will delete your data in accordance with our data retention policies, subject to legal requirements.

8.3 Data Export

You can export your log data through the Service's API or by contacting us. We will provide your data in a standard format within a reasonable timeframe.

8.4 Opt-Out

You can opt out of marketing communications by clicking the unsubscribe link in our emails or by updating your preferences in your account settings. You cannot opt out of service-related communications (e.g., billing, security alerts).

8.5 California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Opt out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

To exercise these rights, please contact us using the information provided in Section 13.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Authenticate users and maintain session state
• Remember your preferences and settings
• Analyze usage patterns and improve the Service
• Provide security features

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of the Service.

We do not use third-party advertising cookies or tracking pixels for advertising purposes.

10. Security Measures

We implement a variety of security measures to protect your information:

• Encryption of data at rest and in transit
• Access controls and authentication mechanisms
• Regular security audits and vulnerability assessments
• Monitoring and logging of system access
• Employee training on data security and privacy

However, no security system is perfect, and we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and for any activity that occurs under your account.

Note: We are working toward SOC 2 Type II compliance, but we do not currently hold SOC 2 certification. If you require SOC 2 compliance, please contact us to discuss your specific requirements.

11. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

If you are between the ages of 13 and 18, you must have your parent's or guardian's permission to use the Service.

12. International Data Transfers

Currently, the Service is primarily designed for users in the United States. Your information may be stored and processed in the United States or other countries where our service providers operate.

If you are located outside the United States, please be aware that we may transfer your information to the United States and process it there. By using the Service, you consent to the transfer of your information to the United States.

We are working to expand our services globally and implement appropriate safeguards for international data transfers, including compliance with GDPR and other applicable regulations. If you have specific data residency requirements, please contact us.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date at the top of this page
• Sending you an email notification (for material changes)
• Displaying a prominent notice on the Service

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree to the changes, you must stop using the Service and may terminate your account.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

If you are located in the European Economic Area (EEA) and have concerns about our data practices, you also have the right to lodge a complaint with your local data protection authority.