Privacy Policy
This Privacy Policy describes how LightRun Platform Ltd. (including its affiliates) (D.B.A LightRun) (“LightRun”, “we” or “our”) collects, stores, uses and discloses Personal Data when you interact with us, including when you participate in any of our events, or visit or interact with any of our websites (each the “Website” and collectively the “Websites”), online ads and content, emails, sales and marketing channels, or communications under our control (“Sites”), or use the LightRun Platform or any other LightRun service, product or solution (“Products”, and together with the Sites, the “Services”). We believe that you have a right to know our practices regarding the Personal Data we may collect and use when you interact with us in any manner.
Please review this Privacy Policy carefully, and please use the information herein to make informed choices. If you have any concerns or questions about our privacy practices, please feel free to contact us.
Our Services are designed for businesses and are not intended for personal or household use. Accordingly, we treat all personal data covered by this Privacy Policy, including information about any visitors to our sites, as pertaining to individuals acting as business representatives, rather than in their personal capacity.
You are not legally required to provide us with any Personal Data. If you do not wish to provide us with your Personal Data, or to have it processed by us or any of our service providers, please do not provide it to us and avoid any interaction with us or with any of our Services.
Specifically, this Privacy Policy describes our practices regarding:
- Data Collection
- Data Uses
- Data Location and Retention
- Data Disclosure
- Cookies and Tracking Technologies
- Communications
- Data Security
- Data Subject Rights
- Roles & Responsibilities
- Opt Out of Sale/Sharing
- Additional Notices & Contact Details
1. Data Collection
When we use the term “Personal Data” or “personal information” in this Privacy Policy, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. It does not include aggregated or anonymized information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual.
We collect Personal Data regarding our Customers, Users and Prospects. Such data is collected and generated when you interact with us, automatically or directly from you or through third parties.
- Customer Data: Personal Data that we collect, process and manage on behalf of our business customers (“Customers”) through their use of the Products described on one or more applicable order forms or commercial agreements with the Customer.
We process such Customer Data on behalf of and under the instruction of the respective Customer, in accordance with the commercial agreement and our Data Processing Addendum. This Privacy Policy (which describes LightRun’s own privacy and data processing practices as we process data independently) does not apply to such processing done on our Customers’ behalf. To learn more about the privacy policies and practices of our Customers, please contact them, or your account administrator, directly.
- User Data: Personal Data relating to end users of our Products (e.g. Customers’ account administrators and authorized users of the Products on such Customers’ behalf, and any other individual using or invited to our Products (collectively – “Users”)).
- CRM & Prospect Data: Personal Data relating to our Customers’ internal focal persons who directly engage with LightRun concerning their LightRun account (e.g. billing contacts and authorized signatories), visitors of LightRun’s Sites, participants at events, webinars and other business and marketing activities that we organize or take part in, and any other existing or prospective User, Customer, partner or their respective representatives who visit or otherwise interact with our Services.
Specifically, depending on the nature of our relationship with you, we may process some or all of the following categories of personal data:
- Usage, login credentials, and device information automatically collected or generated: When you interact with our Services, we may collect or generate certain technical data about you. We automatically collect or generate such data either independently or with the help of third-party service providers (as detailed below), including through the use of “cookies” and other tracking technologies (as further detailed in Section 5 below). Such data consists of connectivity, technical and aggregated usage data, such as IP addresses and approximate location based on such IP address, device data (like type, OS, device ID, browser version, locale and language settings used), system and software details, activity logs, session recordings, click-stream and usage logs, log-in credentials to the Services, unique identifiers and similar data and information concerning log-in attempts, usage and use preferences regarding your use of the Services.
- Direct interactions and communications: Personal Data contained in any forms or inquiries that you may submit to us including support requests, written correspondence, feedback and testimonials received, sensory information including phone call and video conference recordings (e.g., with our customer experience or product consultants), as well as any free-form text or documentation you may choose to provide us. If you register as a Participant in any of our events, you may provide us with additional details such as your participation eligibility and preferences, your experience and any other relevant information.
- Contact, profile and other information: Such Personal Data includes contact and business details such as name, email, phone number, position, workplace and related business insights, contractual and billing details, as well as any expressed, presumed, declared or identified needs, preferences, attributes and insights relevant to our potential or existing engagement.
We collect this information directly from you, or from other sources and third parties such as our Customers as part of our commercial engagement. For example, if you participate in an event or webinar that we sponsor or participate in, we may receive your Personal Data from the event organizers. We may also receive your contact and professional details (e.g., your name, company, position, contact details and professional experience), from our business partners or service providers, and through the use of marketing and sales tools, data enrichment services, our sales and marketing partners, distributors, social media sites and analytics providers.
For the purposes of the California Consumer Privacy Act (“CCPA”), specifically in the last twelve (12) months, we have collected the following categories of personal information: Identifiers; Customer Record Information; Internet or other Electronic Network Activity Information; Geolocation Data; Professional or Employment-Related Information; and Inferences from Personal Information Collected. We do not use or disclose sensitive personal information as defined in the CCPA.
2. Data Uses
We use Personal Data as necessary for the performance of our Services; to comply with applicable law; as necessary for the performance of our contracts and agreements; and to support our legitimate interests, as further described below.
Specifically, we use Personal Data for the following purposes (and in reliance on the legal bases for processing noted next to them, as appropriate):
Customer and User Personal Data:
- To facilitate, operate, and provide our Services (Performance of Contract; Legitimate Interests);
- To verify the identity of our Users and Prospects, and to allow them access to our Services (Performance of Contract; Legitimate Interests);
- To provide our Customers and Users with assistance and technical support, and to diagnose or fix technical problems reported by them (Performance of Contract; Legitimate Interests);
- To evaluate and develop new features, technologies, and improvements to the Services (Legitimate Interests).
Customer, User and Prospect Personal Data:
- To gain a better understanding of how individuals use and interact with our Services, and how we can improve their and others’ user experience, and continue improving our products, offerings and the overall performance of our Services, including through the utilization and optimization of Artificial Intelligence and Machine Learning capabilities (Legitimate Interest);
- To facilitate and optimize our marketing campaigns, ad management and sales operations, and to manage and deliver advertisements for our products and services more effectively, including on other websites and applications. Such activities allow us to highlight the benefits of using our Services, and thereby increase your engagement and overall satisfaction with our Services. This includes contextual, behavioral and interests-based advertising based on your activity, preferences or other data available to us or to our business partners (Legitimate Interests; Consent);
- To further develop, customize and improve our Services, and to offer a better experience to our Customers, Users and Prospects, based on common or personal preferences, experiences and difficulties (Performance of Contract; Legitimate Interests);
- To contact our Users, Customers and Prospects with general or personalized service-related notices, informational materials and promotional messages (Performance of Contract; Legitimate Interests; Consent);
- To facilitate, organize, sponsor and offer certain events and promotions (Legitimate Interests);
- To monitor aggregate metrics and create aggregated statistical data, inferred non-personal data, or anonymized or pseudonymized data (rendered non-personal), which we, our Customers or business partners may use at our discretion, including to provide and improve our respective Services (Legitimate Interest);
- To enforce our Terms of Use (“Terms”), to resolve disputes, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties (Legitimate Interests);
- To support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of error, fraud or any illegal or prohibited activity (Performance of Contact; Legitimate Interests; Legal Obligation);
- To act as permitted by, and to comply with, any legal or regulatory requirements (Performance of Contract; Legitimate Interests; Legal Obligation).
If you reside or are using the Services in a territory governed by privacy laws under which “consent” is the only or most appropriate legal basis for processing Personal Data (in general, or specifically with respect to the types of Personal Data you choose to share via the Service), your acceptance of this Privacy Policy and the Terms will be deemed as your consent to the processing of your Personal Data for all purposes detailed in this Privacy Policy. If you wish to revoke such consent, please contact us by email at: privacy@lightrun.com.
3. Data Location and Retention
Data Location: Personal Data collected in accordance with this Privacy Policy may be maintained, processed and stored by LightRun and our authorized affiliates and Service Providers in the United States of America (“US”), in Israel and in other locations in which LightRun operates, and may be accessed from other jurisdictions as necessary for the proper delivery or performance of our Services or as may be required by law.
LightRun is headquartered in Israel, which is considered by the European Commission, the Swiss Federal Data Protection and Information Commissioner (“FDPIC”), and the UK Secretary of State to be offering an adequate level of protection for the Personal Data of residents of the EEA, Switzerland and the UK, respectively. We transfer personal data from the EEA, Switzerland and the UK to Israel on this basis.
For data transfers from the EEA, Switzerland or the UK to countries which are not considered to be offering an adequate level of data protection, we and the relevant data exporters and importers have entered into Standard Contractual Clauses as approved by the European Commission, FDPIC and UK Information Commissioner’s Office (”ICO”). You can obtain a copy by contacting us as indicated in Section 11 below.
Data Retention: We retain Personal Data for as long as we deem it reasonably necessary to maintain and expand our relationship and provide you with our Services and offerings; in order to comply with our legal and contractual obligations; or to protect ourselves from any potential disputes (i.e. as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use), all in accordance with our data retention policy.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and the applicable legal requirements. If you have any questions about our data retention policy, please contact us by email at privacy@lightrun.com.
4. Data Disclosure
We disclose Personal Data in the following ways:
Legal Compliance: We may disclose or allow government and law enforcement officials access to your Personal Data in response to a legal request, such as a subpoena, search warrant or court order (or similar requirement), or in compliance with applicable laws and regulations. Such disclosure or access may occur if we have a good faith belief that: (a) we are legally compelled to do so; (b) disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing or (c) such disclosure is required to protect our legitimate business interests, including the security of our Services.
Service Providers: LightRun engages selected third party companies and individuals to perform services complementary to our own (e.g. hosting services, data analytics services, marketing and advertising services, data and cyber security services, billing and payment processing services, fraud detection and prevention services, e-mail distribution and monitoring services, session recording, remote access services, website chat services, content and data enrichment providers, event production, and our business, legal and financial advisors (collectively, “Service Providers”)). Such Service Providers may receive or otherwise have access to your Personal Data, depending on each of their particular roles and purposes in facilitating and enhancing our Services and business, and may only use the data for such limited purposes as determined in our agreements with them.
Event Sponsors: if you attend an event or webinar organized by us, or download or access an asset on our Websites related to such an event, webinar or other activity involving third-party sponsors or presenters, we may disclose your Personal Data to them. If required by applicable law, you may consent to such disclosure via the registration form or by allowing your attendee badge to be scanned at a sponsor booth. In these circumstances, your Personal Data will be subject to the sponsors’ privacy statements. If you do not wish for your Personal Data to be disclosed, you may choose not to opt in via the event/webinar registration form or elect to not have your badge scanned, or you can opt out in accordance with Section 6 below.
Partnerships: We engage selected business partners, resellers, distributors and providers of professional services related to our Services, which allow us to explore and pursue growth opportunities by facilitating a stronger local presence and tailored experiences for our prospective and existing Customers and Users. In such instances, we may disclose relevant contact, business and usage details to the respective partner, to allow them to engage with those Customers and Users for such purposes. If you directly engage with any of our partners, please note that any aspect of that engagement which is not directly related to the Services and directed by LightRun is beyond the scope of LightRun’s Terms and this Privacy Policy, and may therefore be governed by the partner’s terms and privacy policy.
Protecting Rights and Safety: We may disclose your Personal Data with others, if we believe in good faith that this will help protect the rights, property or personal safety of LightRun, any of our Customers, Users or Prospects, or any members of the general public.
LightRun Subsidiaries and Affiliated Companies: We may disclose Personal Data internally within our group of companies, for the purposes described in this Privacy Policy. In addition, should LightRun or any of its subsidiaries or affiliates undergo any change in control, including by means of merger, acquisition or purchase of substantially all of its assets, your Personal Data may be disclosed to the parties involved in such event.
Additional disclosures: For the avoidance of doubt, LightRun may disclose your Personal Data in additional manners, pursuant to your explicit approval, if we are legally obligated to do so, or if we have successfully rendered such data non-personal, non-identifiable and anonymous. We may transfer, disclose or otherwise use non-personal and non- identifiable data at our sole discretion and without the need for further approval.
For the purposes of the CPPA, specifically in the last twelve (12) months, we may have disclosed to the third parties listed above the following categories of personal information: Identifiers; Customer Record Information; Internet or other Electronic Network Activity Information; Geolocation Data; Professional or Employment-Related Information; and Inferences from Personal Information Collected.
5. Cookies and Tracking Technologies
We and our Service Providers use cookies, pixels, tags and other technologies to provide and monitor our Services, to ensure that they perform properly, to analyze our performance and marketing activities, and to personalize your experience. Such cookies and similar files or tags may also be temporarily placed on your device. Certain cookies and other technologies serve to recall personal data, such as an IP address, as indicated by you. To learn more about our practices concerning cookies and tracking, please see our Cookie Policy.
We use Google Analytics to collect information about the use of our Sites. Google Analytics collects information such as how often you visit the Sites, which pages you visited when doing so, and which other sites you used prior to coming to our Sites. We do not merge the information collected through the use of Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to and use of the Sites is restricted by the Google Analytics Terms of Service and the Google Privacy Policy. You can learn more about how Google collects and processes data specifically in connection with Google Analytics here. Further information about your option to opt out of these analytics services is available here.
6. Communications
We engage in service and promotional communications, through e-mail, phone, SMS and notifications.
Service Communications: LightRun may contact you with important information regarding our Services. For example, we may notify you (through any of the means available to us) of changes or updates to our Services, billing issues, service maintenance or changes, password retrieval notices, etc. You will not be able to opt out of receiving such service communications while using our Services, as they are integral to such use.
Promotional Communications: If you request a demo, pricing or other query through the Website, we shall retain your contact details to communicate with you. Subject to applicable law, we may send you notifications concerning new features, offerings, events, and special opportunities or any other information we think you will find valuable. We may provide such notices through any of the contact means available to us, through the Services, or through our marketing campaigns on any other websites or platforms. We may transfer your contact details to our approved distributors to provide you with suitable offers in connection with our Services.
If you do not wish to receive such promotional communications, you may notify LightRun at any time by sending an e-mail to support@lightrun.com, or by following the “unsubscribe,” instructions contained in the promotional communications you receive.
7. Data Security
In order to protect your Personal Data held with us and our Service Providers, we are using industry-standard physical, procedural and electronic security measures, including encryption as appropriate. Please be aware that regardless of any security measures used, we cannot and do not guarantee the absolute protection and security of any Personal Data stored with us or with any third parties as described in Section 4 above.
8. Data Subject Rights
If you wish to exercise your rights under any applicable law, including the EU or UK General Data Protection Regulation (“GDPR”), the CCPA and similar US state laws, please send us an e-mail to privacy@lightrun.com. Such rights may include, to the extent applicable to you under the laws that apply to you, the right to know/request access to (specific pieces of personal data collected; categories of personal data collected; categories of sources from whom the personal data was collected; purpose of collecting personal data; categories of third parties to whom we have disclosed personal data), the right to request rectification or erasure of your Personal Data held with LightRun, to restrict or object to such Personal Data’s processing, to port such Personal Data, or the right to equal services and prices. Additionally, you have a right to lodge a complaint with a competent authority, such as the supervisory authority in the EU Member State of your habitual residence, place of work, or of the alleged GDPR infringement, the UK’s Information Commissioner’s Office, or your State’s Attorney General (as applicable).
You may designate an authorized agent, in writing or through a power of attorney, to request to exercise your privacy rights on your behalf. The authorized agent may submit a request to exercise these rights by emailing us. In such cases, we may request further information to verify such power of attorney and authorization.
Please note that once you contact us, we may require additional information and documents, including certain Personal Data, to authenticate and validate your identity and to process your request. Your request, along with such additional data, will be then retained by us for legal purposes (e.g. so we have proof of the identity of the person submitting the request).
9. Roles & Responsibilities
Certain data protection laws and regulations, such as the EU GDPR, UK GDPR and the CCPA typically distinguish between two main roles for parties processing Personal Data: the “Data Controller” (or under the CCPA, “Business”), who determines the purposes and means of processing; and the “Data Processor” (or under the CCPA, “Service Provider”), who processes the data on behalf of the Data Controller. Below we explain how these roles apply to our Services, to the extent that such laws and regulations apply.
LightRun is the “Data Controller” of its Customers’, Users’ and Prospects’ Personal Data, and with respect to which, assumes the responsibilities of Data Controller (solely to the extent applicable under law), as set forth in this Privacy Policy.
If LightRun processes Personal Data on a Customer’s behalf, such Customer shall be deemed the “Data Controller” of this data. The Customer will be solely responsible for meeting any legal requirements applicable to Data Controllers (such as establishing a legal basis for processing and responding to Data Subject Rights requests concerning the data they control).
If you would like to make any requests or queries regarding your Personal Data that we process on our Customer’s behalf, please contact such Customer directly. Should we receive such requests directly, we may refer them to our Customer.
10. Opt Out of Sale/Sharing
Opting out of Sale and Sharing: Under some US data protection laws, like the CCPA, our disclosure of certain internet activity and device information with third parties through cookies or pixels may be considered a “sale” or “sharing” of Personal Information. We do so in pursuit of the business and commercial purposes described in Section 2 above.
For the purposes of the CCPA, in the last 12 months we have “sold” or “shared” Internet or Other Electronic Network Activity Information and Geolocation Data, and with our analytics and advertising partners and service providers. LightRun has not knowingly sold or shared the personal information of individuals under the age of 16.
You may opt out of cookies that may result in a “sale” and/or “sharing” of your personal information in the following ways:
- On the cookie banner, click the “Do Not Sell or Share My Personal Information” button, and move the toggle switch “Sale or Share of Personal Data” off.
- Click the “My Privacy Choices” button (available in our website’s footer), and move the toggle switch “Sale or Share of Personal Data” off.
Please note: If you visit us from a different device or browser, or clear cookies, then you need to return to this screen to re-select your preferences. Set the Global Privacy Control (“GPC”) for each participating browser system that you use to opt out of the use of third-party Marketing cookies (instructions on how to download and use GPC are available here).
11. Additional Notices & Contact Details
Updates and Amendments: We may update and amend this Privacy Policy from time to time by posting an amended version on our Websites and/or Services, as applicable. The amended version will be effective as of the published date. We will provide prior notice if we believe any substantial changes are involved via any of the communication means available to us or via the Services. After such notice period, all amendments to this Privacy Policy shall be deemed accepted by you.
External Links: While our Services may contain links to other websites or services, we are not responsible for their privacy practices, and encourage you to pay attention when you leave our Services for the website or services of such third parties and to read the privacy policies of each and every website and service you visit. This Privacy Policy only applies to our Services.
Children’s Privacy: Our Services are not intended for use by children under the age of 18. We do not knowingly collect Personal Data from minors under the age of 18 and do not wish to do so. In the event that it comes to our knowledge that a minor is using the Services, we will prohibit and block such user from accessing the Services (to the extent reasonably possible) and will make all efforts to promptly delete any Personal Data stored with us with regard to such user.
EU & UK Representatives: We have appointed Prighter Group with its local partners as our privacy representative and your point of contact for the European Union and United Kingdom.
Inquiries regarding our privacy practices may be sent by email to privacy@lightrun.com, or via our representative, Prighter, on the following website.
Questions, Concerns or Complaints: If you have any comments or questions about this Privacy Policy or if you have any concerns regarding your Personal Data, please contact us at privacy@lightrun.com, or write to us at 4 Daniel Frisch St., Tel Aviv.
Effective Date: September 5, 2024