Thank you for choosing to use Stoplight Pro (the "App"). Your privacy is important. This Privacy Policy explains how data is collected, used, and protected through the Stoplight Pro mobile app and website. By using the App and website, you agree to the collection and use of information as described in this Privacy Policy.

1. Information Collected

a. Account Information

When you create an account on our website, we collect identifying information such as your name, email address, organization, and authentication credentials. We use this information to create, secure, and maintain your account. You may also sign in using third-party authentication providers (such as Google or Apple Sign-In), in which case we receive limited profile information from those providers as permitted by your settings with them.

b. Payment Information

If you purchase a subscription, our payment processor collects your full payment details. We receive a limited subset of that data—such as the last four digits of your card, its expiration date, and your billing address—for invoicing, fraud prevention, and record-keeping purposes.

c. Email Communications

We send transactional emails to verify your identity, confirm account changes (such as email address or password updates), provide order confirmations, send payment receipts, and deliver other service-related notifications. These communications are necessary for account security and service delivery.

d. Usage Data

Certain non-personally identifiable information ("Usage Data") is collected to understand how users interact with the App and website. This Usage Data may include:

Product Interaction: Information about how you interact with the App/website, such as which features you use or screens you view.

Other Usage Data: General information about performance, diagnostic data, and crash logs that help improve and maintain the service.

No personal data (such as name, email address, or any other personally identifiable information) is collected by the mobile App. All mobile Usage Data is collected in a way that cannot be used to identify you personally.

e. Sessions & Sign‑In Activity

When you use the website, we create session records to keep you signed in across pages and devices. We also record a sign‑in activity log containing the date/time, IP address, and user‑agent of successful and unsuccessful sign‑ins. This information is used for account security, abuse prevention, and fraud detection.

f. Two‑Factor Authentication (2FA)

If you enable 2FA, we store a 2FA secret for your account. 2FA secrets are stored using industry‑standard protection (encrypted at rest) and are used solely to verify authentication codes you provide. Recovery codes you generate are stored only long enough to display or download to you.

g. Address Verification (USPS)

When you enter a shipping address, we may validate and standardize it using the USPS Address Validation service. We send only the address lines to USPS for standardization and to determine deliverability. The standardized address may be shown back to you for confirmation and stored with your order or account profile.

2. How the Information is Used

App Improvement: To analyze usage trends and user interactions in order to enhance features, functionality, and performance.

Diagnostics and Analytics: To troubleshoot and fix technical issues; to monitor crash reports and errors; and to better understand engagement.

Security: To protect accounts and the service by using sessions, sign‑in logs, 2FA, and other measures to detect suspicious activity and enforce safe access.

Quality Assurance: To maintain and continuously improve the user experience by identifying potential problems and making data-driven decisions.

3. Data Sharing and Disclosure

Service Providers: Aggregated, non-identifiable Usage Data may be shared with third-party service providers who help with analytics, diagnostics, or other business operations. These providers are contractually obligated to protect and use the data only for the services they are providing.

Legal Requirements: Your information may be disclosed if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Business Transfers: In the unlikely event of a merger, acquisition, or sale of assets, Usage Data may be transferred as part of that transaction, subject to the same privacy protections.

4. Data Retention

Usage Data is retained only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as otherwise required by law. Because this data is not linked to your personal identity, it may be retained in anonymized or aggregated form for an extended period to help analyze and improve the App over time.

4.a Data Retention & Deletion Timeline

• Account profile: Deleted within 30 days of final account deletion (operational needs and fraud prevention).
• Two-factor settings: Deleted immediately at account deletion (security).
• Active sessions: Visible while active; removed immediately on revoke (security/session management).
• Sign-in activity: Retained for 90 days (security auditing and abuse tracking).
• Billing customer profile: Retained up to 7 years (accounting and legal compliance).
• Payments and invoices: Retained up to 7 years (accounting and tax compliance).

4.b Account Deletion & Scheduling

You can request account deletion from your account settings. Deletion is scheduled at the end of your current billing period. You may cancel a scheduled deletion before that date. Once deletion is finalized, we permanently remove account profile data and 2FA settings per the timeline above; payment records may be retained as required for accounting and legal compliance.

5. Security

Reasonable administrative, physical, and technical safeguards are used to protect the information from unauthorized access, use, or disclosure. However, no method of electronic storage or transmission over the internet is 100% secure, and we cannot guarantee its absolute security.

6. Children's Privacy

No personal information is knowingly collected from children. If you believe that a child has provided personal information to Stoplight Pro, please reach out using the contact information provided below.

7. Your Rights and Choices

If you have any concerns about the Usage Data collected, please reach out using the contact information provided below.

8. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time to reflect changes in practices, technologies, legal requirements, or other factors. Any updates will be posted on our website, and the "Last Updated" date at the top of this Privacy Policy will reflect the most recent version. It is encouraged that you review this Privacy Policy periodically to stay informed.

9. International Data Transfers

Your information may be processed and stored in the United States and in other countries where we or our service providers operate. When transferring personal data from the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses.

10. Your Data Protection Rights

Depending on your location, you may have the right to access, correct, delete, restrict, or object to the processing of your personal information, and to request data portability. You may also have the right to complain to a supervisory authority. To exercise any of these rights, please contact us using the details below.

11. Cookies & Similar Technologies

We use a small number of strictly necessary first‑party cookies to operate the service (keep you signed in, protect forms, and remember limited preferences). We also use analytics cookies on some pages to understand site usage and improve our website.

• Session (strictly necessary): keeps you signed in and secures the account area.
• Security (strictly necessary): prevents cross‑site request forgery on form submissions.
• Preference (strictly necessary): remembers that you dismissed the cookie notice.
• Analytics: measures page views and interactions; we configure IP anonymization and disable ad personalization features.

We do not use advertising cookies. You can control cookies in your browser settings. To opt out of Google Analytics more broadly, you may also use Google’s opt‑out tools.

12. Third-Party Links & Integrations

The Services may contain links to third-party websites or integrate with third-party applications (including authentication providers such as Google and Apple). We do not control, and are not responsible for, the content or privacy practices of such third parties. Your interactions with those third-party services are governed solely by their policies. When you use third-party sign-in options, those providers may share certain profile information (for example, verified email) with us as permitted by your settings with them. We do not receive your OAuth passwords.

We use Google Analytics to understand how visitors use our website. Google Analytics collects information such as page views, browser type, and approximate location. We configure IP anonymization and disable ad personalization features. For more information about how Google uses data, see Google’s policies, and you can opt out using Google’s opt‑out tools.

13. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals. Because there is no universally accepted standard for DNT, we currently do not respond to browser DNT signals.

14. California & Other Jurisdiction-Specific Disclosures

If you are a California resident, you have the rights described in the California Consumer Privacy Act (CCPA), including the right to request information about our collection and use of your personal information and to request deletion of that information. We do not sell your personal information as defined by the CCPA. Residents of other jurisdictions may have similar rights.