Who controls the service

Lightcap operates the service available at lightcap.ai. If you have privacy, security, deletion or access questions, you can contact Lightcap at [email protected].

By using Lightcap, joining the waitlist, creating or using an account, or creating a shared search snapshot, you agree that Lightcap may process your data as described on this page for the purposes of operating, securing and improving the service.

What Lightcap currently collects and stores

• Account data. If you log in, Lightcap stores your account email, a password hash, a password salt, an access-tier label, and account timestamps. Lightcap does not store your password in plaintext.
• Session data. When you authenticate, Lightcap stores a signed session token in an HTTP-only cookie and stores a hashed session secret, session timestamps and a user-agent string on the server.
• Waitlist data. If you join the whitelist, Lightcap stores your email address, whether you asked to receive a beta-opening email, and timestamps.
• Saved search history. If you are logged in, Lightcap stores your search query, the language attached to that search, the generated research snapshot, selected sources, summary text, highlights, pin status and timestamps until you delete the item or request account removal.
• Shared snapshot data. If you create a share link, Lightcap stores a public snapshot of the saved query, summary, highlights and source cards so that the share URL can be opened. Shared snapshots are designed to expire automatically after about 14 days.
• Temporary search lock state. To prevent overlapping long-running searches from the same client route, Lightcap temporarily stores an IP-based search-state record with the active query, language, query-language hint, timestamps and run identifier. That state is designed to expire automatically after about 30 minutes or when the search finishes.

What the browser sends and how Lightcap uses it

• Browser language. The client sends a language tag with search and autocomplete requests. Lightcap uses it to localize UI copy, choose presentation language, and route parts of the research pipeline. Lightcap does not currently maintain a separate permanent locale-profile record just because your browser reported a language. If you are logged in and a search is saved, the language attached to that saved history item may be stored with the saved entry.
• IP and request metadata. Lightcap, its reverse proxy and hosting stack may process IP address, request path, timestamps, status codes and related technical metadata for security, abuse prevention, availability and debugging.
• User-agent string. Lightcap stores a user-agent string with authenticated sessions to help operate and secure sign-in state.
• No silent profile sale. Lightcap does not currently operate an advertising profile business, does not currently sell personal data, and does not currently use the public site to build a separate marketing-profile graph from search language alone.

Cookies, local storage and browser-side state

• Authentication cookie. The login session uses a first-party HTTP-only cookie so the browser can stay signed in.
• Local storage. The current frontend stores a small local flag for whether the highlight-legend explanation was already seen and a local preference for whether the history sidebar is collapsed.
• Notifications. Browser notification permission is handled by the browser itself. Lightcap prompts for permission in the UI, but the permission state is maintained by your browser and operating system.
• No third-party marketing cookies on this surface. The current public surface is not designed around third-party ad tracking cookies.

Who may receive data

Lightcap uses infrastructure and research processors to deliver the service. Depending on configuration, your queries or related technical metadata may be processed by hosting, security, content delivery, search, scraping, proxy or language-model providers engaged by Lightcap.

• Infrastructure providers may process IP addresses, request metadata and cached site assets in order to keep the site online and protected.
• Search, scraping and language-model providers may receive query text, source URLs, extracted content or summary tasks when Lightcap uses them to generate results.
• Email tooling may process waitlist or support email data if Lightcap uses a third-party mail service to contact you.

Some processors may operate outside the EEA or UK. Where that occurs, Lightcap expects transfers to rely on appropriate safeguards such as contractual protections, provider transfer mechanisms or other measures available under applicable law.

How long data is kept

• Accounts. Kept until removal is requested or Lightcap decides to close the account under its internal policies.
• Sessions. Session records are designed to expire after roughly 45 days or earlier on logout.
• Saved search history. Kept until you delete the item or ask Lightcap to remove the account data.
• Shared search snapshots. Designed to expire after roughly 14 days.
• Temporary search-state records. Designed to expire after roughly 30 minutes.
• Waitlist entries. Kept until Lightcap no longer needs them for launch communication or you ask for deletion.
• Technical and infrastructure logs. Kept according to operational need and provider retention settings.

Why Lightcap believes it can process the data

• Contract or pre-contract steps. To let you log in, run a search, save history, open share links or place yourself on the waitlist.
• Consent. To send beta-opening emails when you explicitly ask for them.
• Legitimate interests. To secure the service, prevent abuse, debug failures, maintain availability, manage sessions and improve reliability.
• Legal obligations. Where Lightcap must retain or disclose information to comply with applicable law.

Your GDPR and European privacy rights

Subject to applicable law, you may have rights to request access, rectification, deletion, restriction, objection, portability, and to withdraw consent where processing depends on consent. You may also have the right to complain to your local supervisory authority.

To exercise a rights request or ask a question about stored data, contact [email protected]. If you are asking for deletion, include enough information to identify the relevant account, waitlist email or share link.

What may still appear in logs

Lightcap is designed to avoid storing full query text in routine application logs. The current application layer logs operational metadata such as language decisions, stage, status, timing, and coarse query size signals. Infrastructure, reverse-proxy, provider or exception logs may still process IP addresses, request paths, timestamps, status codes, source URLs, and query text where the query itself must be sent to a search, scraping or language-model processor to answer your request.

Lightcap does not describe this as a zero-log system. If a stricter no-query-log posture is required for a production environment, provider configurations, proxy retention and debugging pathways should be reviewed further.

Rules for using Lightcap

• You must use the service lawfully and must not abuse, disrupt, reverse-engineer or attack the platform.
• You remain responsible for the prompts, documents, links and other material you choose to submit.
• Search results, summaries and model output may be incomplete, stale or wrong. You should not rely on Lightcap alone for legal, medical, financial or similarly high-risk decisions.
• Shared snapshot links are intended to be accessible to anyone with the link until they expire or are removed. Do not share personal, confidential or regulated material through a public snapshot unless you accept that risk.
• Lightcap may suspend, limit, change or remove features, especially where features are pre-release, experimental or needed to protect the service.
• To the maximum extent permitted by law, the service is provided on an as-available and as-is basis.

Children, security and updates

The service is not intended for children under the age required by applicable law to validly use such a service without parental authorization. Lightcap also expects users not to submit highly sensitive personal data unless clearly necessary and appropriately lawful.

Lightcap uses technical and organizational measures intended to protect the service, but no internet system can be promised perfectly secure. Lightcap may update this page as the architecture changes; when that happens, the effective date should also be updated.