Privacy Policy
Last updated: April 2026 · Effective immediately for all accounts
We respect your privacy. We collect only what we need to operate the platform, never sell your data, and give you control over your information.
1. Data We Collect
When you create an account or use the marketplace, we may collect:
- Account information: username, email address, hashed password
- Profile data: display name, bio, avatar, website, social links, location
- Registration questionnaire: user type, use case, referral source, intended use
- Transaction history: purchases, sales, balance changes
- Uploaded assets: project JSON files, avatar images
- Usage data: endpoint invocation counts, API request logs
- Technical data: IP address (rate limiting only), browser type
2. How We Use Your Data
- Account creation, authentication, and session management
- Marketplace operations — listing discovery, purchases, reviews
- Transactional emails — verification codes, purchase receipts, listing updates
- Platform improvement — understanding how features are used
- Fraud prevention and security monitoring
- Rate limiting and abuse prevention
3. Data Storage & Security
All data is stored in PostgreSQL on AWS infrastructure (us-east-1 region). Data is encrypted at rest and in transit (TLS 1.2+). Direct database access is restricted to authorized platform administrators only.
Passwords are never stored in plaintext — we use bcrypt with 12 salt rounds.
4. Cookies
We set one authentication cookie (lsai_token) that is:
- Scoped to
.lightstruc.com— enables cross-subdomain auth with LSAI Studio httpOnly— not accessible to JavaScriptSecure— only sent over HTTPSSameSite=Lax— protects against CSRF attacks
We do not use tracking cookies, analytics cookies, or third-party advertising cookies.
5. Third-Party Sharing
We share data with third parties only as required to operate the platform:
- AWS SES: Transactional email delivery (verification, receipts, notifications)
- Stripe / PayPal (Phase 2): Payment processing for balance top-ups
We never sell, rent, or trade your personal data to any third party for marketing purposes.
6. Your Rights
You have the right to:
- Access: Request a copy of all data we hold about you
- Correct: Update your profile information at any time via your account settings
- Delete: Request account deletion — your profile data will be purged within 30 days. Listings become anonymized; transaction records are retained for legal compliance.
- Export: Request a data export of your profile, listings, and transaction history
- Privacy controls: Manage what's visible on your public profile via Privacy Settings
To exercise these rights, contact us at privacy@lightstruc.com.
7. Data Retention
- Active accounts: data retained for the lifetime of the account
- Deleted accounts: personal data purged within 30 days
- Unverified accounts: purged automatically after 24 hours
- Transaction records: retained for 7 years for legal/accounting purposes
8. Children
LSAI is not intended for users under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us at privacy@lightstruc.com and we will delete the account promptly.
9. Policy Changes
We will notify you by email of any material changes to this policy with at least 30 days notice before the changes take effect. Continued use of the platform after the effective date constitutes acceptance.
10. Contact
Questions about this policy? Email privacy@lightstruc.com