Privacy Policy
Contents
1. Who We Are
Lighthouse Intelligence is a B2B marketing benchmark data platform operated by Louder Online Pty Ltd (ABN/ACN 153 004 140), a company incorporated in Australia. Our registered office is in New South Wales, Australia.
The platform aggregates, curates, and publishes marketing benchmark data drawn from 120,000+ public and licensed sources including Eurostat, Google Trends, DataForSEO, and other authoritative datasets. Our customers are marketing agencies, enterprise marketing teams, and CMOs who use this data to inform strategy, content, and reporting.
In this policy, "we", "us", and "our" refer to Louder Online Pty Ltd / Lighthouse Intelligence. "You" refers to any individual whose personal data we process, including visitors to our website, subscribers, API users, and authorised representatives of our business customers.
For privacy inquiries: [email protected]
2. What Data We Collect
2.1 Account & Registration Data
When you create an account or sign in via Google OAuth, we receive and store:
- Full name
- Email address
- Google account ID (OAuth sub identifier)
- Profile picture URL (provided by Google)
- Account creation date and last login timestamp
We do not receive your Google password. Authentication is handled by Google's OAuth 2.0 infrastructure and we only receive the data explicitly listed above.
2.2 Usage & Technical Data
While you use our platform, we automatically collect:
- Pages visited, features used, and navigation paths
- API endpoints called, query parameters (excluding any sensitive values), and response codes
- Session timestamps and session duration
- IP address and approximate geographic location (country/city)
- Browser type, operating system, and device category
- Referrer URL
- Error logs and performance metrics
2.3 Payment Data
Subscription payments are processed by Stripe, Inc. Stripe collects and stores all payment card data directly. We store only non-sensitive billing metadata such as:
- Stripe customer ID
- Subscription plan and status
- Billing period and renewal dates
- Invoice history (reference numbers and amounts)
We do not store, transmit, or have access to full card numbers, CVV codes, or bank account details.
2.4 Communications Data
If you contact us by email or through support channels, we retain the content of those communications and any contact details you provide in order to respond to your inquiry and improve our service.
2.5 Data We Do Not Collect
We do not collect or process:
- Special categories of personal data (health, biometric, political or religious views)
- Data from minors (our service is directed at business professionals aged 18+)
- Social media credentials other than Google OAuth
3. How We Use Your Data
| Purpose | Data Used |
|---|---|
| Providing and operating the platform | Account data, usage data |
| Authentication and access control | Email, Google OAuth ID |
| Processing subscriptions and billing | Email, Stripe billing metadata |
| Sending transactional service emails (account alerts, billing receipts, API key notifications) | Email, account data |
| Improving the platform (product analytics, bug detection, performance monitoring) | Usage data, error logs |
| Enforcing API rate limits and terms of service compliance | API usage data, IP address |
| Complying with legal obligations | Account data, usage data |
| Responding to support inquiries | Communications data, account data |
| Sending product update and feature announcements (optional, opt-out available) | Email, name |
We do not use your personal data for advertising, do not build advertising profiles, and do not sell your data to third parties under any circumstances.
4. Legal Basis for Processing
For users in the European Economic Area (EEA) and UK, our legal basis under the GDPR is:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Performance of a contract (Art. 6(1)(b)) |
| Providing platform features and API access | Performance of a contract (Art. 6(1)(b)) |
| Billing and payment processing | Performance of a contract (Art. 6(1)(b)) |
| Service emails (billing receipts, security alerts) | Performance of a contract (Art. 6(1)(b)) |
| Product improvement and analytics | Legitimate interests (Art. 6(1)(f)) — improving service quality |
| Security monitoring and abuse prevention | Legitimate interests (Art. 6(1)(f)) — protecting platform integrity |
| Legal compliance and record-keeping | Legal obligation (Art. 6(1)(c)) |
| Marketing and product update emails | Consent (Art. 6(1)(a)) — you may withdraw at any time |
For users in Australia, processing is undertaken as reasonably necessary for one or more of our business functions or activities, consistent with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
5. Data Sharing & Subprocessors
We do not sell, rent, or trade your personal data. We share data only with the following trusted subprocessors who provide essential infrastructure and services:
| Subprocessor | Role | Location | Data Shared |
|---|---|---|---|
| Google Cloud Platform (GCP) | Cloud hosting and infrastructure | USA (us-central1) | All platform data stored on GCP infrastructure |
| Cloudflare, Inc. | CDN, DDoS protection, DNS | USA / Global | IP addresses, request logs (transit only) |
| Google Analytics (GA4) | Product analytics | USA | Pseudonymised usage data, page views |
| Stripe, Inc. | Payment processing | USA | Email, billing details |
| Slack Technologies | Internal operations and alerts | USA | Operational alerts (may include email in error logs) |
| Google LLC | OAuth 2.0 authentication | USA / Global | Email, name, Google account ID |
We may also disclose personal data when required by law, court order, or regulatory authority, or to protect the rights, property, or safety of Lighthouse Intelligence, our users, or the public.
In the event of a merger, acquisition, or sale of business assets, personal data may be transferred as part of that transaction. We will provide notice before your data is transferred and becomes subject to a different privacy policy.
6. Data Retention
| Data Category | Retention Period |
|---|---|
| Account registration data (name, email, OAuth ID) | Duration of active subscription + 90 days after account closure |
| API usage logs | 12 months rolling |
| Application error and performance logs | 90 days |
| Database backups | 30 days |
| Billing records and invoices | 7 years (Australian taxation and accounting obligations) |
| Support communications | 3 years from last interaction |
| Security incident records | 3 years |
When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with any individual.
7. Your Rights
7.1 Rights Under the GDPR (EEA and UK Users)
If you are located in the EEA or UK, you have the following rights:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your data ("right to be forgotten"), subject to our legal retention obligations
- Right to restriction — request that we restrict processing of your data in certain circumstances
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests or for direct marketing purposes
- Rights related to automated decision-making — we do not make solely automated decisions that significantly affect you
- Right to withdraw consent — where processing is based on consent, you may withdraw at any time without affecting prior processing
You also have the right to lodge a complaint with your local data protection supervisory authority. For EEA users, this is the relevant national authority (e.g., the CNIL for France, the BfDI for Germany). For UK users, this is the Information Commissioner's Office (ICO) at ico.org.uk.
7.2 Rights Under the Australian Privacy Act (Australian Users)
If you are located in Australia, you have the right to:
- Access — request access to personal information we hold about you (APP 12)
- Correction — request correction of personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading (APP 13)
- Complaint — lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au
7.3 How to Exercise Your Rights
Submit all privacy rights requests to [email protected]. We will respond within 30 days. Complex requests may take up to 3 months; we will notify you if an extension is required and explain why.
We may need to verify your identity before processing certain requests to prevent unauthorised disclosure or deletion of another person's data.
8. Cookies
We use cookies and similar tracking technologies to operate the platform and understand how it is used. We use the following categories of cookies:
- Strictly necessary cookies — session authentication and security tokens required for the platform to function. These cannot be disabled.
- Functional cookies — remember your preferences such as selected industry filters and UI settings.
- Analytics cookies — Google Analytics 4 to understand aggregate usage patterns. You may opt out via your browser settings or the Google Analytics opt-out extension.
For full details on cookies we use, their duration, and how to manage them, see our Cookie Policy.
9. International Data Transfers
Our platform is hosted on Google Cloud Platform in the us-central1 region (Iowa, USA). Personal data is therefore transferred to and stored in the United States.
For transfers from the EEA or UK to the USA, we rely on:
- Standard Contractual Clauses (SCCs) — incorporated into our agreements with Google Cloud Platform and other US-based subprocessors where required
- EU–US Data Privacy Framework — where applicable subprocessors are certified
A copy of the applicable transfer mechanism is available upon request at [email protected].
For transfers from Australia, we take reasonable steps to ensure overseas recipients handle your personal information in a manner consistent with the Australian Privacy Principles, consistent with our obligations under APP 8.
10. Australian Privacy Principles Compliance
Louder Online Pty Ltd is bound by the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs). We are committed to compliance with:
- APP 1 — We maintain an open and transparent privacy policy (this document)
- APP 3 — We collect personal information only by lawful and fair means, and only where reasonably necessary for our business functions
- APP 5 — We notify individuals of the collection of their personal information at the point of collection
- APP 6 — We use and disclose personal information only for the primary purpose of collection, or related secondary purposes you would reasonably expect
- APP 7 — We do not use personal information for direct marketing without consent, and include an unsubscribe mechanism in all marketing communications
- APP 8 — Before disclosing personal information to overseas recipients, we take reasonable steps to ensure compliance with the APPs
- APP 11 — We take reasonable steps to protect personal information from misuse, interference, and loss, and from unauthorised access, modification, or disclosure
- APP 12 — We provide access to personal information upon request, subject to limited exceptions
- APP 13 — We correct personal information upon request if it is inaccurate, out of date, incomplete, irrelevant, or misleading
If you believe we have not complied with our obligations under the Privacy Act, please contact us at [email protected]. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC).
11. Contact & Data Protection
We aim to respond to all enquiries within 30 days.
Data Controller:
Louder Online Pty Ltd
New South Wales, Australia
[email protected]
If you have a complaint about how we have handled your personal data and are not satisfied with our response, you have the right to escalate to the relevant supervisory authority:
- Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au
- EEA: Your national data protection authority
- UK: Information Commissioner's Office (ICO) — ico.org.uk
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this policy
- Send an email notification to all registered users
- Display a prominent notice in the dashboard for 30 days
Your continued use of the platform following notification of changes constitutes your acceptance of the updated policy. If you do not agree with the updated policy, you must stop using the platform and may request deletion of your account.
© 2026 Louder Online Pty Ltd trading as Lighthouse Intelligence. All rights reserved.
Terms of Service ·
Cookie Policy ·
Acceptable Use Policy