How we handle your data.

Who is responsible

Lighthouse is operated by Jazel Labs Private Limited (India), the data controller for the personal data described here. Contact: founders@jazel.co.

What we collect

Account. When you sign up via Clerk we store your Clerk user ID, email, and (optionally) name. Authentication is handled by Clerk as a processor — see clerk.com/privacy.

Your product / target data. The API and/or MCP targets you register for assessment (name, base URL, docs URL, MCP reference) and the resulting reports.

Payments. Billing is processed by Stripe. We never see your card number — only a Stripe customer/subscription identifier we use to look up your plan status. See stripe.com/privacy.

Contact / leads. If you use our contact form we store your name, work email, company, the product you're interested in, and your message, so we can reply.

What we do NOT collect

• Production API keys for the products you register — assessments use sandbox / public-only access.
• The bodies of real API requests against your production systems.
• Browser fingerprints or third-party tracking cookies.

How we use it

To provide the service (run assessments you've paid for and approved, deliver reports to your dashboard, process billing), to send transactional email (welcome, payment, report status — never marketing without consent), to respond to contact requests, and to prevent abuse. We do not sell your personal data.

How long we keep it

• Account, product/target data, and reports: for the life of your account, then deleted on request.
• Billing records: as required for legal/tax/audit purposes.
• Leads and contact messages: until you ask us to delete them.

Your rights (DPDP & GDPR)

We follow India's Digital Personal Data Protection Act, 2023 (DPDP) and apply a reasonable GDPR posture for clients in the EU/UK. You may request access to, correction of, or deletion of your personal data, and may withdraw consent for non-essential processing. To exercise any right, or to nominate someone to act on your behalf, email founders@jazel.co — we respond within 30 days. If you're in the EU/UK you also have the right to lodge a complaint with your local supervisory authority.

Subprocessors

We'll update this page before adding a new subprocessor.

• Clerk — authentication
• Supabase — Postgres database hosting
• Stripe — payment processing
• Resend — transactional email
• Upstash — Redis (rate limiting / abuse prevention)
• Vercel — frontend hosting + cookieless analytics
• Railway — backend / assessment hosting

Cookies & analytics

Authentication uses a single Clerk session cookie. The marketing site uses Vercel Analytics, which is cookieless by design and collects no PII. We do not load third-party tracking pixels.

Contact

Questions about this policy: founders@jazel.co.