Privacy Policy

1. Introduction

Lightly Coded ("we," "us," or "our") is committed to protecting the privacy of visitors to lightlycoded.com and the people who create accounts to use our audit platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

2. Information We Collect

2.1 Information You Provide

When you submit the contact form or request a free audit, we collect:

• Contact information: name, email address
• Optional details: company, phone number
• Message: any information you provide in the message field, including a description of your site and goals

2.2 Information Collected Automatically

• Usage data: pages visited, time on site, referral source, which CTAs are clicked
• Device data: browser type, operating system, approximate screen size
• Cookies: see our Cookie Notice for the full list and how to control them

2.3 Information from Third Parties

We may receive anonymous analytics data from Google Analytics and Vercel Analytics. We do not purchase or obtain personal information from data brokers, and we do not enrich your submission with information from any external source.

2.4 Account and Authentication

If you create an account to use the audit platform, we also collect:

• Account details: your email address (your only login identifier) and an optional display name.
• Sign-in data:we use passwordless "magic link" sign-in — we email you a one-time link instead of storing a password. We keep short-lived sign-in tokens and session records (including the IP address and browser used to create a session) to keep your account secure.
• Audit and business details: the business name, website URL, business type, and keywords you enter for an audit, and the audit reports produced for your account.
• Purchase records:when you buy audit credits, we keep a record of the purchase and a payment reference from our processor (see "Payments" in Section 4). We never receive or store your full card number.

3. How We Use Your Information

• To prepare and deliver the free audit you requested
• To create and operate your account and keep it secure
• To run the in-depth audits you request and store your audit history
• To process your purchases of audit credits
• To respond to questions you send through the contact form or by email
• To follow up on a conversation you started, where it is clearly part of the same enquiry
• To understand how the site performs and which pages and CTAs are useful
• To improve the site, its content, and its conversion paths
• To comply with any applicable legal obligation

Your contact information is never used for unrelated marketing, never sold, and never rented.

4. Data Sharing and Disclosure

We share your personal information only as follows:

• Email delivery (XyrenMail): contact form and audit-request submissions are delivered through XyrenMail, our transactional mail service. XyrenMail processes the submission and forwards it to Lightly Coded.
• Analytics (Google Analytics, Vercel Analytics): anonymous usage data is processed by these providers to help us understand how the site is used.
• Hosting (Vercel): the site is hosted on Vercel, which may log basic request metadata as part of operating the service.
• Payments (Stripe): purchases of audit credits are processed by Stripe. Stripe collects and processes your payment details directly under its own privacy policy; we receive only a confirmation and a payment reference, never your full card number.
• Audit processing (our audit service): in-depth audits run on our own audit service, which fetches and analyzes the website and any connected Search Console data for the site being audited.
• Legal requirements: when required by law, a valid court order, or a regulatory authority.

We do not sell your personal information. We do not share it with advertisers, data brokers, or any marketing network.

5. Google Search Console Data (Audit Platform)

If you create an account and connect Google Search Console to run an in-depth audit, we access a limited amount of Google user data through Google's APIs, solely to produce the audit you request.

• What we access: read-only Search Console data for the site or sites you choose to connect — the verified properties on your account and their search-performance metrics (impressions, clicks, and queries). We request only the read-only scope (webmasters.readonly) and cannot make any changes to your Search Console account.
• Why we use it: only to generate the website audit you asked for — to score your site and produce a prioritized list of fixes. We do not use Google user data for any other purpose.
• How it is stored: your Google authorization is held in encrypted form by our audit service and used only to fetch the data needed for your audits. The search-performance data we retrieve is retained as part of your saved audit reports.
• Your control: you can disconnect Search Console at any time from your account, which revokes our access. Deleting your account also ends our access to your Google data.
• Sharing: we do not sell or transfer Google user data, and we never use it for advertising. It is used only to provide the audit feature to you.

Lightly Coded's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

6. Data Retention

Contact form and audit submissions are kept only as long as needed to deliver the audit, respond to your enquiry, and complete any follow-up that is clearly part of the same conversation, and are then removed. You may ask us to delete your submission at any time.

Analytics data is retained according to each provider's standard retention settings (typically up to two years for Google Analytics).

If you have an account, your account details, sessions, audit history, and credit records are retained while your account is active. You can delete your account at any time from your account settings; this removes your account and login data from our systems. Audit reports already produced may be retained by our audit service — contact us at privacy@lightlycoded.com if you would like those removed as well. Our payment processor (Stripe) and we may retain limited transaction records where required for legal, tax, or accounting purposes.

7. Your Rights Under PIPEDA

You have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Withdraw consent for non-essential data collection
• Request deletion of your personal information
• File a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated

To exercise any of these rights, email privacy@lightlycoded.com.

8. Security Measures

We protect your information using standard security practices: HTTPS encryption in transit, hosting on Vercel with platform-level security controls, and restricting access to submissions to the people who need to see them. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Children's Privacy

Our services are directed to businesses and the people who run them, not to individuals under 18. We do not knowingly collect personal information from children. If you believe we have, please email privacy@lightlycoded.com and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the site after changes constitutes acceptance of the revised policy.