Privacy Policy

What We Collect

We collect device-level signals (browser type, screen resolution, GPU information, fonts, audio context, and similar hardware/software attributes) for the purpose of generating a device fingerprint. We do not collect personally identifiable information (PII) such as names, email addresses, or browsing history through our fingerprinting SDK.

For account holders, we collect registration information (email, company name) and usage analytics related to API consumption.

How We Use Data

Device fingerprints are used to: (a) generate a unique device identifier for fraud prevention, (b) detect automated bots and suspicious behavior, (c) provide analytics and risk scoring to our customers, and (d) improve our matching algorithms.

Account information is used to manage your subscription, provide customer support, and communicate service updates.

Cookies and Local Storage

Our production fingerprinting SDK is designed to operate without relying on persistent client storage for the core device signal: the fingerprint is derived from hardware and software signals when you run identification.

The interactive demo on this site stores a random visitor identifier in localStorage (and a first-party cookie mirror) only so repeat visits can show ID stability in the UI—that storage is not required for the production SDK path.

Our website uses a minimal session cookie (lr_session) for authenticated users and a preference cookie (lr_cookie_consent) to record your consent choice. No third-party tracking cookies are set.

Data Retention

Device fingerprint data is retained according to the customer's plan (7 to 90 days for standard plans, custom retention for enterprise). Account information is retained for the duration of the account plus 30 days after deletion. You may request data deletion at any time.

Third-Party Sharing

We do not sell, rent, or trade device fingerprint data or personal information to third parties. Data is shared only with: (a) infrastructure providers necessary to operate the service (hosting, CDN), under strict data processing agreements; and (b) as required by law or to protect our rights.

Security Measures

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). API keys are hashed before storage. We apply differential privacy techniques (Laplace noise) to aggregated analytics to prevent individual re-identification. Access to production systems requires multi-factor authentication and is logged.

International Data Transfers

Our primary infrastructure is in the United States (AWS us-east-1). If you are located outside the United States, your data will be transferred to and processed in the US. We rely on Standard Contractual Clauses (SCCs) for transfers from the EU/EEA and ensure equivalent protections for all jurisdictions.

Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect data from children. If you believe we have inadvertently collected such data, contact us and we will promptly delete it.

Your Rights

If you are located in the EU/EEA, you have the right to: access your data, rectify inaccurate data, erase your data, restrict processing, data portability, and object to processing. California residents have the right to know, delete, and opt-out under the CCPA. Contact us at privacy@lightningresearch.ai to exercise these rights.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to account holders and posted on this page with the updated date. Continued use of the service after changes constitutes acceptance.

Contact

For privacy inquiries, contact us at:

Email: privacy@lightningresearch.ai Address: Lightning Research, Inc.