Notice at Collection
This summary describes the personal information we collect at or before the point of collection and how we use it. It applies to all users; specific rights and required disclosures differ by jurisdiction (for example, EU/EEA, California, and other U.S. states). Read this together with the rest of this Privacy Policy.
- Categories collected (including the prior 12 months): identifiers such as email; account and profile data; device and usage data; subscription and payment information processed by our payment provider; content you submit, including prompts and outputs when you use AI features; text transcriptions when you use AI Speech features (audio is not recorded or stored); and when you use Google Authentication, we collect your email, name, profile picture, and Google account identifier from your Google account.
- Purposes: provide and secure the services; operate AI features (including AI Speech for voice-to-text transcription); authenticate users (including through Google Authentication); prevent abuse and detect fraud; provide support; perform analytics; bill and collect payments; and comply with legal obligations.
- Sale/Share: we do not sell personal information. We do not share personal information for cross‑context behavioral advertising or targeted advertising. When you use Google Authentication, Google may receive information about your use of our Services in accordance with Google's Privacy Policy.
- Sensitive personal information: we do not seek it. If you choose to submit it, we process it only as necessary to provide the requested service or as required by law.
- Retention: we retain personal information for as long as needed to provide the services and as required by applicable law.
- Your rights: depending on your location, you may have rights to access, delete, correct, or obtain a copy of your information, and to appeal a denial of your request. You may also opt out of any sale or sharing (not applicable, since we do not sell or share) and of targeted advertising. You can disconnect your Google account from our Services at any time through your account settings. To exercise rights, contact us at privacy@lightning-assist.com or gdpr@lightning-assist.com.
We do not use automated decision making that produces legal or similarly significant effects without human involvement. For full details, including EU/EEA processing bases and transfer safeguards, please continue reading this Privacy Policy.
Lightning Assist Privacy Policy
Your right to privacy and privacy is a priority for us, and we are constantly committed to continuously improving the way we protect your personal data.
Effective Date: July 17, 2025
Preliminary Information
The confidentiality, integrity, and security of your personal data are the primary pillars when we implement the appropriate technical and organizational measures to ensure that your personal information is safe and your rights to privacy are respected.
This Privacy Policy (hereinafter referred to as the "Privacy Policy") implements the principle of transparency and describes the manner in which the collection, use, dissemination, storage, and disposal of your personal data is carried out by LIGHTNING ASSIST SRL, having its registered office in Str. Petre Tutea nr. 35, Bl. 919, Iasi Iasi, 700731; our VAT number is 48288111 (hereinafter referred to as "LIGHTNING ASSIST" or "we"), as controller of personal data in connection with (i) the access to and use of the Lightning-Assist SaaS application available at https://lightning-assist.com and also (ii) the provision of our services through and outside the application (hereinafter referred to as the "Services").
1. Purposes and Legal Grounds of Processing Personal Data
1.1 Personal data used within the Lightning-Assist
The continuous operation and testing of the Lightning-Assist website/application are ensured with the help of computer systems and software modules that generally obtain some personal data. The transmission of this data is done by default so that online communication protocols return optimal results of using the Lightning Assist.
This information is not collected to be associated with identified persons, but due to its nature may allow, through processing and integration with certain data stored by third parties, the identification of users.
Personal information can indirectly identify you, including IP addresses, time of the request, method used to send the request to the server, size of the file obtained in response, as well as other parameters related to the user's operating system (desktop/mobile, browser, language and region settings, etc.). To the extent that this information identifies a user, the provisions of this Privacy Policy become applicable.
The most consistent group of personal data that we process within the Lightning Assist and for which GDPR is directly applicable is provided by you when creating and operating the account you open and manage for your activity in the free or paid subscription to our SaaS application for faster coding or simply writing. Therefore, it is important that all personal information that you provide to us be true, complete, and accurate, and you must notify us of any changes to such or relevant personal information.
We want to assure you that we take all necessary actions so that you have access and control over personal data at any time; there are channels of direct communication with the developer of the platform and outsourced services relevant to it.
1.2 Purposes and Grounds Associated with Personal Data Processing Operations
| Purpose of processing | Associated basis |
|---|---|
| To ensure the correct and legal functionality of the Lightning Assist website, we use browsing data to generate anonymous statistical reports on the use and detection of possible errors that occur while the Lightning Assist is operated by you. | Performance of legal duties related to security aspects of our systems according to Art. 6 para. (1) letter c) of EU Regulation 679/2016 and the specific legislation and guidelines applicable on European and international level in the field of cybersecurity to assure a safe online environment. |
| For the use and the development of the Lightning Assist SaaS application as a user. | Performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering a contract according to Art. 6 para. (1) letter b) of EU Regulation 679/2016 according to the presented Terms of Service. |
| For marketing purposes, such as providing the latest news regarding the products and services provided by Lightning Assist SRL or for the use of non-essential cookies on the website. | Your consent is explicit, informed, and freely expressed based on Article 6 para. (1) letter a) and in compliance with the consent requirements contained in art. 7 and 8 of EU Regulation 679/2016. |
As Lightning Assist is in continuous development, we will update this policy when new data processing will be carried out and when new functionalities of the platform will be available with new purposes and associated processing legal grounds.
2. Lightning Assist and Associated Data Processing
2.1 What personal data is necessary when using our service(s)
Accounts in the Lightning Assist are designed and structured on the subscription time criteria, including also a 14-day subscription for free. In order to access our service(s), it is necessary to create a user account and then subscribe to our free 14-day trial or paid Service, selecting the monthly or the annual subscription as described in our Terms of Services.
In order to operate the subscription to our Service(s), we collect directly from the user and process the following personal data:
- Full Name
- Date of last login
- Data about the triggers set by the user in the application
- Login token
- Subscribe to emails/newsletter
- Details about the card from Stripe such as the card brand, country of origin, the month in which it expires, and the last 4 numbers on the card
- Details about invoices to be paid by the user
- Date of when the account has been created
- If the notifications are activated and other functionality settings
Google Authentication (OAuth 2.0)
If you choose to create or access your account using Google Authentication, we collect and process the following information from your Google account, as authorized by you through Google's OAuth 2.0 service:
- Email address (required for account creation and communication)
- Full name (to personalize your account)
- Profile picture (optional, if you choose to use it for your account)
- Google account identifier (to link your Google account to your Lightning Assist account)
Legal basis for processing: The processing of personal data obtained through Google Authentication is based on your explicit consent (Art. 6(1)(a) GDPR) when you choose to authenticate using Google, and on the performance of a contract (Art. 6(1)(b) GDPR) to provide you with access to our Services.
Data sharing with Google: When you use Google Authentication, Google may receive information about your use of our Services in accordance with Google's Privacy Policy. We do not control Google's collection, use, or sharing of your information. For more information about how Google handles your data, please review Google's Privacy Policy at https://policies.google.com/privacy.
Security: We do not store your Google account password. Authentication is handled securely through Google's OAuth 2.0 service. We store only the information necessary to maintain your account and provide our Services, as listed above.
Your rights: You can disconnect your Google account from our Services at any time through your account settings. Disconnecting your Google account will not delete your Lightning Assist account, but you will need to use an alternative authentication method (such as email and password) to access your account in the future.
Third-party service: Google Authentication is provided by Google LLC. Your use of Google Authentication is subject to Google's Terms of Service (https://policies.google.com/terms) and Privacy Policy. We are not responsible for Google's handling of your information or any issues that may arise from your use of Google's authentication service.
We collect also data about Subscriptions that the user created in Stripe:
- User Id
- Subscription Id
- Cancel At (if the subscription is canceled and we will no longer take money from users at the end of the period)
- Cancel At Date (the date on which the subscription will be closed)
- Created (when it was created)
- Current Period Start (when it started)
- Current Period End (when it ends)
- Interval (monthly or yearly)
- Latest Invoice (the last invoice with data on how much to pay, etc.)
- Product Id (id of the product)
- Status (active, inactive)
- Subscription Name (subscription name)
- Customer Id (id from Stripe)
- Payment Intent (id of the payment from Stripe)
- Monthly Payment Intent
- Retry Attempts: The number of retries in case your card does not work (you are allowed a maximum of 3)
- Last Retry Attempt: the date of the last retry
Within this user account, the user may carry out personal data processing activities authorized through the Lightning Assist app, namely completion, viewing, updating, and deleting personal data.
For the application to run correctly, we store data in Local Storage and Cookies. Stripe does the same for our application. Also, our application stores the data on the user's drive (disk).
The only sensitive information we have access to, under Stripe’s responsibility, is the invoicing and payment history for the user’s subscription, and we have implemented adequate technical and organizational measures to assure a high level of confidentiality.
2.2 Use of cookies within the Lightning-Assist website
2A. AI Features and Data Processing
Lightning Assist provides optional AI features (such as AI Chat and automated content generation/editing) that may process the text you submit ("prompts") and the generated text or media ("outputs"). We instruct our AI Service Providers not to use prompts or outputs to train their models, and we do not use prompts or outputs to train our own systems, except as needed to deliver, secure, and bill the Services. We recommend that you avoid including sensitive personal data in prompts unless strictly necessary and lawful.
Categories of personal data (depending on your input): account identifiers (email, user ID), device and usage metadata, prompt text (which may include personal data you choose to include), and outputs.
Purposes: provide AI functionality, detect abuse and security issues, maintain service quality, measure usage for AI Credits, and comply with legal obligations.
Legal bases: performance of contract (Art. 6(1)(b) GDPR) to provide requested AI features; legitimate interests (Art. 6(1)(f)) in securing and improving the Services; consent (Art. 6(1)(a)) where required for optional features or marketing analytics; and compliance with legal obligations (Art. 6(1)(c)).
Recipients and transfers: AI Service Providers and cloud vendors may process data in the EU, US, or other regions. Where applicable, we rely on appropriate safeguards for international transfers, such as Standard Contractual Clauses. We contractually restrict providers from using your data for their own advertising or training.
Retention: prompts and outputs are retained only as long as necessary to provide the feature and for short‑term operational logs and billing records; we periodically delete or anonymize data in accordance with our retention schedules and legal requirements.
2B. AI Speech (Voice-to-Text) Features
Lightning Assist provides an optional AI Speech feature that enables voice-to-text transcription using third-party AI Service Providers. This feature is designed with privacy and user control as fundamental principles.
Audio Recording Policy: We do not record, store, or retain any audio recordings of your voice. Audio data is processed in real-time and immediately discarded after transcription. We do not maintain any audio files or voice recordings on our servers or in our systems.
Transcription Processing: When you choose to use the AI Speech feature, your voice input is processed in real-time by our AI Service Providers to generate text transcriptions. Only the resulting text transcription (if you choose to save it) may be stored, and only according to your explicit preferences and settings.
User Control and Opt-Out: You have complete control over the AI Speech feature:
- You can choose to use or not use the AI Speech feature at any time
- You can opt out of saving transcriptions entirely through your account settings
- You can choose to use the feature without any transcription being saved or recorded
- You can disable the feature completely at any time
Categories of personal data: When using AI Speech, we process only the text transcription output (if you choose to save it), along with account identifiers (email, user ID) and usage metadata for billing purposes. No audio data is retained.
Purposes: Provide voice-to-text transcription functionality, measure usage for AI Credits billing, detect abuse and security issues, and comply with legal obligations.
Legal bases: Your explicit consent (Art. 6(1)(a) GDPR) when you choose to use the AI Speech feature; performance of contract (Art. 6(1)(b) GDPR) to provide the requested transcription service; and legitimate interests (Art. 6(1)(f)) in securing and improving the Services.
Recipients and transfers: AI Service Providers process audio data in real-time for transcription purposes only. Audio data is not stored by us or by our providers. Text transcriptions (if saved) are processed in accordance with the same safeguards as other AI features, as described above. Processing may occur in the EU, US, or other regions with appropriate safeguards in place.
Retention: Audio data is not retained. Text transcriptions (if you choose to save them) are retained only as long as necessary to provide the feature and for short‑term operational logs and billing records, in accordance with our retention schedules and legal requirements. You can delete saved transcriptions at any time through your account settings.
Your Rights: You have the right to withdraw your consent to use AI Speech at any time, to opt out of saving transcriptions, to delete any saved transcriptions, and to request information about what transcription data (if any) we have processed. To exercise these rights, contact us at privacy@lightning-assist.com or gdpr@lightning-assist.com.
What is a cookie?
Cookies are small text files consisting of letters and numbers which will be stored on the device (computer, mobile terminal, or other equipment) of a user when accessing the Lightning Assist using the Internet. Cookies are installed by request sent by a web server to the platform and are completely passive in the sense that they do not contain software viruses or spyware and cannot access the information on the user's hard drive. Moreover, the duration of a cookie is determined, and technically only the web server that sent the cookie can access it again when a user returns to the platform associated with that webserver. Cookies themselves do not require personal information to be used and in most cases do not personally identify internet users. Cookies provide the user with a pleasant experience of accessing and browsing within the Lightning Assist by offering functionalities such as options for saving registration data, much faster access to the created account, etc. The use of cookies does not imply the request for personal data and in most cases does not personally identify users.
Types of cookies
Most of these cookies used by us will be deleted from your hard drive immediately after your browsing session (so-called session cookies). They are temporarily stored in the platform's cookie folder so that it can store them until the user exits the platform or closes the access window of the Lightning Assist. Other cookies remain saved on your device's hard drive and allow us to recognize your device in case of a subsequent visit to the platform (so-called persistent cookies). These are cookies that allow us to make the use of our platform more friendly, efficient, and secure. This type of cookie can be deleted by the user at any time through the browser settings with which he accessed the Lightning-Assist.
Cookie lifetime
The lifetime of a cookie may vary significantly depending on the purpose for which it is placed. As mentioned above, certain cookies are used exclusively for a single session (session cookies) and are deleted once the user leaves the platform, while other cookies are kept and reused each time the user returns to the Lightning Assist. However, cookies can be deleted at any time by adapting the settings of the browser used by it.
The cookies we use on our webpage https://lightning-assist.com are as follows:
| Name | Category | Purpose | Duration |
|---|---|---|---|
| accessToken | Strictly necessary cookies | Keeping a user logged and and having access to other functionalities | 1 day |
| emailSubscribe | Strictly Necessary Cookies | Check if user if subscribed to newsletter to show functionalities | 1 day |
| id | Strictly Necessary Cookies | Id of the user to get his details | 1 day |
| acceptCookies | Functional Cookies | Accept Cookies to enable Google Analytics | 1 year |
Cookies used by third parties:
| Name | Category | Purpose | Duration |
|---|---|---|---|
| _ga | Performance Cookies | Usefull for Google Analytics | 1 year |
| Google OAuth Cookies | Strictly Necessary Cookies | When you use Google Authentication, Google may set cookies to manage your authentication session and ensure secure access to your account. These cookies are essential for the Google OAuth 2.0 authentication process. | Session-based or as determined by Google |
The local storage we use on our Lightning Assist Application are as follows:
All of these are strictly necessary. You can't configure them.
| Name | Purpose | Duration |
|---|---|---|
| accessToken | Token necessary to determine if you are logged and to access user details and resources | 1 Year |
| refresh_token | Necessary for refreshing the session when the authentication token expires | No Expire Date |
| enableNotifications | When you trigger resource executions to show or not notifications | No Expire Date |
| rememberMe | Remember the account email on login | No Expire Date |
| theme | Current theme on the app, light or dark | No Expire Date |
| id | Id of the user | No Expire Date |
| roles | User Roles | No Expire Date |
| User email | No Expire Date | |
| isSubscribed | Flag if the user is subscribed | No Expire Date |
| appStartOnLaunch | Flag to start the app when you open the computer | No Expire Date |
| rememberedAccount | Email to populate the login form | No Expire Date |
| LAactive | Keep LA Main Functionality Active on Refresh | No Expire Date |
Storing information captured by cookies
The information obtained by cookies is kept in high-security conditions by the web server, respectively the server hosting the Lightning Assist website. We assure you that our web server was selected to comply with high-security requirements regarding the information collected through cookies, being obliged to strictly comply with the obligations imposed by applicable law.
3. Collection / Provision of Personal Data
Your personal data, personal information enters the information system managed by Lightning Assist in two main ways:
- Direct collection – when accessing our webpage and when uploading them to the creation of your account;
- Indirect collection – the invoicing and payment history associated with the user’s subscription
Regardless of the collection method used, the responsibility for the accuracy of personal data lies with the data subject when providing data implied in the collection since the third parties involved in the processing are using the data provided by the user.
We are careful to maintain compliance with the principle of data minimization, but you must know that you may refuse to provide certain personal data (indicated above), but in such a case, you may not be able to benefit from certain services specific to the contractual relationship (Terms of Services) to which this Privacy Policy refers.
4. Automated Processing of Personal Data
Your personal data will not be processed in order to generate decisions based solely on automatic processing that would produce legal effects on you or affect you to a significant extent.
5. Processing Time
As a rule, we will process your Personal Data for the duration of the existence of the account you have opened in Lightning Assist SaaS app until its closure by you or by express request sent by you to us for exercising the right to data deletion.
6. Erasure of Personal Data
When we receive a request for erasure from you, we will implement the measure of anonymization of your identity given that an effective deletion of this information would distort the exploitation of the application by other users, making it impossible to fulfill the purpose for which it was created.
However, if it is possible to delete your data, the lack of which does not affect the functionality of Lightning Assist, we will comply with your deletion request after running a punctual analysis; we will keep you informed about the processing of your request.
Please acknowledge that tickets that have been completed are automatically deleted after 30 days and any further claims will be rejected.
Also, the user can delete the account they created upon the presentation of a critical warning from the application before pressing the deletion button.
7. Transfer of Personal Data
We may transfer personal data to the necessary extent to the following categories of recipients:
- For the payment processing and invoicing services provided by third parties like Stripe;
- For the database and cloud services provided by Amazon Web Services (AWS);
- For the management of real-time communication and caching infrastructure using Redis, which may be hosted by third-party cloud providers.
- For authentication services provided by Google LLC when you choose to use Google Authentication (OAuth 2.0) to create or access your account.
These recipients may be located in the European Union and/or the European Economic Area. Where recipients are located outside the European Union and the European Economic Area, including in countries which are not recognized as ensuring an adequate level of protection, the transfer of personal data shall only take place where appropriate safeguards exist in accordance with applicable law. In doing so, we rely on several safeguards, such as standard contractual clauses issued by the European Commission.
To provide real-time features and ensure the functionality of our services, the application maintains a continuous connection to our servers through Server-Sent Events (SSE) technology. This means that certain data, including usage and connection information, may be transmitted between your device and our servers while the application is active. Redis may be used in conjunction with this connection to facilitate real-time data delivery and synchronization across distributed systems. By using the application, you acknowledge and consent to this ongoing data exchange and processing as part of the normal operation of the service.
8. Security of Personal Data
The security of your personal data is important to us. Therefore, your personal data will be processed by applying reasonable technical and organizational measures (like encryption or limited access to data) to protect personal data, such as limiting access to personal data, encrypting or anonymizing personal data, and storing on secure environments. However, despite our best efforts, we cannot always guarantee the full effectiveness of the security measures implemented and therefore we cannot guarantee the security of personal data at all times.
9. Your Rights Regarding the Processing of Personal Data
European Regulation 679/2016 on the protection and free movement of personal data gives living European citizens a series of rights to protect privacy. Although these rights are not absolute, such as the right to life or work, knowing them, you can exercise them at any time and based on your request, we will analyze punctually the possibilities of solving them.
Right of access
You have the right to obtain confirmation from us that your personal data is processed by us, as well as information on the specifics of the processing, such as the purpose, the categories of personal data processed, the recipients of personal data, the period for which personal data are kept, whether we transfer them abroad and how we protect them, your rights, the right to lodge a complaint with the supervisory authority, from where we obtained the personal data.
Right to rectification
You have the possibility to request the rectification of your personal data provided that the applicable legal requirements are complied with. In the event of errors, upon notification, we will immediately correct your personal data.
Right to erasure
In certain cases, you have the possibility to request the deletion of personal data: (i) they are no longer necessary for the purposes for which we collected and process them; (ii) you have withdrawn your consent to the processing of personal data and we can no longer process the personal data on other legal grounds; (iii) personal data are processed contrary to the law; (iv) you exercise a legal right to object. We will not be able to comply with your request for deletion if the processing of personal data is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of a right in court. There are also other circumstances in which we are not obliged to comply with this request for deletion of personal data.
Restriction of processing
You may request that we restrict the processing of your personal data in the following situations: (i) if you dispute the accuracy of the personal data for a period that allows us to verify the accuracy of the personal data in question; (ii) if the processing is unlawful and you oppose the erasure of Personal Data, requesting instead the restriction of their use; (iii) where we no longer need the personal data for processing but you request them from us for legal action; (iv) if you have objected to the processing for the period of time in which it is verified whether our legitimate rights as controller prevail over those of the data subject.
We may continue to use personal data following a restriction request if: (i) we have your valid consent; (ii) to establish, exercise, or defend legal claims; or (iii) to protect the rights of another natural or legal person.
Right to data portability
Insofar as personal data is processed based on your consent or for the performance of the contract and processing is done by automatic means, you have the right to have your personal data provided to you in a structured, commonly used, and machine-readable format, and you have the right to transmit this personal data to another operator. This right shall not adversely affect the rights and freedoms of others.
Right to object
In certain situations, such as when we process your personal data based on a legitimate interest, you have the right to object to the processing of your personal data by us. In case of unjustified opposition, Lightning Assist SRL is entitled to further process the personal data.
The right to object to receiving commercial messages (newsletter)
You can also object to the processing of your personal data for the purpose of sending commercial messages, and we will provide you with the appropriate technical mechanisms to exercise your right to object.
Revocation of consent
Insofar as we process your personal data based on your consent, you may revoke consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Right not to be subject to individual decisions
In certain circumstances, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly affects you to a significant extent. This right does not apply if the decision: (i) is necessary for entering into or performance of a contract between you and us; (ii) is authorized by law which also provides appropriate safeguards for your rights and freedoms; (iii) is based on your explicit consent.
Right to address the supervisory authority
You have the right to lodge a complaint with the competent National Supervisory Authority (NSA) in your EU Member State (see the list of all EU NSAs). Typically, on each NSA's website, there is a section where you can file your complaint online.
For Lightning Assist SRL (data processing taking place on the territory of the country of origin of the controller – Romania), the competent NSA is Autoritatea Nationala de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP Romania) in relation to any violation of your rights regarding the processing of your personal data. The contact details of the ANSPDCP are:
B-dul G-ral. Gheorghe Magheru 28-30Sector 1, cod postal 010336
Bucuresti, Romania
Email: anspdcp@dataprotection.ro
Tel: +40.318.059.211 or +40.318.059.212
10. Exercising Your Rights
The Data Protection Officer (DPO) has the role of facilitating communication between you, us, and the competent National Supervisory Authority, being an extension of the NSA in the personal data processing activity of the data controller in order to comply with GDPR requirements. Call with confidence on his expertise in defending your privacy and privacy regarding the processing of your personal data at the email addresses: privacy@lightning-assist.com or gdpr@lightning-assist.com.
Identity verification
We pay the utmost attention to the confidentiality of all personal data and reserve the right to verify your identity if you make a request regarding personal data.
Territorial jurisdiction check
Depending on the EU Member State of origin of the data subject and the place of processing, the Data Protection Officer analyzes and determines the NSA under whose jurisdiction the resolution of the problem that is the subject of your request may fall.
Fees
As a rule, you can exercise your rights free of charge. However, we reserve the right to charge a reasonable fee if your requests are manifestly unfounded or excessive, in particular due to their repetitive character.
Formulation and response time
We make every effort to respond to your requests within one month of receiving your request. This period may be extended by two months where necessary, taking into account the complexity and number of requests, in which case we will inform you of any such extension and of the reasons for the delay. Through the ITSF's response to your request, you will be told how to solve it as well as the competent authority (for both European and non-EU space) to which you can contact if you are dissatisfied with our response.
11. Contact
If you have any questions or concerns about this Privacy Policy or its implementation, you can contact us by email at privacy@lightning-assist.com.