Privacy Notice

1. Who we are and how to contact us

VectraSEO LLC operates Nightlamp and is the controller of the account and billing data described here. For the application data you configure us to monitor, we generally act as a processor on your behalf — you are the controller for that data and for your own end users.

For any privacy question or to exercise your rights, email hi@nightlamp.app. We will respond within the timeframe required by applicable law.

2. Information we collect

Account and billing data: email address, authentication metadata (passkey/credential identifiers, not passwords), organization information, plan, and billing status. Payment card details are handled by our payment processor; we do not store full card numbers.

Service data: application configuration, monitor definitions, probe results, logs, incidents, notifications, and technical metadata (such as timestamps, IP addresses, and request/response status) needed to run Nightlamp. Where a probe could surface end-user personal data, we redact message bodies and hash identifiers such as email addresses before storage.

3. How we use information and our legal bases

We use information to provide monitoring, alerting, diagnostics, customer support, security, billing, service analytics, and product improvement.

Where the GDPR or UK GDPR applies, we rely on these legal bases: performance of our contract with you (to provide and bill the service); our legitimate interests (to secure, maintain, and improve the service and prevent abuse), balanced against your rights; compliance with legal obligations; and consent where we ask for it. We do not sell or share personal information for cross-context behavioral advertising, and we do not use customer application data for third-party advertising.

4. Cookies and tracking

Nightlamp uses only strictly necessary cookies — primarily a secure, HttpOnly session/refresh cookie that keeps you signed in. We do not use third-party advertising, marketing, or cross-site tracking cookies, and we do not run third-party ad or analytics trackers that build a profile of you.

Because these cookies are essential to operate the service, they are not subject to consent under most cookie rules; if that changes for a feature we add, we will ask for consent first.

5. Sub-processors

Nightlamp relies on sub-processors to host, secure, deploy, and operate the product. Current providers include AWS (cloud infrastructure and hosting, US regions), Amazon SES (email delivery), GitHub (source control and CI/CD), Stripe (payments), and AgentDraft (email-flow round-trip checks).

Additional providers may be used for support, observability, or customer communications when needed to provide the service. The DPA process carries the authoritative, account-specific list; email hi@nightlamp.app to request it.

6. International data transfers

Nightlamp is hosted in the United States. If you or your end users are in the EEA, the UK, or another region with transfer rules, your data is transferred to and processed in the US.

Where required, we rely on appropriate safeguards for those transfers — such as the European Commission's Standard Contractual Clauses (and the UK Addendum) — which are available through the DPA process. Several of our sub-processors are also certified under the EU-US Data Privacy Framework.

7. Data retention

We keep data only as long as needed for the purposes above. Operational probe history is kept on short rolling windows (on the order of days to a couple of weeks, set by product configuration), and email-flow bodies are redacted before storage. Account and billing records are kept for the life of the account and for the period afterward required for legal, tax, and dispute-resolution purposes.

On cancellation, account data is available for export on request and is then deleted, typically within 30 days, except where longer retention is required for security, billing, or legal obligations. You can request export or deletion assistance at hi@nightlamp.app.

8. Security

Data is encrypted in transit (TLS) and at rest where supported by the underlying platform, integration credentials are encrypted and never stored in plain text, and access is limited based on operational need and designed to be traceable through logs. See the Security page for specifics, including authentication and access controls.

9. Your privacy rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal data; to restrict or object to certain processing; and to withdraw consent where processing is based on consent. To exercise any of these, email hi@nightlamp.app; we will verify your request and will not discriminate against you for exercising a right.

California residents: we do not sell or share personal information as those terms are defined under the CCPA/CPRA, so no "Do Not Sell or Share" action is needed, and we do not use or disclose sensitive personal information beyond the purposes permitted by law. EEA/UK residents: you also have the right to lodge a complaint with your local data protection authority. If you are an end user of a Nightlamp customer, contact that customer first, since we act as a processor for their application data.

10. Children's privacy

Nightlamp is a business tool that is not directed to children, and we do not knowingly collect personal data from children under 16. If you believe a child has provided us personal data, contact hi@nightlamp.app and we will delete it.

11. Changes to this notice

We may update this notice as the service or the law changes. Material changes will be reflected here with a new effective date and, where appropriate, communicated to customers. The date at the top of this page shows when it was last updated.