Privacy Policy
Last updated: April 20, 2026
This Privacy Policy describes how Lighthouse AG ("we", "us", "our") collects, uses, and discloses information when you use the Insights Pro platform ("Service"). By using the Service you agree to the terms of this policy.
1. Who we are
Lighthouse AG is an agricultural portfolio management platform serving institutional farmland investors and operators. Insights Pro is our flagship product.
2. Information we collect
Account information
- Email address, name, and OAuth provider identifiers (when signing in with Google or Microsoft)
- Role and tenant membership within Insights Pro
- Session tokens managed by Supabase Auth
Operational data you provide
- Field/block polygons you draw or upload (GeoJSON)
- Budget, ESG, task-tracker, portfolio, and chemical application data uploaded via Legacy Reports
- Management company mappings, ranch metadata, and any other business data you import
Automatically collected
- Audit log entries recording actions you take within your tenant (create/update/delete of polygons, data imports, logins)
- Browser user-agent, IP address, and timestamps for security and abuse prevention
3. How we use your information
- Provide and maintain the Service
- Authenticate you and enforce access controls (tenant isolation, role-based permissions)
- Generate analytics, benchmarks, and visualizations within your workspace
- Communicate with you about your account and service updates
- Investigate and prevent security incidents or abuse
4. Data storage and security
Your data is stored on:
- Supabase (Postgres database) — primary data store. Located in West US (Oregon). All rows are isolated by tenant via Row Level Security. Supabase is SOC 2 Type 2 compliant.
- Vercel — application hosting and serverless functions. Vercel is SOC 2 Type 2 compliant.
- Copernicus Data Space (ESA) — we query the EU Copernicus service for Sentinel-2 satellite imagery using your field boundaries. No personal data is sent; only polygon geometry and date ranges.
All connections use TLS (HTTPS). Passwords are hashed using industry-standard algorithms by Supabase Auth. We do not store plaintext credentials.
5. Data sharing
We do not sell, rent, or trade your data. We share information only with:
- Sub-processors listed above (Supabase, Vercel, Copernicus) strictly to operate the Service
- Authentication providers you explicitly choose (Google, Microsoft) during sign-in
- Legal authorities when required by law, subpoena, or court order
6. Tenant isolation
Insights Pro is multi-tenant. Every row in our database is tagged with a tenant_id and protected by Row Level Security policies in Postgres. Users from one tenant cannot read or modify data belonging to another tenant.
7. Your rights
You can at any time:
- Access your data by signing in to the Service
- Export your polygons and uploaded reports (GeoJSON / CSV)
- Request deletion of your account and associated data
- Request a copy of all data associated with your account
If you are in the EU/EEA, you have additional rights under GDPR including rectification, restriction, objection, and portability. If you are in California, you have rights under CCPA including the right to know and the right to delete.
8. Retention
We retain your data for as long as your account is active. Upon deletion request, account data is removed within 30 days. Audit logs may be retained longer for security and compliance purposes, but contain no raw business content.
9. Cookies
We use a small number of first-party cookies and local storage entries essential for authentication (session tokens, workspace selection). We do not use third-party advertising or tracking cookies.
10. Children
The Service is not directed to individuals under 18. We do not knowingly collect data from minors.
11. Changes
We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users at least 14 days before taking effect.
Questions about this policy or your data? Use the contact form on the main page or email contact@lighthouse.ag.