Privacy Policy

LightTrail is a HIPAA aligned web analytics platform designed for healthcare organizations. Our customers (“Clients”) use LightTrail to collect behavioral information about visitors who interact with their websites, applications, and digital properties (“Client Properties”). LightTrail helps Clients understand visitor journeys, measure performance, and monitor engagement in a privacy focused environment.

LightTrail may process data on behalf of its Clients. This Privacy Policy does not apply to data collected by Clients through their own websites or applications. Clients are responsible for their own privacy practices and the handling of data collected through their Client Properties. Individuals should review the privacy policies of the applicable Client to understand how their data is used.

Our processing of data received from Clients is governed by written agreements between LightTrail and each Client.

We collect information in two ways:

• Directly from visitors who engage with our marketing website
• Through interactions with the LightTrail platform

Information You Provide to Us

When you request information, join a mailing list, schedule a demo, or engage with our website, we may collect:

• Name
• Email address
• Company or organization
• Job title
• Phone number
• Business related details such as industry or company size
• Any information you choose to submit

Information Automatically Collected

When you visit the LightTrail website, we may collect certain information automatically, including:

• IP address
• Browser type
• Device type
• Operating system
• Pages visited
• Referring URLs
• Time of visit
• Interactions with email messages such as opens or clicks
• Cookies or similar technologies used for analytics and performance

Cookies may be session based or persistent. You can adjust your browser settings to disable cookies, although some features of the site may not function fully without them.

Information Related to HIPAA or Sensitive Data

LightTrail is designed to support HIPAA aligned analytics. LightTrail does not collect personal health information through its public marketing website. If Clients choose to send identifiable data through the LightTrail platform, this occurs only under a formal agreement such as a Business Associate Agreement.

Visitors to our public website should not submit personal health information outside of a Client relationship.

We use information collected through the Website or Service to:

• Operate and maintain the LightTrail platform
• Provide services requested by Clients
• Respond to questions or requests
• Improve website performance and user experience
• Analyze usage trends and develop new features
• Communicate about updates, educational content, or promotions
• Ensure compliance with legal and contractual obligations

We may also use aggregated or deidentified information for analytics or product improvement. This information does not identify individuals.

For visitors located in the European Economic Area, our legal bases for processing may include:

• Your consent
• Performance of a contract
• Compliance with legal requirements
• Legitimate business interests such as improving the Service

We use administrative, technical, and physical safeguards designed to protect personal information against loss, misuse, unauthorized access, alteration, or disclosure. These safeguards are designed based on the type of information and associated risk.

If a data incident occurs, we will notify affected individuals and regulators where required by applicable law.

We may share personal information as follows:

Service Providers

We engage trusted third party vendors to provide hosting, support, analytics, infrastructure, and similar services. These vendors are bound by contractual obligations to protect personal information and use it only as instructed.

Business Partners

If you opt in to communications, we may share information with trusted partners for educational or marketing purposes.

Legal and Compliance

We may disclose information:

• To comply with laws or legal processes
• To respond to lawful requests
• To enforce our agreements and policies
• To protect our rights, property, or safety
• To prevent fraud or security incidents

Business Transactions

If LightTrail is involved in a merger, acquisition, asset transfer, or similar transaction, personal information may be transferred as part of that transaction.

Aggregated or Deidentified Information

We may share aggregated or deidentified information that does not identify individuals.

LightTrail does not sell personal information.

If you make a payment for LightTrail services, payment card information is processed directly by our payment processor. LightTrail does not store full payment card numbers. Our payment processor adheres to PCI-DSS requirements.

We retain personal information as long as necessary to provide the Service, meet contractual obligations, support legitimate business interests, or comply with legal requirements. When information is no longer required, we will delete or deidentify it.

Depending on your location, you may have rights regarding your personal information, including:

• Access
• Correction or update
• Deletion
• Portability
• Withdrawal of consent
• Opting out of marketing
• Objecting to certain processing activities

To exercise these rights, contact us at privacy@lighttrail.com. We may require verification of your identity before processing your request.

California residents have rights under the California Consumer Privacy Act (CCPA), including the right to:

• Know what categories of personal information were collected
• Request access to personal information
• Request deletion of personal information
• Be free from discrimination for exercising these rights

LightTrail does not sell personal information.

To opt out of the sale or sharing of your personal information, visit our Do Not Sell or Share My Personal Information page.

Requests may be submitted to privacy@lighttrail.com. Verification may be required.

If personal information is transferred outside of your country, we will apply safeguards required by applicable laws. These safeguards may include Standard Contractual Clauses or other approved mechanisms.

LightTrail integrates with the Google Ads API to allow Customers to measure advertising performance and upload conversion events. When authorized by a Customer, LightTrail may access certain Google user data associated with the Customer's Google Ads account. This may include:

• Google Ads campaign metadata
• Google Ads account identifiers
• Conversion action identifiers
• Google Click Identifier (gclid), gbraid, or wbraid values needed for attribution
• Conversion upload status and reporting information

How We Use Google User Data

LightTrail uses Google user data only to:

• Retrieve campaign configuration required for analytics
• Upload conversion events on behalf of the Customer
• Measure the performance of advertising campaigns
• Provide reporting and insights within the LightTrail platform

LightTrail does not use Google user data for any other purpose.

Storage and Retention

LightTrail stores only the minimum Google Ads metadata necessary to provide authorized functionality. If a Customer disconnects their Google Ads account, LightTrail deletes remaining Google Ads metadata unless retention is required by law.

Sharing of Google User Data

LightTrail does not share Google user data except:

• With service providers acting on our behalf under confidentiality obligations
• To comply with legal obligations or regulatory requirements

We do not sell or transfer Google user data.

Limited Use Compliance

LightTrail complies with Google's Limited Use requirements. LightTrail does not:

• Use Google user data to build or enhance profiles
• Use Google user data for advertising targeting or personalization
• Sell Google user data
• Combine Google user data with data from other Customers
• Permit human access except when necessary for security, fraud prevention, debugging, or legal compliance

Use of Google user data is strictly limited to what is described in this Privacy Policy and what the Customer authorizes.

In the event of any conflict or inconsistency between this Privacy Policy and the terms of a fully executed Master Subscription and Services Agreement or Statement of Work between LightTrail and Customer, the Master Subscription and Services Agreement will control. Any applicable Statement of Work will control over both the Master Subscription and Services Agreement and this Privacy Policy with respect to the subject matter of that Statement of Work.

For questions about this Privacy Policy or your personal information, you may contact us at: