Privacy Policy

1. Introduction

Redlight ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our service, in compliance with GDPR, CCPA, and other applicable laws.

2. Processing Legal Basis (GDPR)

We process your personal data under the following legal bases:

• Contractual Necessity: To provide the service you subscribed to (e.g., processing payments, delivering alerts).
• Legitimate Interests: To improve our product, prevent fraud, and ensure security.
• Consent: For optional communications (which you can withdraw at any time).

3. Information We Collect

• Account Information: Email address provided during signup.
• Payment Information: Processed securely via Stripe. We do not store full credit card numbers.
• Usage Data: Anonymized metrics on how you interact with our dashboard to improve the service (e.g., login frequency, click patterns).
• Cookies & Tracking: We use essential cookies for authentication (Supabase) and security (Cloudflare). We do not use third-party advertising cookies.

4. How We Use Your Information

We use your data to:

• Provide and maintain the Redlight service.
• Process payments and manage subscriptions.
• Send critical alerts and account notifications.
• Detect and prevent technical issues or abuse.

5. Third-Party Sharing & International Transfers

We do not sell your data. We share data only with trusted infrastructure providers necessary to run the service. Your data may be transferred to and processed in countries outside the EEA (e.g., USA) subject to appropriate safeguards (Standard Contractual Clauses).

• Stripe (USA): Payment processing.
• Supabase (USA): Database and authentication services.
• Cloudflare (Global): Performance and security (DDoS protection).

6. Data Retention

We retain personal data only as long as necessary to provide the service, comply with legal obligations, or resolve disputes.

• Active Accounts: Retained indefinitely while subscription is active.
• Deleted Accounts: data is removed within 30 days of deletion request, except for payment records required by tax law (preventing immediate deletion).

7. Your Rights

Under GDPR/CCPA, you have the right to:

• Access: Request a copy of the data we hold about you.
• Rectification: Correct inaccurate information.
• Deletion ("Right to be Forgotten"): Request deletion of your data (subject to legal retention requirements).
• Withdraw Consent: Opt-out of non-essential communications.

To exercise these rights, contact us at support@redlightalpha.com.

8. Data Security

We implement industry-standard security measures, including encryption and secure database controls (Row Level Security), to protect your data.

9. Contact Us

If you have questions about this policy, please contact us at support@redlightalpha.com.