Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developers.lighton.ai/llms.txt

Use this file to discover all available pages before exploring further.

Privacy Policy April 21, 2026
LightOn’s services and websites are intended for professional use only and are not intended for use by minors. If you are not a professional user or if you are a minor, you must not use this site or any of LightOn’s services.
LightOn is a company specializing in the creation of so-called “artificial intelligence” software programs, and more specifically in the creation of AI systems based on “LLMs” (large language models). It is the publisher of the website www.lighton.ai and the services provided by this website, as well as the Paradigm and Console software.
LightOn’s headquarters are located 2 rue de la Bourse, 75002 Paris, France. Our company is registered in the SIREN directory under number 821100690.
The privacy and personal data of our service users are of paramount importance to us. At LightOn, we have fundamental principles regarding confidentiality and the protection of personal data:
  • We ask for or process your personal information only if it is essential or if you have given us your consent to do so.
  • We do not share your personal data with anyone, except to comply with the law, assist you, or protect our rights, or if you have given us your explicit consent to do so.
Below you will find our privacy policy, which outlines these principles. LightOn develops software designed to implement artificial intelligence services and may operate or use certain digital tools accessible via the Internet, including email tools and this website (hereinafter, the Sites, or individually, a Site). LightOn’s policy respects the confidentiality of any information we may collect in connection with the operation of the digital communication services we use or the services, particularly IT services, we offer to our clients and users (hereinafter “the Services”), the Sites, our commercial management, our internal management (human resources, accounting, etc.) and the processing of requests made to our company. LightOn is committed, within the scope of its activities and in accordance with the laws in force in France and Europe, to ensuring the protection, confidentiality, and security of the personal data of users of its services, as well as to respecting their privacy. To make this policy easier to read, the text has been written on two levels: a legally binding level (“legal text”) and “In a nutshell” frames, with text in italics, that are non-binding. Our goal in doing this is to help you better understand what we mean, how your data is processed, what you can expect from us, and what we expect from you.
In a nutshell: We have written these “in a nutshell” sections to help you better understand our practices. However, the text that is legally binding, if necessary, is the text written outside the “in a nutshell” sections.
We know you care about how your personal data is used and shared, and we appreciate the trust you place in us by providing it. Please be assured that we will treat it with the utmost care. By using our Services, visiting our websites, contacting us, filling out a form, responding to our requests and surveys, and, more generally, interacting with us, you agree to the practices described in this privacy policy.
In a nutshell: By using LightOn’s services, continuing to browse the site, providing information to contact us, etc., you acknowledge that you have read and accepted this policy.

​1​ Data Controller

LightOn is the data controller for the processing of personal data it carries out on its own behalf. In this context, LightOn has, where applicable, completed all necessary administrative formalities with the competent authorities. In general, LightOn complies with all laws and regulations relating to the protection of personal data in force in the countries where it operates, including but not limited to:
  • European Regulation 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, often referred to as the GDPR);
  • French Law No. 78-17 of January 6, 1978, on Information Technology, Data Files, and Civil Liberties, and its amendments.
In a nutshell: We are responsible for the data you entrust to us for the processing we carry out on our own behalf. We provide you with our contact information so that you can reach us. For our part, we have done everything required of us by the regulations.

​2​ Data Processor

Similarly, as a data processor for our clients who use the web applications and software provided by LightOn, we have completed all necessary administrative formalities with the relevant authorities, including European Regulation 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, often referred to as the GDPR). It should be noted that data processed through the use of LightOn Services is encrypted. A Service subscriber may explicitly grant access to certain data that they have provided and stored via the Services or that is processed within the Services, in particular to employees, service providers, or partners, various stakeholders, as well as to LightOn teams, specifically for technical support purposes. In any event, it is the LightOn customer who decides to store personal data, which belongs to them, through the use of one of the Services, to grant access to their data, and who has full control over it, including with respect to the documents that are uploaded, which only the persons to whom they have granted access may view. Each user of the Services provided by LightOn (hereinafter a “User” and in the plural “Users”), whether a casual visitor, a free user, a customer, or a guest, including one invited by a customer, is responsible for the data they provide through the use of the Services and, as such, is responsible, where applicable, for providing data in compliance with regulations.
In a nutshell: Users of the solutions offered by LightOn are responsible for the data they have provided and that is processed through the use of LightOn’s Services, including when these Services are implemented on behalf of third parties, in particular on behalf of LightOn’s customers.

​2.1​ Specific Provisions: LightOn Console and Paradigm APIs

When the Customer submits personal data to the Paradigm APIs via Paradigm, the Console, or directly, LightOn acts as a processor within the meaning of Article 28 of the GDPR and processes such data solely in accordance with the Customer’s instructions and the provisions of the Data Protection Agreement (DPA). LightOn specifically guarantees that:
  • Stateless inference: in SaaS inference mode or in any mode where the inference nodes are under LightOn’s control, input data (prompts, documents, etc.) is not stored persistently on the compute nodes beyond the time strictly necessary to execute the request. Persistent storage (indexed document databases, conversation history) is enabled only when the Customer explicitly activates these features.
  • No use for training purposes: LightOn does not use the input and output data (prompts and completions) submitted or provided via the APIs to train, fine-tune, or improve its AI models, except upon the Customer’s explicit written request.
In a nutshell: When you use LightOn’s systems, your data does not belong to us. You retain control over it. We use it only to provide you with the requested service, and we do not use it to improve our models unless you have explicitly asked us to.

​3​ Purposes

​3.1​ As Data Controller

LightOn processes personal data on its own behalf for one or more of the following purposes, including but not limited to:
  • To enable you to use our online services
  • To improve our services
  • Handling requests for information, particularly regarding the services offered (pricing, quotes, terms, etc.)
  • Managing relationships with our customers, prospects, website visitors, and more generally with our contacts
  • Sales prospecting
  • Providing support to customers and prospects
  • Managing disputes
  • Recruitment management
  • Providing relevant information (general, technical, or other)
  • Management of contribution programs aimed at developing new products or services or improving existing ones
  • Managing relationships with our partners and additional services offered to our customers
  • Optimizing our profitability and the commercial success of the products and offers we provide
  • Monitoring the technical quality of web interfaces: error detection, performance tracking, and, with prior consent, session replay for debugging purposes (see Section 12.1 below)
Thus, LightOn processes your personal data within the framework of the contractual or pre-contractual relationship between you and LightOn, or within the framework of LightOn’s legitimate interests in processing your personal data (see below), or when you have given us your consent to process your personal data. A contractual or pre-contractual relationship, governed by the terms of the contractual documents signed or accepted by you and by us, by our general terms and conditions (of sale, use, or service), and any specific terms and conditions attached thereto, exists when you have ordered a product from us, submitted a request to our services, used one of our services, particularly online, or have requested to be put in touch with a professional from our company or our network; when you have expressed an explicit interest in a LightOn offer; when you have used one of our websites; when you have requested information from us regarding an offer, a service, or a product; or when you have applied for a job opening. The legitimate interests that LightOn has in processing your data on its own behalf include the following:
  • Optimizing our profitability and the commercial success of the products and offers we provide
  • Ensuring our commercial success
  • Better understanding:
    • The usage, queries, and interests related to our offers, products, and services
    • The users of the products and services offered by LightOn, in particular through studies, analyses, and statistics, as well as through our contribution programs
  • Protecting ourselves against disputes, litigation, and fraud
  • Identifying the individuals best suited to effectively fill vacant positions within our facilities
In a nutshell: When you provide us with your data for a specific purpose, we process that data to achieve that purpose. We may also process certain data to conduct analyses and studies to improve our services, to attract or retain our customers and users, and to manage disputes. For all of these purposes, we need personal data. As for other data concerning you, we process it only if you have consented to it.

​3.2​ As a Data Processor

When you use a LightOn application or Service on behalf of a LightOn client, the relationship between you and LightOn is governed by the commercial and contractual relationship with said Client, as well as by any applicable General and Special Terms and Conditions. The Services provided by LightOn enable LightOn’s clients to perform processing operations that generally pursue at least one of the following objectives, without being limited to them:
  • Providing a chatbot system that uses the client’s documents and resources to generate responses.
  • Providing the logic to enable users to register, configure, and use the application.
LightOn may also use its expertise to conduct studies and analyses of the use of the Services, in particular for the purposes of establishing indicators, identifying trends, performing predictive processing, proposing new services, as well as improving its own productivity and that of Users.
In a nutshell: When you use one of LightOn’s services, both you and we have certain obligations and responsibilities, which, where applicable, are detailed in the Terms and Conditions governing the services provided by LightOn.
The Services are intended to provide certain services to LightOn’s clients, who retain control over the data they provide or that is provided by users of the applications that LightOn’s clients have authorized to access the applications.

​4​ Data Protection Service

LightOn has designated a dedicated Data Protection Office. You may contact the person or department responsible for this function at the email address rgpd_rssi@lighton.ai or at LightOn’s mailing address, addressing your correspondence to the attention of the Data Protection Office.

​5​ Retention Period for Personal Data

Personal data collected by LightOn on its own behalf is retained only for as long as necessary to fulfill the purpose for which it was collected or to comply with legal and regulatory requirements. More specifically, the retention periods for the following data are:
  • Data collected when purchasing a product or service: for the duration of the contractual relationship and 3 years after the end of the contract (interim archiving in accordance with legal or regulatory obligations and liabilities, up to 10 years after the end of the business relationship, particularly with regard to billing data).
  • Data collected when requesting information, making contact, etc.: up to 3 years after the last positive interaction between LightOn and the data subject.
  • Connection data collected in connection with the use of our online applications and services (IP address, browsing history, etc.): up to 6 months.
  • Usage metrics (billing and capacity): API call volumes, processed tokens, storage space, and aggregated timestamps, excluding the content of requests, prompts, or completions: retained for the duration of the contract and up to 13 months after its expiration, for billing, accounting reconciliation, and capacity planning purposes.
  • Access logs and technical logs (security and reliability): timestamp, API key ID, endpoint called, source IP address, HTTP status code, latency, request headers, and error traces, excluding request content, prompts, or completions: retained for up to 90 days for the purposes of abuse detection, fraud prevention, quota enforcement, security incident investigation, and audit trail maintenance in accordance with our legal, regulatory, and contractual obligations.
  • Sentry error reports (Error Reporting) and sessions recorded upon error detection (Session Replay): 90 days, with automatic rotation on Sentry servers. This data is collected only if the corresponding options are enabled.
  • Data processed during recruitment management (including unsolicited applications): 2 years after the last contact with the candidate, unless there is an express request to shorten this period.
In a nutshell: We do not retain your data longer than necessary or as required by law. For example, the law requires that we retain invoices for your purchases, quotes, purchase orders, etc., for 10 years. For technical tools such as Sentry, data is automatically deleted after 90 days.
The retention periods for data collected by LightOn on behalf of its clients are determined by the client for whom the data was collected.

​6​ Scope of Data Collected

In order to use LightOn’s Sites and Services, we may collect and process the following personal data:
  • Title, last name, and first name of individuals who have purchased a product from LightOn and those who have contacted us, job applicants, visitors to our websites, participants in one of our games or contests, etc.
  • Where applicable, the employer of individuals who have purchased a product from LightOn when that employer is a LightOn customer.
  • Title, last name, first name, and email address of users of the Services.
  • Email address of individuals who have contacted us via a digital channel and individuals who subscribe to our newsletters.
  • Email address of job applicants.
  • Last name, first name, phone number, and/or mailing address of individuals who have contacted us and/or placed an order.
  • Connection data (IP address, browsing history, technical details of devices, browser language and characteristics, etc.).
  • Data contained in the resumes and cover letters of job applicants.
  • Data provided by individuals during data processing carried out through the Services.
  • LightOn account data: professional email address, name, organization, billing information (credit card data is transmitted directly to the payment provider and is not stored by LightOn).
  • Usage metrics: API call volumes, processed tokens, storage space, and aggregated timestamps, excluding the content of requests, prompts, or completions.
  • Access logs and technical logs: timestamp, API key ID, endpoint called, source IP address, HTTP status code, latency, request headers, and error traces, excluding the content of requests, prompts, or completions.
Connection data is collected and processed, including the IP address used for the connection: this is necessary to provide you with support, to implement our security measures, and to comply with our legal obligations, particularly regarding the traceability of access and usage.
In a nutshell: We need your contact information and email address to manage your purchases and requests, to inform you as a buyer and/or user and as a visitor to our websites as well as a prospective customer, to contact you and/or respond to your requests, to process your applications for our job openings, your phone number to contact you, and connection data to assist you and fulfill our obligations, particularly regarding traceability.

​6.1​ Location of Processing

The processing that LightOn may perform on personal data is primarily carried out in data centers hosted by its service providers, in France or in Europe. Certain processing operations may be performed by LightOn’s subcontractors, who may be located in various places. LightOn strives to work with service providers, suppliers, and subcontractors that process data within the European Union or in a country listed as having adequate safeguards (for example, by adopting programs such as the Data Privacy Framework, or by implementing Binding Corporate Rules (BCRs), standard contractual clauses, data processing agreements, etc.). If this were not the case, the contractual relationship between LightOn and these third parties would require the implementation of appropriate safeguards. LightOn works with third parties that provide all necessary safeguards, and in particular with those with whom LightOn has signed the European Commission’s standard contractual clauses. In all cases, and particularly in the event of regulatory changes, LightOn takes all necessary measures to regulate cross-border data transfers and establishes, if necessary, data protection agreements (DPAs) to ensure data transfers comply with applicable law, particularly pursuant to Article 46 of the GDPR. Furthermore, LightOn may use the services of Sentry Inc. to monitor the Console and Paradigm web interfaces. Data transmitted to Sentry, if telemetry and/or error monitoring are enabled, is subject to the Standard Contractual Clauses (SCCs) adopted by the European Commission, as well as a Data Processing Agreement (DPA) available at https://sentry.io/legal/dpa/. LightOn has also implemented Sentry Relay within its systems to filter personal data before it is transmitted to Sentry.
In a nutshell: The data you have entrusted to us is processed in France or in a country whose laws require compliance with the basic principles of fairness, transparency, and confidentiality, or by a recipient who provides all necessary and legal guarantees to ensure that both you and we can be confident.

​6.2​ Recipients of Processed Data

LightOn may transmit the personal data you have provided or that it has collected to its employees, service providers, partners, or affiliated organizations that:
  1. Need to know this information in order to process it on behalf of LightOn or to provide services for the purposes mentioned above, and
  2. Have agreed not to disclose it to third parties.
These potential recipients include, in particular, the companies that host LightOn’s websites (see legal notices) and the companies that provide technical services enabling the implementation of the Services. LightOn may use the services of providers that offer messaging, accounting, opportunity management, email delivery, marketing, remote payment, monitoring, and web interface debugging services (see Section 12.1), as well as the services of companies specializing in research, analysis, and satisfaction surveys, which may need to use your personal data to carry out the tasks entrusted to them. The complete list of these data recipients can be provided upon request. The list of processors is referenced in the DPA, available upon request at compliance@lighton.ai. Regarding the transfer of telemetry and error monitoring data, the user or customer can find detailed information on the LightOn documentation site. LightOn will not rent or sell personal data to third parties without the explicit consent of the individuals concerned or following an explicit action on the part of the individual concerned. Apart from its employees, service providers, partners, and affiliated organizations, as indicated above, LightOn discloses personal data only in the event of a subpoena, court order, or other government order, or when LightOn believes that such disclosure is necessary to protect the property or rights of LightOn, a third party, or the general public. If you are a registered user on a LightOn website or have access to the Services, have provided your email address, and have not opted out of receiving communications from LightOn, LightOn may occasionally send you an email to inform you of new features, solicit your feedback, or keep you updated on LightOn news and offers. We may also use blogs to communicate this type of information. LightOn takes all reasonable and necessary measures to protect your personal data against unauthorized access, use, modification, or improper destruction of personal (or potentially personal) data.
In a nutshell: The data you have entrusted to us is only shared if necessary or if you have given your consent. The recipients of your data, including us, provide all necessary safeguards to ensure your peace of mind.

​6.3​ Transfer of Processed Data to Third Parties

The data you provide or that is collected by LightOn or on its behalf is not transferred to third parties, except, potentially, to the recipients mentioned above.
In a nutshell: We do not share your data, except in the cases we have already mentioned.

​6.4​ Transfer of Data to a Third Country Outside the European Union

Some of the data you provide or that is collected by LightOn or on its behalf may be transferred to third parties operating outside the European Union. These third parties all provide sufficient safeguards to ensure the security, confidentiality, and protection of personal data.
In a nutshell: We do not transfer your data, except in the cases we have already mentioned. When we do transfer it, it is to recipients operating in a country whose laws require compliance with the basic principles of fairness, transparency, and confidentiality, or to service providers who provide all necessary guarantees to ensure your and our peace of mind.

​6.5​ Sales prospecting

If you have already used our Services or ordered a product or service from us, and if you have not opted out of receiving our communications via SMS or email, LightOn may send you emails or text messages to alert you to offers for goods or products similar to those you have already ordered or purchased from us, to let you take advantage of our offers, to announce new features, to ask for your opinion, or simply to keep you informed of LightOn’s latest news and offers. You always have the option to opt out of any such communications by following the unsubscribe links in our email communications, using a “STOP SMS” function if we have sent you a text message, clicking on an unsubscribe link in an email you have received, via your customer account on one of our websites, etc. Every digital communication from LightOn for commercial or informational purposes (email, SMS, etc.) contains a link or instructions allowing you to opt out of future similar communications.
In a nutshell: If you have not opted out of receiving our digital communications related to your professional relationship with us, or if you are one of our customers, we may send you informational or promotional emails and text messages. You may opt out of receiving such emails and text messages at any time.

​6.5.1​ Newsletters and Digital Messages

You may receive communications from LightOn, such as emails, newsletters, text messages, etc., because your contact information is included in our subscriber list. Your contact information is included in this list either due to the context of your professional activity (B2B communications related to your professional activities) or as a registered LightOn user, or because your contact information was submitted to this list either directly by you, via a visible form on the LightOn website, or based on public information such as your LinkedIn profile and various other publicly available data. If you wish to update your email preferences or unsubscribe from one or more of our mailing lists, please click on the link provided at the end of any of the emails we send for business development purposes or use our email notifications and preferences form.

​7​ Procedures for Exercising Rights of Access, Rectification, and Objection

As a customer or user of our Sites and Services, you have the right:
  • To request that the data processed about you be deleted from our files. This is known as the right to be forgotten. That said, we cannot delete your data as long as there is a business relationship between us (such as an order that has not been fully processed), a warranty related to one of your purchases, or as long as there is a dispute between you and us, or, more generally, as long as we need your data to perform a contract or fulfill one of our obligations.
  • To object to the collection and processing of data concerning you when it is not strictly necessary. If you are a customer or user of LightOn Services:
    • We need your email address so that we can send you information, confirmation emails, password recovery or activation emails, and other communications necessary to access the app, etc.
    • Your profile data is required to create and manage your profile and to provide the Services, including by identifying your interests and providing you with suggestions that best match your use of the Services.
  • To access the data collected about you and retrieve it in a standard electronic format.
  • To have it corrected.
  • To request a restriction on their processing, for example, by refusing any use for sales prospecting purposes, or by requesting that a retention period be extended (e.g., for a recorded conversation) to manage a potential dispute or litigation.
  • To withdraw your consent at any time to the use of optional trackers or features such as Sentry Session Replay, without this withdrawal affecting the lawfulness of processing carried out prior to the withdrawal or your access to the Services. This withdrawal can be made through your account settings.
Furthermore, as a candidate who has applied for a job at our company, you have the right:
  • To request that the data you provided during your application, including your resume and cover letter, be deleted from our records. Until a candidate makes such a request, and for up to two years after the last contact with the candidate, it is in our legitimate interest to retain the candidate’s data in order to ensure the best match between available positions and the individuals qualified to fill them.
These rights may be exercised by sending an email to rgpd_rssi@lighton.ai or by contacting us at the contact information listed above or available on our website. You also have the right to file a complaint with a supervisory authority and to seek judicial remedy, particularly if your requests to exercise your rights have not been processed within one month of being submitted. In France, the supervisory authority is the CNIL, which can be contacted via the appropriate forms on its website cnil.fr.
In a nutshell: You have control over the data you have entrusted to us. You can request access to it or to retrieve it, request that it be deleted, or that it be used only for certain purposes and not for others, for example, that it not be used to send you information or commercial offers. To the extent possible, we will strive to fulfill your requests as quickly as possible.

​8​ Disposition of Data

You may provide instructions regarding the retention, deletion, and disclosure of your personal data after your death in accordance with Articles 84 and 85 of French Law No. 78-17 of January 6, 1978, as amended. These instructions may be general or specific. You may submit your advance directives by contacting us via email at rgpd_rssi@lighton.ai.
In a nutshell: You have control over the data you have entrusted to us, and you can provide us with instructions to be followed after your death, should we still hold data about you at that time, which we hope will be as late as possible. For example, you may ask us to delete your data or to transfer it to a specific person.

​9​ Data Security

LightOn takes all reasonable and necessary measures to protect the data we process against unauthorized access, use, modification, or destruction of personal (or potentially personal) data.
In a nutshell: The data you have entrusted to us is handled with care, and we take numerous measures to protect and safeguard it. For example, we may encrypt your data, grant access to this data only to those who need it, monitor the computers that store and process it, perform regular backups, and so on.
We are committed to the security of our services and have implemented physical, administrative, and technical measures to prevent unauthorized access to your data. Our security policies cover security management for internal operations and our services. These policies govern all security areas applicable to the services and apply to all LightOn employees as well as our service providers and subcontractors who need access to this data.
In a nutshell: We take the security of the data you entrust to us very seriously.
We assess and respond quickly to incidents that raise suspicions of unauthorized data manipulation. Our teams are notified of these incidents and, depending on the nature of the activity, define processes and response procedures to address them. If we determine that your data has been misappropriated or otherwise improperly obtained by a third party and that this poses a significant risk to your rights or freedoms, we will inform you as soon as possible and notify the supervisory authority (the CNIL in France) within a maximum of 72 hours in accordance with Article 33 of the GDPR.
In a nutshell: Our teams monitor and oversee all suspicious activity and are committed to minimizing such incidents as much as possible.

​10​ Subcontracting

LightOn only uses processors who provide sufficient guarantees regarding the implementation of appropriate technical and organizational measures to ensure that processing meets the requirements of European regulations and safeguards the rights of the data subject.
In a nutshell: When we need subcontractors, for example, to host your data or process your orders, we select only those who have provided us with sufficient guarantees to ensure that both you and we can feel confident.

​11​ Transfer of Assets

If LightOn, or substantially all of its assets, is sold, or in the unlikely event of LightOn’s cessation of business or bankruptcy, the information of users, prospects, and customers would be among the assets transferred to or acquired by a third party. You acknowledge that such transfers may occur and that any acquirer of LightOn may continue to use your personal data in accordance with this privacy policy.
In a nutshell: If our company is sold or transferred, your data will be transferred to the new owner, as it is among our most valuable assets. But we guarantee that this data will then be handled by the new owner with at least the same level of care as we provide.

​12​ Trackers and Cookies

Please refer to the “Cookie Policy” document for complete information on cookies and trackers.

​12.1​ Technical Monitoring: Sentry (Console and Paradigm web interfaces)

Scope of this section: The provisions below apply exclusively to the LightOn Console and Paradigm web interfaces. They do not apply to calls made via the Console or Paradigm APIs.
LightOn uses the services of Sentry Inc. (132 Hawthorne Street, San Francisco, CA 94107, United States, sentry.io) to ensure the technical quality of the Console web interface. There are two levels of processing.

​12.1.1​ Sentry Error Reporting (error detection)

Disabled by default on the interfaces. Sentry Error Reporting automatically detects errors and performance issues on the web interface.
  • Data collected: error type and message, stack trace, browser and operating system, page URL, recent activity trail (breadcrumbs: navigation, HTTP request statuses, anonymized DOM interactions).
  • What is not collected: the content of prompts or API requests, API keys, billing data. BeforeSend filters are applied on the client side before any data is transmitted to Sentry.
  • Legal basis: LightOn’s legitimate interest (Article 6(1)(f) GDPR) in maintaining the technical quality of its interface. Sentry Error Reporting is configured without setting persistent identifying cookies and is classified as a technically necessary tracker, requiring no prior consent.

​12.1.2​ Sentry Session Replay

Disabled by default, subject to prior consent. Sentry Session Replay allows for the visual reconstruction of a user’s navigation on the Console for the sole purpose of technical debugging. This is not a video recording of the screen but a reconstruction of changes to the browser’s DOM.
  • Recorded data: DOM changes (without field content), clicks, scrolling, page navigation, console logs, network request statuses.
  • Protective measures: LightOn applies maskAllText: true and blockAllMedia: true: all displayed or entered text and all images are masked (replaced by asterisks or opaque blocks) on the browser side before any transmission to Sentry. This measure applies without exception to Console fields, including API keys, billing information, and all user content.
  • Legal basis and consent: In accordance with the CNIL’s draft recommendation on session replay tools (public consultation conducted in the first half of 2026), Session Replay is subject to the prior consent of the client and/or user under Article 82 of the French Data Protection Act. Consequently:
    • Sentry Session Replay is only enabled upon explicit consent obtained through the user’s or client’s account settings in the Console interface.
    • The user and/or client may withdraw their consent at any time via the account settings, without this withdrawal affecting the quality of or access to the service.
  • Retention period: 90 days on Sentry servers, with automatic deletion. Individual recordings may be deleted upon request sent to rgpd_rssi@lighton.ai.
In a nutshell: To improve and debug our Console interface, we use two separate Sentry tools. The first (error detection) does not collect any information identified as personal. The second (session replay, which allows us to “replay” your browsing to find a bug) is only enabled if you give us your consent. In all cases, your entered text is masked before being sent to Sentry.

​13​ Recording of Phone Calls and Online Chats

LightOn may record some of the calls made to its services. These recordings are used in our legitimate interest and, unless you object, for the following purposes:
  • Employee training and development;
  • Monitoring the quality of advice and customer service;
  • Gathering factual evidence for the prevention and resolution of disputes, litigation, and pre-litigation matters;
  • Protecting employees in the event of verbal abuse or incivility directed at them;
  • Conducting experiments related to management and quality monitoring objectives, as well as analyzing conversations using artificial intelligence techniques.
They may also be used in connection with our legal obligations to:
  • Manage requests to exercise your rights;
  • Implement control measures, particularly regarding the fight against fraud and corruption.
Telephone recordings are intended solely for authorized personnel and may be transmitted to and/or accessed by individuals involved in the setup and analysis of telephone conversations. They are retained for a maximum of 30 days, except in the event of a dispute, in which case they are retained for the duration of the dispute and until all avenues of appeal have been exhausted. When you communicate with our services via online chat (internal messaging chatbox), the entirety of your communications may be retained for a maximum of 2 months. The purposes of this data retention are:
  • Improving the chatbot service, particularly through machine learning technologies;
  • Enhancing employee skills;
  • Monitoring the quality of advice and customer service;
  • Gathering factual evidence for use in the prevention and resolution of disputes, litigation, and pre-litigation matters;
  • Protecting employees in the event of verbal abuse or incivility directed at them;
  • Conducting experiments related to management and quality monitoring objectives, as well as analyzing conversations using artificial intelligence techniques.
This data is intended solely for authorized personnel and may be transmitted to and/or accessed by individuals involved in the setup and analysis of conversations conducted via instant messaging (chat). We recommend that you never enter confidential information through this process. All data you provide to us may be retained in an anonymized form to the greatest extent possible. Since anonymization techniques are generally at least partially automated, it is recommended that you do not provide personal data (and certainly not sensitive data) via online chat tools. In particular, it is recommended that you never provide payment information such as credit card numbers.

​14​ Advertising

We do not display advertising on our websites.

​15​ Changes to Our Privacy Policy

We may update, and, more importantly, improve, this privacy policy from time to time, while ensuring that we never reduce the level of protection already provided. Although most changes are likely to be minor, LightOn may modify its privacy policy at its sole discretion. LightOn encourages its customers, service users, job applicants, and website visitors to check this page frequently to stay informed of any changes to its privacy policy. Your use of a LightOn website, any of the Services, a mobile app provided by LightOn, a contact request, an order, or any other provision of personal data following any changes to the privacy policy constitutes your acceptance of those changes.
In a nutshell: We may make changes to how we process your data, but with a level of protection that will be at least equivalent to that outlined in this policy. These changes are mostly minor. We don’t routinely bother you with our new privacy policies by asking you to accept them again, but we’d appreciate it if you’d check the current policy from time to time. And remember that if you ever disagree with our policy, or if you have a question, or if you wish to exercise any of your rights, simply write to us at rgpd_rssi@lighton.ai.

​16​ Intellectual Property

Our websites are published by LightOn. LightOn holds all intellectual property rights related thereto. It is prohibited to copy or download all or part of its content without the prior and express authorization of the owners or rights holders of said parts and said content. This website and all of its content (including documents, photos, logos, trademarks, and information of any kind appearing on it) are protected by various rights, including copyright. LightOn grants users of the Sites and Services permission to view the content, specifically excluding the reuse of all or part of the content of the Sites or Services for any reason whatsoever. The reuse of all or part of the Sites or Services, including this document, is strictly prohibited. This document was drafted based on materials provided by SysStreaming, which has granted LightOn the necessary rights to use them. Any unauthorized reuse of all or part of the content of this document would thus violate the rights of LightOn and SysStreaming, which reserve the right to seek compensation for any damages incurred. All reproduction rights are reserved, including for downloadable documents (PDFs as well as logos, photos, information of any kind, etc.). Any downloadable documents are also protected by copyright. We may ask for your email address to allow you to access this content, in particular to track access and any unauthorized reuse of our downloadable content, which is our legitimate interest. Any total or partial reproduction of the Sites, or any reuse of any content from the Sites or Services, by any organization whatsoever, without the express authorization of LightOn or the rights holders where applicable, is prohibited and would constitute an infringement punishable under Articles L.335-2 et seq. of the French Intellectual Property Code. The databases used by LightOn are protected by the provisions of the law of July 1, 1998, transposing into the Intellectual Property Code the European Directive of March 11, 1996, on the legal protection of databases. Similarly, any recording, broadcasting, translation, or adaptation, in whole or in part, of any element of the Sites or Services is prohibited without the express prior authorization of LightOn.
In a nutshell: Everything found on our websites, our services, our applications, or in our documents is our property or that of third parties who have granted us a right of use and may not be reused without first obtaining our explicit consent.

​17​ Hyperlinks

The Sites and Services may provide access to other web pages or websites, including those of partners or corresponding to search results that may have their own legal notices, which should be consulted and respected. The creation of hyperlinks pointing to the content of the Sites is permitted provided that they open in a new window. Under no circumstances may any content from the Sites be included within another site or imply or suggest that the content is not that of LightOn. LightOn reserves the right to request the removal of any link it deems non-compliant. LightOn cannot under any circumstances be held liable for information published on websites with which hyperlinks have been established, nor for any damages of any kind resulting in particular from access to such websites. LightOn is not liable for any hyperlinks on the Site that direct users to other websites.
In a nutshell: Links to our site are permitted provided you notify us, do not attempt to misrepresent the content as your own, and we do not object.