Privacy Policy

1. Data controller

Lighthouse is operated by Blue Communications Ltd ("we", "us", "our"). We are the data controller responsible for your personal data processed through this platform. If you have any questions about this policy or how we handle your data, please contact us at hello@blue-comms.com.

2. What data we collect

We collect and process the following personal data when you use Lighthouse:

Account information: your name, email address, username, and password (stored as a one-way cryptographic hash; we never store your password in plain text).

Usage data: alert rules you create, search queries you run, articles you bookmark or dismiss, and preferences you set within the platform. This data is stored to provide the service and is not shared externally.

Technical data: server access logs may record your IP address, browser type, and timestamps when you access the platform. These logs are used solely for security monitoring and troubleshooting.

3. What data we do not collect

Lighthouse does not use third-party analytics, advertising trackers, or social media pixels. We do not sell, rent, or share your personal data with third parties for marketing purposes. We do not collect data from your device beyond what is described above.

4. How we use your data

We process your personal data for the following purposes:

Providing the service: authenticating your access, delivering alert notifications to your email address, and personalising your dashboard and search results based on your preferences.

Service improvement: understanding aggregate usage patterns to improve features and fix issues. We do not profile individual users for purposes unrelated to the service.

Security: detecting and preventing unauthorised access, enforcing account lockout policies, and maintaining audit logs.

Our legal basis for processing under UK GDPR is legitimate interest (providing and securing the service you have registered to use) and, where you opt in to email notifications, your consent.

5. Cookies

Lighthouse uses only strictly necessary session cookies to maintain your authenticated session. These cookies are set when you sign in and are deleted when you close your browser or when your session expires. We do not use any analytics, advertising, or preference cookies. No cookie consent banner is required because we use only essential cookies as defined under the UK Privacy and Electronic Communications Regulations.

6. Data retention

Your account data is retained for as long as your account remains active. If your account is deleted by an administrator, your personal data (name, email, username) is removed. Alert rules and preference data associated with your account are also deleted.

Collected media articles are retained in the database as part of the media monitoring archive. These are publicly available articles sourced from RSS feeds and news APIs, and do not constitute personal data.

7. Data security

We take reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), hashed passwords using industry-standard algorithms, session expiry and account lockout policies, and restricted administrative access. The platform is hosted on infrastructure secured with SSH key authentication and firewall rules.

8. Email communications

If you enable email alert notifications, we will send digest emails to the address associated with your account when your alert rules match newly collected articles. You can disable these notifications at any time from the Alerts page. We will also send a one-time verification email when your account is created.

9. Third-party data sources

Lighthouse collects publicly available media articles from third-party RSS feeds and news APIs (including GDELT, Google News, Mediastack, and Webz.io). These services are used to gather published editorial content and are not used to collect personal data about our users.

10. Your rights

Under UK GDPR, you have the right to access the personal data we hold about you, to request correction of inaccurate data, to request deletion of your data (subject to any overriding legitimate interest), to object to processing of your data, and to request a portable copy of your data. To exercise any of these rights, please contact us at hello@blue-comms.com.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have not been respected.

11. Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated through the platform. The "last updated" date at the top of this page indicates when the policy was most recently revised.