Legal

Privacy Policy

Effective July 11, 2026

This policy explains what [COMPANY LEGAL NAME] (“First Light”, “we”, “us”) collects when you use the First Light platform, why we collect it, and the choices you have.

1. Apps built on First Light

Apps that people build and publish with First Light are operated by their builders. When you use someone else’s published app, its builder decides what that app collects and why — this policy covers the platform itself, and the builder’s own privacy notice covers their app.

2. What we collect

  • Account information — your name and email address (from Google when you sign in with it), your profile details, and passkey credentials. A passkey stores only a public key with us; your face or fingerprint never leaves your device.
  • What you build — the prompts and instructions you write, the apps generated for you, media you upload, and the data your apps store on the platform.
  • Billing information — handled by Stripe, our payment processor. We keep your card’s brand and last four digits, your billing history, and your top-off settings; the full card number never touches our servers.
  • Usage and device information — logs of how the platform is used, IP address, browser type, and similar diagnostics.
  • Cookies and similar technologies — described in our Cookie Policy.

3. How we use it

To provide and operate the Service: build the apps you describe, host what you publish, bill for usage, keep your account secure, provide support, understand how the platform is used so we can improve it, and meet our legal obligations. We do not sell your personal information, and we do not use it for third-party advertising.

4. AI processing

Building apps is the heart of the Service, and it uses third-party AI model providers ([AI MODEL PROVIDERS]). Your prompts, and the app content needed to act on them, are sent to those providers to generate and revise your app. [STATEMENT ON PROVIDER DATA USE — e.g. whether providers may retain or train on this data under our agreements.]

5. When we share information

With the service providers who run the platform for us — hosting and data storage (Google Firebase), payments (Stripe), sign-in (Google), AI model providers ([AI MODEL PROVIDERS]), domain registration ([DOMAIN REGISTRAR]), and email delivery ([EMAIL PROVIDER]). Each is bound to use the data only to provide its service to us.

We also share information when the law requires it, to protect the Service and the people who use it, or as part of a corporate transaction — and at your direction, when you connect something yourself.

6. How long we keep it

For as long as your account is active, plus the time needed for the purposes above. When you delete your account, we delete or de-identify your personal information within [RETENTION PERIOD], except for records the law requires us to keep longer (billing records, for instance).

7. Your rights and choices

You can see and update your profile in your account settings, and you can delete your account entirely from your account page. Depending on where you live, you may have additional rights — access, correction, deletion, portability, and objection — and you can exercise any of them by writing to [CONTACT EMAIL]. We will never treat you differently for doing so.

8. Security

Sign-in is built on passkeys and Google authentication rather than passwords. Data moves over encrypted connections, access to production systems is restricted, and payment details are handled by Stripe rather than stored with us. No system is perfectly secure; if a breach affects you, we will notify you as the law requires.

9. Children

First Light is not directed to children under 13 (or the equivalent minimum age where you live), and we do not knowingly collect their personal information. If you believe a child has an account, contact us and we will delete it.

10. International transfers

We operate from [COUNTRY/REGION], and our service providers may process data in other countries. Where the law requires safeguards for those transfers, we use them ([TRANSFER MECHANISM, e.g. standard contractual clauses]).

11. Changes to this policy

We may update this policy as the Service changes. If a change is material, we will notify you by email or in the product before it takes effect. The effective date above always reflects the current version.

12. Contact

[COMPANY LEGAL NAME], [COMPANY ADDRESS] — [CONTACT EMAIL].

All legal documents