Privacy Policy

This privacy notice for Light International, Inc. (doing business as LIGHT) ("LIGHT," "we," "us," or "our") describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:

  • Visit our website at lighthealth.co, or any website of ours that links to this privacy notice
  • Download and use our mobile application (LIGHT Health), or any other application of ours that links to this privacy notice
  • Purchase or use the LIGHT Body Scanner device
  • Engage with us in other related ways, including any sales, marketing, or events


Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at privacy@lighthealth.co.


SUMMARY OF KEY POINTS

This summary provides key points from our privacy notice. You can find more detail about any of these topics by using our table of contents below to find the section you are looking for.


What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with LIGHT and the Services, the choices you make, and the products and features you use.

Do we process any sensitive personal information? Yes. Because the LIGHT Body Scanner measures body composition, metabolic markers, and other internal health data, we process health and biometric data. We do so with your consent and as otherwise permitted by applicable law.

Do we receive any information from third parties? We may receive information from public databases, marketing partners, social media platforms, and other outside sources.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

In what situations and with which parties do we share personal information? We may share information in specific situations and with specific categories of third parties.

How do we keep your information safe? We have organizational and technical processes in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure.

What are your rights? Depending on where you are located, the applicable privacy law may mean you have certain rights regarding your personal information.

How do you exercise your rights? The easiest way to exercise your rights is by contacting us at privacy@lighthealth.co. We will consider and act upon any request in accordance with applicable data protection laws.


TABLE OF CONTENTS

  1. WHAT INFORMATION DO WE COLLECT?
  2. HOW DO WE PROCESS YOUR INFORMATION?
  3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
  4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
  5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
  6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
  7. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
  8. HOW LONG DO WE KEEP YOUR INFORMATION?
  9. HOW DO WE KEEP YOUR INFORMATION SAFE?
  10. DO WE COLLECT INFORMATION FROM MINORS?
  11. WHAT ARE YOUR PRIVACY RIGHTS?
  12. CONTROLS FOR DO-NOT-TRACK FEATURES
  13. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
  14. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
  15. WASHINGTON STATE — MY HEALTH MY DATA ACT
  16. DO WE MAKE UPDATES TO THIS NOTICE?
  17. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
  18. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?


1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, purchase or use the LIGHT Body Scanner, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You.

The personal information that we collect depends on the context of your interactions with us and the Services. The personal information we collect may include:

  • Names
  • Phone numbers
  • Email addresses
  • Mailing addresses
  • Usernames and passwords
  • Contact preferences
  • Billing addresses and payment information
  • Height, weight, age, sex, and activity level
  • Body composition data generated by the LIGHT Body Scanner
  • Health and metabolic biomarker data


Sensitive Information.

With your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:

  • Health data (including metabolic age, visceral fat, ectopic fat, inflammation markers, and other biomarkers tracked by the LIGHT Body Scanner)
  • Biometric data


Payment Data.

We collect data necessary to process your payment if you make purchases, such as your payment instrument number and the security code associated with your payment instrument. All payment data is stored by our payment processor. You may find their privacy notice on their website.


Social Media Login Data.

We may provide you with the option to register with us using your existing social media account details, like your Apple, Google, or other account. If you choose to register in this way, we will collect the information described in the section HOW DO WE HANDLE YOUR SOCIAL LOGINS? below.


Application Data.

If you use our LIGHT Health application, we may also collect the following information if you choose to provide us with access or permission:

  • Geolocation Information. We may request access to track location-based information from your mobile device to provide certain location-based services.
  • Mobile Device Access. We may request access to certain features from your mobile device, including bluetooth, sensors, camera, and other features.
  • Mobile Device Data. We automatically collect device information such as your mobile device ID, model, manufacturer, operating system, browser type, and IP address.
  • Push Notifications. We may request to send you push notifications regarding your account or scan results. You may turn these off in your device settings.


Information automatically collected

In Short: Some information — such as your IP address and browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This may include device and usage information such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, and other technical information. Like many businesses, we also collect information through cookies and similar technologies.


Information collected from other sources

In Short: We may collect limited data from public databases, marketing partners, social media platforms, and other outside sources.

We may obtain information about you from other sources, such as public databases, joint marketing partners, data providers, and social media platforms. This information may include mailing addresses, email addresses, and other contact details for purposes of targeted advertising and event promotion.


2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, including:

  • To facilitate account creation and authentication and otherwise manage user accounts
  • To deliver the LIGHT Body Scanner's health insights and personalized recommendations
  • To respond to user inquiries and offer support
  • To send administrative information to you, including details about our products, services, and changes to our terms and policies
  • To fulfill and manage your orders, payments, returns, and exchanges
  • To request feedback and improve our Services
  • To send you marketing and promotional communications, in accordance with your marketing preferences
  • To deliver targeted advertising tailored to your interests
  • To protect our Services and prevent fraud
  • To identify usage trends and improve our Services
  • To comply with our legal obligations


3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

In Short: We only process your personal information when we have a valid legal reason to do so under applicable law.

If you are located in the EU or UK, we may rely on the following legal bases to process your personal information:

  • Consent. We may process your information if you have given us permission for a specific purpose. You can withdraw your consent at any time.
  • Performance of a Contract. We may process your information when necessary to fulfill our contractual obligations to you.
  • Legitimate Interests. We may process your information when reasonably necessary to achieve our legitimate business interests, such as sending users information about offers, analyzing how our Services are used, and supporting our marketing activities.
  • Legal Obligations. We may process your information where necessary for compliance with our legal obligations.
  • Vital Interests. We may process your information where necessary to protect your vital interests or the vital interests of a third party.


4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations and with the following categories of third parties.

We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties that are designed to safeguard your personal information. The categories of third parties we may share personal information with include:

  • Data Analytics Services
  • Finance and Accounting Tools
  • Order Fulfillment Service Providers
  • Payment Processors
  • Performance Monitoring Tools
  • User Account Registration and Authentication Services
  • Ad Networks
  • Sales and Marketing Tools
  • Cloud Computing Services
  • Website Hosting Service Providers
  • Data Storage Service Providers


We may also need to share your personal information in the following situations:

  • Business Transfers. We may share or transfer your information in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business.
  • Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this privacy notice.


5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.


6. HOW DO WE HANDLE YOUR SOCIAL LOGINS?

In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.

Our Services offer you the ability to register and log in using your third-party social media account details (such as Apple or Google). Where you choose to do this, we will receive certain profile information from your social media provider, which will often include your name and email address, and other information you choose to make public. We will use the information we receive only for the purposes described in this privacy notice.


7. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

In Short: We may transfer, store, and process your information in countries other than your own.

Our servers are located in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by us in the United States. If you are a resident in the EEA or UK, we have implemented the European Commission's Standard Contractual Clauses to protect your personal information. Our Standard Contractual Clauses can be provided upon request.


8. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law. We will keep your account data for as long as your account is active. When we have no ongoing legitimate business need to process your personal information, we will delete or anonymize such information.


9. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

Given that the LIGHT Body Scanner processes sensitive health and biometric data, we apply enhanced security standards to the storage and transmission of this information, including encryption at rest and in transit.


10. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data. If you become aware of any data we may have collected from children under age 18, please contact us at privacy@lighthealth.co.


11. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: In some regions, such as the EEA, UK, and Canada, you have rights that allow you greater access to and control over your personal information.

In some regions (like the EEA, UK, and Canada), you have certain rights under applicable data protection laws. These may include the right to: (i) request access and obtain a copy of your personal information; (ii) request rectification or erasure; (iii) restrict the processing of your personal information; and (iv) data portability. In certain circumstances, you may also have the right to object to the processing of your personal information.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you have the right to complain to your local data protection supervisory authority.

Withdrawing your consent:

If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time by contacting us at privacy@lighthealth.co.

Opting out of marketing and promotional communications:

You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in our emails or by contacting us at privacy@lighthealth.co.

Account Information

If you would like to review or change the information in your account or terminate your account, you can log in to your account settings or contact us using the contact information provided. Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases, subject to certain legal retention requirements.


12. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.


13. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.

California Civil Code Section 1798.83 ("Shine The Light" law) permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.


CCPA Privacy Notice

The following table shows the categories of personal information we have collected in the past twelve (12) months:


Category

Examples

Collected

A. Identifiers

Name, postal address, phone, email, IP address, account name

YES

B. Personal information (CA Customer Records)

Name, contact info, financial information

YES

C. Protected classification characteristics

Gender, date of birth

YES

D. Commercial information

Transaction history, purchase details, payment information

YES

E. Biometric information

Fingerprints and voiceprints

NO

F. Internet or network activity

Browsing history, search history, interactions with our Services

YES

G. Geolocation data

Device location

YES

H. Audio, electronic, visual information

Images and audio, video or call recordings

NO

I. Professional or employment information

Job title, work history

NO

J. Education information

Student records and directory information

NO

K. Inferences from personal information

Profile inferences about preferences and characteristics

YES

L. Sensitive Personal Information

Account login, payment card data, health data, biometric data

YES


We will use and retain the collected personal information as needed to provide the Services or for:

  • Category A, B, C, D, L - As long as the user has an account with us
  • Category F, G, K - 6 months


Your rights with respect to your personal data:

  • Right to request deletion of the data (Right to Delete): You can ask for the deletion of your personal information, subject to certain exceptions provided by law.
  • Right to be informed (Right to Know): You have a right to know whether we collect and use your personal information, the categories collected, the purposes for which it is used, and whether we sell or share it to third parties.
  • Right to Non-Discrimination: We will not discriminate against you if you exercise your privacy rights.
  • Right to Limit Use and Disclosure of Sensitive Personal Information: You have the right to direct us to limit our use of your sensitive personal information, including health and biometric data, to that use which is necessary to perform the Services.


Light International, Inc. has not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months.

To exercise your rights, you can contact us at privacy@lighthealth.co. If you have a complaint about how we handle your data, we would like to hear from you.


14. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes, if you are a resident of Virginia, you may be granted specific rights regarding access to and use of your personal information.

Virginia CDPA Privacy Notice

Under the Virginia Consumer Data Protection Act (CDPA), Virginia residents have the following rights with respect to their personal data:

  • Right to be informed whether or not we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request deletion of your personal data
  • Right to obtain a copy of the personal data you previously shared with us
  • Right to opt out of the processing of your personal data for targeted advertising, sale of personal data, or profiling


Light International, Inc. has not sold any personal data to third parties for business or commercial purposes. To exercise your rights under the CDPA, please contact us at privacy@lighthealth.co. We will respond within forty-five (45) days of receipt of your request. This response period may be extended once by forty-five (45) additional days when reasonably necessary.

Right to appeal: If we decline to take action regarding your request, you may appeal our decision by emailing privacy@lighthealth.co. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken.


15. WASHINGTON STATE - MY HEALTH MY DATA ACT

If you are a resident of Washington State, the Washington My Health MY Data Act (MHMD Act) may grant you additional rights regarding health data we collect, which includes body composition, metabolic, and biometric data generated by the LIGHT Body Scanner.

Under the MHMD Act, Washington residents may have the right to:

  • Confirm whether we collect, share, or sell your consumer health data
  • Access your consumer health data
  • Withdraw consent for the collection and sharing of your consumer health data
  • Request deletion of your consumer health data
  • Receive a list of all third parties and affiliates with whom we have shared or sold your consumer health data


Because health and biometric data is central to the LIGHT Body Scanner's function, we collect and process this data solely for the purpose of providing you with the Services and, with your consent, for improving and developing our technology. We do not sell your consumer health data to third parties.

To exercise your rights under the MHMD Act, please contact us at privacy@lighthealth.co. Note: This section is subject to review by legal counsel before publication. Please consult with a privacy attorney familiar with the Washington My Health MY Data Act before relying on this section.


16. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.


17. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may contact us by email at privacy@lighthealth.co, or by post to:


Light International, Inc.

[MAILING ADDRESS - TO BE COMPLETED]

[CITY, STATE, ZIP CODE]

United States

Email: privacy@lighthealth.co

Phone: [PHONE NUMBER - TO BE COMPLETED]


18. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it. To request to review, update, or delete your personal information, please contact us at privacy@lighthealth.co.

We will respond to your request in accordance with applicable data protection laws. Where we are required to verify your identity before processing your request, we will ask you to provide information sufficient to confirm you are the person about whom we hold information.


Last updated: May 2026 | lighthealth.co | privacy@lighthealth.co

IMPORTANT: This document requires review by a qualified privacy attorney before publication, particularly regarding the Washington My Health MY Data Act provisions (Section 15) and state-specific health data laws. Complete all [PLACEHOLDER] fields before publishing.