Home » Privacy Policy

StayLit Lighting — Privacy Policy

Last Updated: June 17, 2025

1. Introduction

StayLit Lighting ("StayLit Lighting," "we," "us," or "our") is committed to protecting your personal information. This Privacy Policy explains what information we collect, why we collect it, how we use and store it, with whom we share it, and what rights you have in relation to it.

This Policy applies to your use of the StayLit Lighting mobile application ("App") and the related website at https://staylit.lighting ("Site"). By creating an account, using the App, visiting the Site, making a purchase through the Site, or submitting a contact form, you consent to the practices described in this Policy. If you do not agree, please do not use the App or the Site.

This Policy applies to users in Canada and the United States. For Canadian users, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, including Alberta's Personal Information Protection Act (PIPA) and Quebec's Act respecting the protection of personal information in the private sector (Law 25). For users in certain US states, additional rights may apply as described in Section 11.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration (required)

Email address
Password (hashed; never stored or transmitted in plain text)

Warranty Registration (optional)

If you choose to register your product for warranty, we collect:

First name and last name
Phone number
Residential street address, city, postal or ZIP code, province or state, and country
Date of installation of your lighting product

Warranty registration is entirely optional. You may create an account and use all core App features without providing this information.

DIY Shop and Website Orders

When you make a purchase through the Site (including the DIY shop), we collect:

Name, email address, and phone number
Billing and shipping address
Order details (products, quantities, order history)

Payment card information is collected and processed by our secure payment provider (e.g., Stripe or similar). We do not store full credit card numbers on our servers. We may retain the last four digits and card brand for order reference and support purposes.

Contact Forms and Inquiries

When you submit a contact form, warranty claim form, or other inquiry through the Site, we collect the information you provide (such as name, email, phone, and message content) to respond to your request.

2.2 Information Collected Automatically Through Your Use of the App

Device data

When you add a lighting controller to your account, we collect and store:

Device name (chosen by you)
MAC address of the LED controller (used as a permanent unique identifier)
Current local IP address of the LED controller (updated automatically when it changes)
Auto-generated MQTT credentials (username and password) assigned to each device
LED hardware configuration (GPIO pin assignments, strip lengths, power-supply limits, and related settings you configure through the App)
Timer and schedule configurations you create for each device
A list of StayLit Lighting account holders you have granted access to that device

Preset and usage data

Presets you have saved as favourites
Custom presets you create and save
Preset and category selections synced to your account

Authentication session data

A JSON Web Token (JWT) is issued when you log in. This token is stored locally on your device (using your phone's SharedPreferences storage) to keep you logged in between sessions. The token is also validated against our servers on each App launch.

2.3 Information Collected from Your Local Network

The App operates primarily over your local home Wi-Fi network. During normal operation:

The App scans your local network subnet by sending lightweight HTTP requests to detect WLED-compatible lighting controllers. The App does not collect, record, or transmit any data from other devices discovered on your network to StayLit Lighting's servers.
The App uses mDNS/Bonjour to discover devices by hostname on your local network. No mDNS data beyond your own StayLit Lighting devices is transmitted to us.
Local network IP addresses are used transiently to communicate with your devices. Only the IP address of your registered StayLit Lighting devices is stored on our servers, and only to assist with device reconnection.

2.4 Information We Do Not Collect

We do not store full payment card numbers. Card payments are processed by our payment provider; we receive only the information necessary to complete the transaction (e.g., last four digits for reference). The App has no in-app purchase or billing functionality.
We do not access your device's camera, microphone, contacts, calendar, photo library, or location services.
We do not track your location.
We do not collect precise real-time usage analytics or behavioural tracking data.

3. How We Use Your Information

We use the information we collect for the following purposes:

Purpose	Information Used
Authenticating your identity and maintaining your login session	Email, password, JWT token
Managing your account and providing App functionality	Email, display name, user ID
Processing and fulfilling DIY shop orders	Name, email, phone, billing/shipping address, order details
Registering your product warranty	Name, phone, address, installation date
Responding to contact form submissions and inquiries	Name, email, phone, message content
Storing and synchronising your device configurations	Device name, MAC address, IP, MQTT credentials, hardware config, timers
Delivering lighting presets and syncing favourites	Preset data, user ID
Enabling multi-user device sharing	User ID, allowed-user lists
Delivering and verifying over-the-air firmware updates	Device MAC address, device IP, firmware version data
Responding to support requests or account inquiries	Email, account data
Improving our services and diagnosing technical issues	Aggregated, non-identifiable usage patterns
Complying with legal obligations	Any data as required by law

We do not use your information for advertising, behavioral profiling, or sale to third parties.

4. Legal Basis for Processing (Canadian Users)

Under PIPEDA and applicable provincial legislation, we collect, use, and disclose your personal information only with your knowledge and consent, except where the law permits or requires otherwise. By registering for an account, completing a warranty registration, making a purchase through the Site, or submitting a contact form, you provide express consent to our collection and use of your personal information as described in this Policy.

You may withdraw your consent at any time by deleting your account (see Section 9), subject to legal or contractual restrictions.

5. How We Store and Protect Your Information

5.1 Where Data Is Stored

Your account, device, and warranty data is stored on servers running WordPress at https://staylit.lighting. Your session token and a local copy of your device list are stored on your mobile device using Android/iOS platform storage (SharedPreferences).

Firmware binary files downloaded for updates are temporarily cached to your device's local storage and may be cleared when the App is uninstalled.

5.2 Security Measures

We take reasonable technical and organizational measures to protect your personal information, including:

HTTPS encryption for all communications between the App and our servers
JWT-based authentication with server-side token validation on every App launch
Unique, auto-generated MQTT credentials per device (not shared across accounts)
Password hashing (passwords are never stored or transmitted in plain text)

Despite these measures, no system is completely secure. We cannot guarantee the absolute security of your information. In the event of a data breach that creates a real risk of significant harm to you, we will notify you as required by applicable law.

5.3 Retention

We retain your personal information for as long as your account is active or as needed to provide services. If you delete your account:

All account data, device data, presets, timer schedules, warranty registration information, and order history is permanently deleted from our servers.
Locally cached data (JWT token, device list) is removed from your device when the App is uninstalled.
We may retain information in anonymized, aggregated form that cannot identify you.

We may also retain certain information as required by law or for legitimate business purposes such as fraud prevention, for the period required by applicable law.

6. Disclosure of Your Information

We do not sell, rent, or trade your personal information to any third party. We may share your information only in the following limited circumstances:

6.1 Service Providers

We use third-party service providers to operate the App, the Site, and our backend infrastructure. These providers process data on our behalf and are contractually required to protect it:

Hosting provider — hosts the backend API, database, and website
Payment processor — processes card payments for DIY shop orders; we do not receive or store full card numbers
MQTT broker infrastructure — routes real-time commands between the App and your devices

6.2 Third-Party Technologies Embedded in the App

The following technologies are used within the App but operate primarily locally or under their own terms:

WLED firmware (open-source) — runs on your hardware; does not transmit data to StayLit Lighting
NTP (ntp.org) — your lighting controller syncs its clock using the public NTP pool; NTP queries may expose your device's IP address to NTP pool servers
mDNS/Bonjour — operates entirely on your local network; no data leaves your network

6.3 Legal Requirements

We may disclose your information if required to do so by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of StayLit Lighting, our users, or the public.

6.4 Business Transfers

In the event of a merger, acquisition, sale of assets, or other business transfer, your personal information may be transferred to a successor entity. We will notify you via the App or by email before your information is transferred and becomes subject to a different privacy policy.

6.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

7. Cookies and Local Storage

App

The App does not use browser cookies. However, it uses your device's local storage (Android SharedPreferences / iOS NSUserDefaults) to store:

Your JWT authentication token (for persistent login)
Your saved device list
Cached lighting preset data (for faster loading and offline display)

You can clear this data by logging out of the App or uninstalling it. Logging out clears your session token and forces re-authentication on next launch.

The App uses an embedded in-app browser (WebView) solely during the Wi-Fi provisioning step for new devices. This WebView loads a page served by your LED device locally at http://4.3.2.1 and does not track browsing activity or set persistent cookies.

Site (Website)

The Site uses cookies and similar technologies for the following purposes:

Essential cookies — Required for the Site to function (e.g., session management, shopping cart, checkout)
Preference cookies — Remember your settings (e.g., currency, region)
Analytics cookies (if used) — Help us understand how visitors use the Site (e.g., page views, traffic sources). We use aggregated, non-identifying data only.

You can control or disable cookies through your browser settings. Disabling essential cookies may affect your ability to use certain features, including the shopping cart and checkout.

8. Children's Privacy

The App is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us using the details in Section 12.

9. Your Rights and Choices

9.1 Access and Correction

You have the right to request access to the personal information we hold about you and to request correction of any inaccurate or incomplete information. You may update your account information directly within the App.

9.2 Withdrawal of Consent

You may withdraw your consent to our collection and use of your personal information at any time by deleting your account. Account deletion is available from within the App (account menu → Delete Account). Deletion is permanent and irreversible — all associated data will be permanently removed from our servers.

9.3 Data Portability

Upon written request, we will provide you with a copy of the personal information we hold about you in a structured, machine-readable format where technically feasible.

9.4 Opt-Out of Non-Essential Communications

If we send you service-related emails (such as warranty confirmation), you may contact us to opt out of future non-essential communications. You cannot opt out of transactional emails that are necessary to the operation of your account (for example, password reset emails).

9.5 Complaint to a Regulatory Authority

Canadian users: If you believe we have handled your personal information in violation of PIPEDA or applicable provincial privacy legislation, you may file a complaint with the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca, or with the applicable provincial privacy commissioner.

Quebec users: You may file a complaint with the Commission d'accès à l'information (CAI) at https://www.cai.gouv.qc.ca.

10. Links to Our Site and Third-Party Sites

The App may open links to pages on our Site (such as the warranty page at https://staylit.lighting/warranty or the password reset page). When you use our Site — whether from the App or directly in your browser — this Privacy Policy applies.

If you click a link on our Site that takes you to an external website operated by a third party (for example, a payment processor, social media platform, or another company's site), that third party's privacy policy applies to your activity on their site. We are not responsible for the privacy practices of third-party websites.

11. Additional Rights for US State Residents

Depending on your state of residence, you may have additional privacy rights under applicable state law. We describe some of these below. To exercise any of these rights, contact us using the details in Section 12.

Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you.
Right to Delete: You may request deletion of your personal information (equivalent to the account deletion feature in the App).
Right to Correct: You may request correction of inaccurate personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

We do not sell personal information and do not share personal information for cross-context behavioral advertising. As a result, opt-out rights related to those activities do not apply.

12. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or the handling of your personal information, please contact us:

StayLit Lighting
Website: https://staylit.lighting

For account-specific requests (data access, correction, or deletion), you may also use the relevant features within the App directly.

We will acknowledge your request within 10 business days and respond substantively within 30 days, or as required by applicable law.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the revised Policy with an updated "Last Updated" date. For material changes, we will make reasonable efforts to notify you through the App, on the Site, or by email. Your continued use of the App or the Site after the effective date of a revised Policy constitutes your acceptance of the changes.