Effective July 4, 2026
Privacy Policy
At Lighter, we take your privacy seriously. Please read this Privacy Policy to learn how we treat your personal data. By using or accessing our Services in any manner, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use and share your information as described in this Privacy Policy.
This Privacy Policy is provided as an adapted template and should be reviewed by legal counsel before it is relied upon.
For individuals in Connecticut, Washington or Nevada, please also refer to our Consumer Health Data Privacy Policy for additional information about the processing of your consumer health data, which controls for that data.
What this Privacy Policy Covers
Lighter is a technology platform dedicated to helping you privately track your GLP-1 and peptide use with simple, personalized tools. We are not a medical provider and do not provide medical advice. The Personal Data that you provide to Lighter through the Services, therefore, is not considered “protected health information” and is not subject to the Health Insurance Portability and Accountability Act (“HIPAA”). “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” or “sensitive personal information” under applicable data privacy laws, rules or regulations.
Lighter provides consumer-facing wellness tools. We are not a “covered entity” or “business associate” under HIPAA. Accordingly, most information we collect through our app and website is not “protected health information” under HIPAA.
Your use of Lighter’s Services is at all times subject to our Terms of Use, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Use.
Categories of Personal Data We Collect
This chart details the categories of Personal Data that we collect and have collected over the past 12 months:
| Category of Personal Data | Business/Commercial Purpose | Categories of Third Parties We Disclose To |
|---|---|---|
| Profile or Contact Data such as your email address and any name you provide. | Providing, customizing and improving the Services; corresponding with you. | Service Providers. |
| Device/IP Data such as device identifiers, app version, and diagnostic and crash data. | Providing, customizing and improving the Services; security and debugging. | Service Providers. |
| Payment Data such as your subscription and purchase status. Purchases are made through Apple in-app purchase; we do not collect or store your payment card numbers. | Providing the Services. | Service Providers (specifically, Apple and our subscription-management partner). |
| Usage and Analytics Data such as coarse, non-identifying in-app events and the way features are used. | Providing, customizing and improving the Services. | Service Providers. |
| Consumer Demographic Data such as date of birth, biological sex, and similar information. | Providing, customizing and improving the Services. | Service Providers. |
| Health Data such as the medications, doses, routes and injection sites you log, pain levels, side effects and severity, weight and body metrics, goals, onboarding answers, and similar information. | Providing, customizing and improving the Services. | Service Providers. |
| Sensory Data such as optional progress photos that you choose to provide. | Providing, customizing and improving the Services. | Service Providers. |
| Credentialing Data such as your Lighter login credentials or information generated when you sign in with Apple or by email. | Providing, customizing and improving the Services. | Service Providers; Parties You Authorize, Access or Authenticate. |
| Other Identifying Information that You Voluntarily Choose to Provide such as emails or other communications you send us. | Providing, customizing and improving the Services; corresponding with you. | Service Providers. |
Our Commercial or Business Purposes for Collecting Personal Data
Providing, Customizing and Improving the Services
- Creating and managing your account or other user profiles.
- Processing your subscription and other transactions.
- Providing you with the products, services or information you request.
- Meeting or fulfilling the reason you provided the information to us.
- Providing support and assistance for the Services.
- Improving the Services, including testing, research, internal analytics, and product development and improvement.
- Personalizing the Services and communications based on your preferences.
- Doing fraud protection, security and debugging.
- Carrying out other business purposes stated when collecting your Personal Data or as otherwise set forth in applicable data privacy laws.
Corresponding with You
- Responding to correspondence that we receive from you, contacting you when necessary or requested, and sending you information about Lighter or the Services.
- Sending emails and other communications according to your preferences.
Other Permitted Purposes for Processing Personal Data
In addition, each of the above referenced categories of Personal Data may be collected, used, and disclosed with the government, including law enforcement, or other parties to meet certain legal requirements and enforcing legal terms including: fulfilling our legal obligations under applicable law, regulation, court order or other legal process, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities; protecting the rights, property or safety of you, Lighter or another party; enforcing any agreements with you; responding to claims that any content violates third-party rights; and resolving disputes.
We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated or incompatible purposes without providing you notice or obtaining your consent.
Categories of Sources of Personal Data
We collect Personal Data about you from the following categories of sources:
You
- When you provide such information directly to us.
- When you create an account or use our interactive tools and Services.
- When you voluntarily provide information in free-form text boxes through the Services or through responses to onboarding questions or questionnaires.
- When you send us an email or otherwise contact us.
- When you use the Services and such information is collected automatically, such as through diagnostic and usage signals.
Third Parties
- We may use analytics providers to analyze, on a limited and non-identifying basis, how you interact and engage with the Services.
Parties You Authorize, Access or Authenticate
- Sources you choose to integrate, such as Apple Health, from which you may authorize a read-only pre-fill of certain fields (for example, height, weight, date of birth, and biological sex).
- If you sign in to the Services through a third party, such as Sign in with Apple, limited information from that account (such as an identifier and, if you choose to share it, an email address) may be transmitted into your account with us.
How We Disclose Your Personal Data
We disclose your Personal Data to the categories of service providers and other parties listed in this section. For more information, please refer to the state-specific sections below.
Service Providers. These parties help us provide the Services or perform business functions on our behalf. They include:
- Supabase, for our hosted database, authentication, and file storage.
- Cloudflare R2, for private storage of optional progress photos.
- PostHog, for limited, non-identifying product analytics.
- RevenueCat, for subscription management.
- Superwall, for paywall presentation.
- Brevo, for transactional and lifecycle email.
- Apple, for app distribution, in-app purchases, and Sign in with Apple.
Parties You Authorize, Access or Authenticate. With your permission and consent, Lighter is configured to share data about you with parties you authorize, access, or authenticate, such as Apple Health.
We do not sell your Personal Data, and we do not share it for targeted or cross-context behavioral advertising. Full-fidelity health data is never sent to analytics or advertising services; only coarse, non-identifying signals are used to understand how the Services are used.
Legal Obligations
We may disclose any Personal Data that we collect with third parties in conjunction with any of the activities set forth under the “Other Permitted Purposes for Processing Personal Data” section above.
Business Transfers
All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part).
Data that is Not Personal Data
We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymized data and disclose it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business, provided that we will not disclose such data in a manner that could identify you.
Cookies, Website Tools and Opt-Out
Our website uses cookies and similar technologies (collectively, “Cookies”) to enable our servers to recognize your web browser, tell us how and when you visit and use our website, analyze trends, learn about our user base and operate and improve our website. Cookies are small pieces of data — usually text files — placed on your computer, tablet, phone or similar device when you use that device to access our website.
Please note that because of our use of Cookies, the website does not support “Do Not Track” requests sent from a browser at this time.
We use the following types of Cookies:
- Essential Cookies. Essential Cookies are required for providing you with features or services that you have requested. Disabling these Cookies may make certain features and services unavailable.
- Functional Cookies. Functional Cookies are used to record your choices and settings, maintain your preferences over time and recognize you when you return.
- Performance/Analytical Cookies. Performance/Analytical Cookies allow us to understand how visitors use our website by collecting information such as the number of visitors and the pages they view.
You can decide whether or not to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies. You can also delete all Cookies that are already on your device. If you do this, however, some of the website’s functionality may not work.
Data Security
We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. This includes row-level access controls so you can only reach your own data, encryption in transit and at rest, and private (non-public) storage for progress photos. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.
Data Retention
We retain Personal Data about you for as long as necessary to provide you with our Services or to perform our business or commercial purposes for collecting your Personal Data. When establishing a retention period for specific categories of data, we consider who we collected the data from, our need for the Personal Data, why we collected the Personal Data, and the sensitivity of the Personal Data. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.
For example:
- We retain your profile information and credentials for as long as you have an account with us.
- We retain your subscription and purchase status for as long as we need it to process your subscription.
- We retain your device/diagnostic data for as long as we need it to ensure that our systems are working appropriately, effectively and efficiently.
You can delete your entire account and its data from inside the app (Settings → Delete Account), or by emailing founders@usemintly.com.
Personal Data of Children
We do not knowingly collect or solicit Personal Data from children under 18 years of age; if you are a child under the age of 18, please do not attempt to register for or otherwise use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 18 years of age, we will delete that information as quickly as possible. If you believe that a child under 18 years of age may have provided Personal Data to us, please contact us at founders@usemintly.com.
U.S. State Privacy Rights
If you reside in certain U.S. states such as California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia you may have certain rights afforded to you (as described below) depending on your state of residence. Please see the “Exercising Your Rights under U.S. State Privacy Laws” section below for instructions regarding how to exercise these rights. Please note that your rights may be subject to certain conditions or exceptions in accordance with applicable U.S. State Privacy Laws.
If you have any questions about this section or whether any of the following rights apply to you, please contact us at founders@usemintly.com.
- Access: You may have the right to request confirmation of or access to the Personal Data that we process about you. You can also request access to a portable copy of your Personal Data. If you are an Oregon resident, you also have the right to request a list of specific third parties, other than natural persons, to which we have disclosed your Personal Data.
- Deletion: You may have the right to request that we delete the Personal Data that we have collected about you.
- Correction: You may have the right to request that we correct any inaccurate Personal Data we have collected about you.
- Portability: You may have the right to request a copy of your Personal Data in a machine-readable format, to the extent technically feasible.
Processing of Sensitive Personal Data
As needed, we may collect Personal Data that may be deemed “sensitive” under certain U.S. State Privacy Laws (“Sensitive Personal Data”), including health information. The categories of Sensitive Personal Data we collect and our purposes for collecting such Sensitive Personal Data are described in the “Categories of Personal Data We Collect” section above. Depending on your state of residence, you may either have the right to opt-in, the right to opt-out, or if you are a California resident, the right to limit our use of your Sensitive Personal Data to permitted purposes, by following the instructions in the “Exercising Your Rights under U.S. State Privacy Laws” section. If you are a California resident, please note that our use and disclosure of Sensitive Personal Data are limited to the permitted purposes set forth in section 7027(m) of the CCPA regulations and, therefore, we do not offer a way for you to submit such a request.
Automated Decision Making and Profiling
Depending on the state of your residence, you may have the right to opt-out of the use of automated decision making technology or the processing of your Personal Data for the purposes of profiling in furtherance of decisions that produce legal or similarly significant effects to you, if applicable. However, we do not process your Personal Data in this manner.
Anti-Discrimination
We will not discriminate against you for exercising your rights under applicable privacy laws. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under applicable privacy laws. However, we may offer different tiers of our Services as allowed by applicable data privacy laws with varying prices, rates or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.
Other State-Specific Privacy Rights
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to prevent the disclosure of their personal data to third parties for such third parties’ direct marketing purposes. We do not, however, disclose your Personal Data for such purposes.
Please note that we do not currently sell your Personal Data as sales are defined in Nevada Revised Statutes Chapter 603A.
Exercising Your Rights under U.S. State Privacy Laws
To exercise the rights described in this Privacy Policy, you or your Authorized Agent (if applicable and as defined below), must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data (such as your Contact or Profile Data), and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.
We will work to respond to your Valid Request within the time period required by applicable privacy laws. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.
Request to Access, Delete, Correct. As applicable, you may submit a Valid Request for your right to access, delete, correct, or obtain a copy of your Personal Data described in this Privacy Policy by emailing us at founders@usemintly.com. If you are a California, Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, or Texas resident, you may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.
Appealing a Denial
If you are a Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, or Virginia resident and we refuse to take action on your request within a reasonable period of time after receiving your request in accordance with this section, you may appeal our decision. In such appeal, you must (1) provide sufficient information to allow us to verify that you are the person about whom the original request pertains and to identify the original request, and (2) provide a description of the basis of your appeal. We will respond to your appeal within the time period required under the applicable law. You can submit a request to appeal by emailing us at founders@usemintly.com. If we deny your appeal, you have the right to contact the Attorney General of your State.
Contact Information
If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please do not hesitate to contact us at founders@usemintly.com.
Flame Industries Inc., 7901 4th St N, STE 300, St. Petersburg, FL 33702.