Back to homeSign in

Privacy Policy

Effective: 2026-04-17 · Last updated: 2026-04-17

Template notice. This document is a starting template. Before accepting paying customers, replace with a policy reviewed by counsel familiar with GDPR/CCPA.

1. Who we are

Newlight Solutions LLC ("Newlight", "we", "us") operates the Stride platform at www.newlightai.com. For privacy requests, reach us at info@newlightai.com.

2. Data we collect

2.1 Account data

  • Name, email address, hashed password, profile image.
  • Workspace and organization name.
  • Role and permissions within workspaces.

2.2 Product data

  • Content you create: projects, stories, ADRs, diagrams, test cases, comments.
  • Uploaded files (PRDs, screenshots, legacy system files).
  • AI prompts and outputs you generate.

2.3 Usage data

  • Log data: IP address, browser, OS, pages viewed, timestamps.
  • Activity: actions taken, features used, AI runs initiated.
  • Cookies and similar technologies (see our Cookie Policy).

3. How we use data

  • To provide the Service: authenticate you, store your content, run AI features.
  • To improve the Service: analyze usage patterns, debug errors, measure feature adoption. Product analytics are aggregated; we do not use your content to train shared AI models.
  • To communicate: account notifications, billing receipts, security alerts, and (if you opt in) product updates.
  • To comply with law: respond to lawful requests, enforce our Terms.

4. AI model use

AI features call third-party providers (currently Groq and, on request, Anthropic, OpenAI, or Google). Your prompts and the resulting outputs are sent to those providers under their respective data-handling agreements. We configure providers with zero-retention settings where available. We do not use your content to train shared AI models.

5. Sharing

We share data only with:

  • Subprocessors listed at /legal/subprocessors (hosting, DB, AI providers, email, analytics).
  • Members of your workspace with whom you chose to collaborate.
  • Successors in interest if we undergo a merger, acquisition, or sale of assets, after notice.
  • Legal authorities when required by law or to protect rights and safety.

We do not sell personal data.

6. International transfers

We store data in the United States. If you are in the EU/UK, we transfer data under Standard Contractual Clauses. Data-residency options for EU-only storage are on the roadmap; contact us if this is a requirement.

7. Security

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Passwords are hashed with bcrypt (cost 12). Access to production systems is limited to named personnel with multi-factor authentication. See /legal/security for details.

8. Retention

  • Active accounts: data kept while your subscription is active.
  • Cancelled accounts: data retained for 30 days after cancellation, then deleted.
  • Backups: encrypted backups retained for up to 90 days.
  • Logs: web logs retained for 90 days; security logs for 1 year.

9. Your rights

Depending on where you live, you may have rights to:

  • Access a copy of your personal data.
  • Correct inaccurate data.
  • Delete your account and associated data.
  • Port your data to another service (JSON export).
  • Object to certain processing.
  • Withdraw consent for optional processing at any time.

You can exercise most rights from Settings ? Privacy. For others, email info@newlightai.com — we respond within 30 days.

10. Children's privacy

The Service is not directed to individuals under 18. We do not knowingly collect data from children.

11. Changes

We will notify you by email and in-app banner of material changes at least 14 days before they take effect.

12. Contact

Data Protection Officer: info@newlightai.com. For EU/UK representatives, see /legal/subprocessors.