Three Lights← Home

Legal

Privacy Notice

Last updated: June 2026

This Privacy Notice explains how Alexandru Dimitriu("we", "us", "Three Lights") collects, uses, and shares personal data when you use the Three Lights app and website (the "Service").

We act as the data controller for personal data we collect about you through the Service.

1. What we collect and why

  • Account data — your name, email, and password hash. Used to create your account, sign you in, and contact you about your account.
  • Habit data — the daily green / yellow / red marks you enter, custom habits you create, and the groups you join. Used to provide the core habit-tracking features and show your history.
  • Support messages — what you tell us when you contact support. Used to respond to you and fix issues.
  • Usage and device data — basic telemetry such as IP address, device type, browser, and pages viewed. Used for security, fraud prevention, and to improve the Service.

2. Legal basis

We rely on:

  • Contract — to create your account and provide the Service.
  • Legitimate interests — to keep the Service secure, prevent fraud, and improve features.
  • Consent — for any optional communications you opt into.
  • Legal obligation — where we are required by law to retain or disclose data.

3. Who we share data with

We share data only with:

  • Service providers (subprocessors) we use to run the Service, including hosting and database infrastructure (Supabase / Lovable Cloud).
  • Paddle, our Merchant of Record, for processing payments, managing subscriptions, handling tax compliance, and issuing invoices. Paddle acts as an independent controller for payment data.
  • Professional advisers such as legal and accounting advisers, where needed.
  • Authorities, where required by law or to protect our rights.

We do not sell your personal data.

4. International transfers

Some of our service providers may process your data outside your country of residence, including outside the UK and EEA. Where this happens, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or adequacy decisions.

5. Retention

We keep your account and habit data for as long as your account is active. If you delete your account, we delete or anonymize your personal data within a reasonable period, except where we are required to keep it (for example, billing records).

6. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you;
  • Correct inaccurate data;
  • Delete your data ("right to be forgotten");
  • Restrict or object to certain processing;
  • Receive your data in a portable format;
  • Withdraw consent at any time, where we rely on consent;
  • Lodge a complaint with your local data protection authority.

To exercise these rights, email hello@3lights.app. We'll respond within one month.

7. Security

We use appropriate technical and organizational measures to protect your data, including encryption in transit, access controls, and hashed passwords. No system is perfectly secure, but we take this seriously.

8. Cookies

We use essential cookies and local storage to keep you signed in and to remember basic preferences. We do not use advertising cookies. If we add analytics in the future, we will update this notice.

9. Children

Three Lights is not intended for children under 13 (or the minimum age in your country). If you believe a child has created an account, please contact us so we can remove it.

10. Changes to this notice

We may update this Privacy Notice from time to time. We will post the new version here and update the "last updated" date.

11. Contact

Questions about your privacy? Email hello@3lights.app.