Privacy Policy

Effective Date: March 5, 2025

1. Scope and Applicability

This Privacy Policy applies to all individuals worldwide who access or use LightDrive.one’s services, regardless of whether they have registered for an account. By accessing or using any part of our services—whether through a web browser, a LightDrive.one client, or a third-party client—you are deemed to have accepted this Privacy Policy. The policy governs all services provided by LightDrive.one, including, but not limited to, email services, cloud storage, calendar, note-taking, tasks lists, file sharing and collaboration, contacts storage, video and audio calls/meetings, as well as WebDAV, CalDAV, and CardDAV access.

2. Data Collection

LightDrive.one collects and processes data strictly necessary for operating its services and maintaining general usage statistics. This data is used exclusively to ensure the efficient operation, security, and continuous improvement of our services, as well as to comply with applicable legal obligations. The types of data collected include:

Personal Data Provided by Users: Information provided during account registration or profile setup (such as name, email address, and domain information) necessary for operating and personalizing our services.
Technical and Usage Data: Automatically generated information during interactions with our services, including usage logs, IP addresses, device information, browser types, and operating system details.
Anonymous and Aggregated Data: Aggregated or anonymized data that does not personally identify users, which is used solely for analytical purposes and to improve our services.
Security and Fraud Prevention Data: Data such as login attempts, error logs, and other security-related metrics collected to protect the service and its users from unauthorized access, fraud, or other security threats.
Service-Specific Data Collection: Additional data related to specific features (e.g., metadata associated with email communications, file sharing details, calendar events) may be collected to ensure proper functioning and enhancement of those services.

3. Data Collection Methods

LightDrive.one collects data through various methods to ensure the effective operation of its services, maintain security, and enhance user experience. The data is collected from the following sources:

Website Access Data: When you visit LightDrive.one, our systems automatically record technical details such as your IP address, the date and time of access, pages visited, and referring URLs. This information is used for performance monitoring and security purposes.
User Registration and Provided Data: During account registration or when voluntarily providing additional information, you may supply personal data (such as your name, email address, and domain information) that is essential for account creation, service personalization, and communication.
Service Usage Data: As you interact with our services—including functionalities like email, file sharing, and calendar features—technical data is generated. This includes usage logs, system interactions, and metadata that help us manage and improve our platform.
Data Uploaded by Clients: Any files or content you upload remain your property. LightDrive.one processes this data solely for essential functions, such as virus scanning to ensure that no harmful content is present. We do not use the content of your uploads for any purpose beyond maintaining service security and integrity.
Service-Specific Tracking: Within the LightDrive.one environment, tracking mechanisms may be employed to monitor interactions and the use of specific features. This information is used solely to understand user engagement and to further refine our services.
Essential Cookies and Tracking Technologies: We use only strictly necessary cookies and similar tracking technologies to support essential functions, such as secure authentication, session management, and maintaining user preferences. These cookies are integral to the operation of our website and services and do not include any optional analytics or supplementary tracking.
Customer Support and Communications Data: If you contact our support team or interact with customer service, the content of your communications—including any details you provide—is collected and stored to help us resolve your inquiries and improve our services.

4. Purpose of Data Use

LightDrive.one uses the data collected solely to operate, enhance, and secure our services while ensuring compliance with legal requirements. Specifically, your data is used for the following purposes:

Service Delivery and Operation: To provide, maintain, and continuously improve the full range of our services—including email, cloud storage, calendar, file sharing, and collaboration—ensuring a seamless user experience.
Personalization and Improvement: To tailor and enhance your experience by understanding usage patterns, enabling personalized features, and optimizing the functionality of our platform.
Performance Monitoring and Analytics: To analyze aggregated and anonymized data, monitor system performance, troubleshoot issues, and make data-driven improvements to our services.
Security and Fraud Prevention: To safeguard our systems and users through measures such as virus scanning, detecting unauthorized access, and preventing fraud or misuse of our services.
Customer Support and Communication: To respond to inquiries, provide customer support, and deliver important service notifications and updates.
Legal Compliance and Regulatory Obligations: To fulfill our legal obligations, comply with valid legal requests, and enforce our policies as required by applicable laws.
Research and Development: To use anonymized and aggregated data for research and development purposes aimed at further refining and expanding our service offerings.

5. User Data Ownership and Control

LightDrive.one recognizes that all content you upload or create through our services remains your property. This includes files or data you directly upload as well as content generated using our integrated productivity applications, such as word processors, spreadsheets, and presentation tools. You retain full ownership and control over your personal data and any content you generate. Specifically:

Access, Correction, and Update: You have the right to access, review, update, or correct any personal or user-generated content via your account settings or by contacting our support team.
Deletion and Portability: You may request the deletion or export of your personal data and any content created with our services, subject to applicable legal requirements and our data retention policies.
Control Over Usage: While we process data to deliver, maintain, and improve our services, this processing is strictly limited to what is necessary for these purposes and to comply with legal obligations. We do not use your data for any unauthorized purposes.
Intellectual Property Considerations: By using our services, you confirm that any data or content you create remains your intellectual property. You grant LightDrive.one only the limited, non-exclusive license necessary to operate, support, and enhance our services.

6. Data Sharing and Third Parties

LightDrive.one is committed to ensuring the confidentiality and security of your personal data. We share data with third parties only under the following circumstances:

Service Providers: We may engage trusted third-party service providers to help operate, maintain, and improve our services. These providers are contractually obligated to use your data solely for the purposes for which it is shared and to protect it in accordance with applicable privacy laws.
Payment Processing: For users subscribing to our paid services, necessary payment information is transmitted to and processed by a third-party payment processor. This processor adheres to stringent security standards to protect your financial data, and LightDrive.one does not store or retain any sensitive payment details.
Legal and Regulatory Requirements: In response to lawful requests, such as court orders or regulatory mandates, we may disclose personal data to the relevant authorities. We ensure that such disclosures are limited to what is required by law.
Aggregated or Anonymized Data: Data that has been aggregated or anonymized in such a way that it cannot be linked back to an individual may be shared with third parties for analytical or research purposes, without compromising your privacy.
No Sale or Rent: LightDrive.one does not sell or rent your personal data to third parties for marketing or other purposes.

7. Third-Party Service Providers

LightDrive.one utilizes third-party service providers for specific operational functions while ensuring that your data remains secure and confidential. These providers include:

Payment Processing: We employ a designated payment processor to handle all financial transactions related to our paid services. This processor manages payment-related data strictly for processing transactions and subscription management in compliance with stringent security standards and applicable data protection regulations. It receives only the information necessary to execute payments and does not access additional personal data for any other purposes.
Data Hosting and Infrastructure: LightDrive.one leverages a third-party data hosting provider to maintain the secure storage and processing infrastructure for our services. This provider is responsible solely for hosting your data and does not have access to your personal information beyond what is required to ensure infrastructure functionality. Strict security measures and contractual obligations are in place to safeguard your data.
Push Notifications: For delivering push notifications to mobile devices, LightDrive.one may integrate with platform-specific services, such as Apple Push Notification Service (APNs) for iOS and Firebase Cloud Messaging (FCM) for Android. While our own push server manages notifications internally, these external services are used only as necessary to facilitate mobile device notifications. They collect minimal, device-specific information required solely for the effective delivery of notifications.
Other Potential Providers: In the future, LightDrive.one may engage additional third-party service providers—such as content delivery networks, email delivery services, or analytics platforms—to support and enhance our services. Any such providers will be subject to strict contractual requirements and will only have access to data necessary for their specific functions.

8. Data Security Measures

LightDrive.one is committed to protecting your data through a comprehensive approach that adheres to industry best practices. Our data security measures include, but are not limited to, the following:

Encryption: All data transmitted between your device and our servers is secured using strong encryption protocols (e.g., TLS). Sensitive data stored on our servers is encrypted at rest to prevent unauthorized access.
Access Controls and Authentication: Strict role-based access controls ensure that only authorized personnel can access sensitive information. Multi-factor authentication (MFA) is implemented for both administrative and user accounts to add an extra layer of security.
Regular Security Audits and Testing: We conduct routine security audits, vulnerability assessments, and penetration tests to identify and mitigate potential risks. Ongoing monitoring helps us promptly detect and respond to suspicious activities or potential breaches.
Software Updates and Patch Management: Our systems are continuously updated with the latest security patches and software upgrades to safeguard against known vulnerabilities.
Monitoring and Logging: Comprehensive logging and monitoring systems are in place to track access and system activities, enabling quick identification and response to potential threats.
Employee Training and Internal Policies: Our team receives regular training on data security best practices and compliance standards. Internal policies and procedures are enforced to ensure that all personnel handle data responsibly and securely.
Incident Response and Disaster Recovery: We maintain an incident response plan to address and contain security breaches swiftly, including notifying affected users as required by law. Regular data backups and a robust disaster recovery strategy ensure that your data can be restored quickly in the event of system failure or data loss.
Third-Party Oversight: Any third-party service providers engaged by LightDrive.one, such as for data hosting or push notifications, are required to meet stringent security standards and are subject to continuous oversight.

9. Data Retention Policy

LightDrive.one is committed to retaining and managing data in a manner that supports service functionality while respecting user rights and applicable legal requirements. Our data retention policy covers the following areas:

Active Accounts: Data associated with active accounts is stored for as long as the account remains open and in use, or for as long as necessary to fulfill the operational and legal requirements of the service.
Inactive Accounts: Free accounts that have not recorded any user-initiated activity for 12 consecutive months will be deemed inactive. Users will be notified at least 30 days in advance of any archival or deletion actions taken on such accounts. Paying users, however, will always be treated as active to ensure uninterrupted access and service continuity.
Downgrading Storage Limits: When a user downgrades to a plan with a lower storage allocation (for example, from 50 GB to 1 GB), it is the user’s responsibility to ensure that their total data usage does not exceed the new limit. In such cases:
- Notification and Grace Period: If the data stored exceeds the storage limit of the downgraded plan, the user will receive a notification detailing the overage and will be granted a grace period of 30 days to reduce the data to within the allowed limit or to upgrade their plan.
- Service Restrictions: Until the storage usage complies with the new plan’s limits, functionalities such as new uploads or data synchronization may be restricted. This measure is designed to encourage the user to manage their storage or adjust their plan accordingly.
- Long-Term Non-Compliance: Persistent non-compliance with the new storage limit may result in additional measures, including archival of excess data or, in extreme cases, partial data deletion. Users will be clearly informed of any actions taken.
Legal Compliance: In all cases, data retention and deletion practices will be conducted in accordance with applicable laws and regulations. Any data required to be retained for legal or regulatory purposes will be handled separately and securely.

10. International Data Transfers

LightDrive.one primarily operates its services from servers located in the United States. By using our services, you acknowledge and consent that your personal data may be transferred to, stored, and processed in the United States or any other country where our service providers or affiliated entities operate. In connection with such transfers, we adhere to industry standards and legal requirements, including the following measures:

Adequate Safeguards: We implement appropriate technical and organizational safeguards to ensure that your personal data remains secure during international transfers. This may include the use of encryption, access controls, and contractual arrangements that require third parties to uphold similar standards of data protection.
Compliance with Data Protection Laws: For users residing in jurisdictions with specific data protection regulations (such as the European Union’s General Data Protection Regulation), we ensure that any international transfers are conducted in compliance with applicable laws. This may involve relying on mechanisms such as standard contractual clauses or other approved safeguards to maintain an adequate level of data protection.
User Consent and Transparency: By accessing or using our services, you explicitly consent to the transfer of your personal data across international borders for the purposes described in this Privacy Policy. We will provide further information about international data transfers upon request.
Ongoing Review: We continually assess and update our data transfer practices to remain compliant with evolving legal requirements and to uphold the highest standards of data protection.

11. User Rights and Choices

LightDrive.one is committed to ensuring that you have full control over your personal data. In compliance with applicable data protection laws and industry standards, we provide you with the following rights regarding your data:

Right of Access: You may request access to the personal data we hold about you. Upon request, we will provide a copy of this data, along with details on how it is processed.
Right to Rectification: If you believe any of your personal data is inaccurate or incomplete, you have the right to request corrections or updates to ensure your data is accurate and current.
Right to Erasure (Right to be Forgotten): Subject to applicable legal obligations, you can request the deletion of your personal data. This includes data associated with a closed account, provided that no legal or contractual obligations require us to retain it.
Right to Restrict Processing: In certain circumstances, you may request that we limit the processing of your personal data. This might apply if you contest the accuracy of your data or if you object to its processing while we verify its accuracy.
Right to Data Portability: You have the right to request your personal data in a structured, commonly used, and machine-readable format, and to transfer it to another data controller where technically feasible.
Right to Object: You may object to the processing of your personal data, particularly for direct marketing purposes, or for processing based on our legitimate interests, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.
Right to Withdraw Consent: If the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out prior to the withdrawal.
Exercising Your Rights: To exercise any of these rights, please contact our designated privacy support team using the contact details provided in this Privacy Policy. We will respond to your request in accordance with applicable legal requirements and within a reasonable timeframe.
Limitations and Exceptions: Please note that certain rights may be subject to limitations under applicable laws, and some requests may not be fully granted if they conflict with other legal obligations or the rights of other users.

12. Consent and Legal Basis for Processing

LightDrive.one processes personal data in accordance with applicable data protection laws and only on a lawful basis. Specifically, the processing of your data is founded on the following legal grounds:

Contractual Necessity: Processing is required to fulfill our contractual obligations to provide and maintain the services you request, ensuring that your use of LightDrive.one is secure, reliable, and functional.
Consent: For certain processing activities, we obtain your explicit consent. This may include personalized service features or specific communications. You have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out prior to its withdrawal.
Legitimate Interests: In some cases, processing is based on our legitimate interests—such as improving and securing our services—provided these interests are balanced against your rights and freedoms. We continually assess these interests to ensure that your privacy is not compromised.
Legal and Regulatory Obligations: We process data as necessary to comply with applicable legal obligations, including responding to lawful requests and maintaining security measures mandated by law.

13. Cookies and Essential Tracking Technologies

LightDrive.one uses only strictly necessary cookies to ensure the proper functioning of our services. These cookies support essential functions, such as secure authentication, session management, and maintaining user preferences. Because they are integral to the operation of our website and services, disabling or deleting these cookies may prevent you from accessing certain features or maintaining an active session. By continuing to use LightDrive.one, you acknowledge that these necessary cookies are required for full access to our services. If you choose to disable cookies, you may be unable to use our services as intended.

14. Compliance with Legal Orders

LightDrive.one is committed to adhering to all applicable legal orders, court decisions, and requests from law enforcement or regulatory authorities. In such instances, we will disclose personal data only to the extent required by law or pursuant to a valid legal request. Wherever legally permissible, we will notify you before disclosing your information. Our goal is to balance compliance with legal obligations while protecting your privacy rights to the fullest extent possible under applicable law.

15. Policy Updates and Notification Procedures

We periodically review and update this Privacy Policy to reflect changes in legal requirements and our operational practices. Material changes will be communicated through our website and, when feasible, by email. The updated Privacy Policy will be clearly posted with a revised effective date. By continuing to use LightDrive.one’s services after any modifications are made, you are deemed to have accepted the updated policy.

16. Contact Information for Privacy Inquiries

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy support team using the information below:

Email: admin@lightdrive.one

We are committed to addressing your inquiries in a timely and transparent manner.

17. Children's Privacy and Age Restrictions

LightDrive.one’s services are not directed to children under the age of 13. We do not knowingly collect personal data from individuals under this age threshold. If you are under 13, you must have the consent and supervision of a parent or guardian to use our services. If you reside in a jurisdiction where the minimum legal age for consent to data processing is greater than 13, you must either meet that age requirement or secure the consent of a parent or guardian before using our services. We reserve the right to verify a user's age if there is reason to suspect that the user does not meet the minimum age requirements. In the event that we become aware of the inadvertent collection of personal data from a child under the applicable age limit, we will take prompt steps to delete that data. Parents and guardians with concerns regarding the privacy practices applicable to children's data are encouraged to contact our privacy support team.

Data Breach Notification Procedures

In the unlikely event of a data breach involving personal data, LightDrive.one will promptly initiate our Data Breach Response Plan, which includes:

Immediate Investigation and Containment: We will swiftly investigate the breach, contain its impact, and take remedial measures to prevent further unauthorized access.
Timely Notification: Where required by applicable law, we will notify affected users and relevant regulatory authorities without undue delay. The notification will include details about the nature of the breach, the data potentially compromised, and the measures we are taking to mitigate any harm.
Ongoing Remediation: We will continue to monitor the situation, provide updates as needed, and review our security practices to prevent similar incidents in the future.

19. Alternative Dispute Resolution & Governing Law

Any disputes arising out of or in connection with this Privacy Policy, or your use of LightDrive.one’s services, shall be resolved as follows:

Alternative Dispute Resolution (ADR): We encourage users to first contact us directly to resolve any issues informally. If a resolution cannot be reached, the dispute shall be submitted to binding arbitration in accordance with the rules of a recognized arbitration body. The arbitration will be conducted in English and in the location specified in our Terms of Service.
Governing Law: This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Iowa and the federal laws of the United States of America.

By using our services, you agree to the terms outlined above regarding dispute resolution and governing law.