Data Security & Privacy

Lightfern is built with security at its centre. This means Zero Data Retention by default.

Zero data retention

By default, prompt data including email content, drafts, and calendar events is never stored or persisted by Lightfern. Specifically:

• No content logging. We do not log or store prompt or generation data unless you explicitly opt in to model training.
• Volatile memory only. Any content data received during processing exists only in a short-lived, in-memory cache used to improve performance. It is never written to persistent storage and is automatically purged within minutes.

Can Lightfern's servers access my emails?

No. Our servers do not have standing access to your email account. When you sign in with a provider like Google or Microsoft, an authentication token is issued and stored solely on your device. This authentication token is the "key" that allows fetching your email content from your email provider.

Because our servers never see this token (not even in transit), our servers cannot access your emails independently. Only when you are actively using the product (e.g. drafting an email) is your email data sent to our servers — never in the background.

What data is sent when generating a suggestion?

The extension sends the minimum context needed to produce a relevant, personalised response: the email you are currently composing, the thread it belongs to, a small number of your past emails used to provide context and match your writing style, and relevant calendar information. No other data from your inbox is accessed or transmitted, and all of it is processed immediately and never persisted (see Zero data retention above).

Is Lightfern accredited?

Yes. Lightfern is CASA Tier 2 accredited — an independent third-party security assessment required by Google for apps that access Gmail data. We are actively pursuing additional certifications to further demonstrate our commitment to security.

What about third-party inference providers?

We have zero data retention agreements with all our inference providers. Our inference providers are OpenAI and Fireworks AI.

Does Lightfern store any of my data at all?

Yes. We retain basic account information such as the email address you used to sign up and account preferences. This is required to provide our service and is separate from prompt and generation data. See our Privacy Policy for full details.

Is my data encrypted?

Yes. All data transmitted between your device and Lightfern's servers is encrypted in transit using HTTPS (TLS). Stored account data is encrypted at rest using AES-256 with automatic key rotation.

What if I opt in to model training?

If you choose to opt in, we may retain and use prompt data to improve Lightfern's products and AI models. You can always revoke your consent within the extension's settings page. You may also request deletion of your data at any time by contacting us at [email protected].

What are my rights?

Lightfern operates in full compliance with applicable data protection laws, including GDPR and CCPA. You have the right to access, correct, delete, or export your personal data at any time. To exercise any of these rights, contact us at [email protected] or see our Privacy Policy for full details.

Have more questions?

Check out our FAQ for answers to common questions about how Lightfern works.