Privacy Policy

Early BetaNon-commercial project

Last updated: December 29, 2025

LighthouseRobot is currently in early beta and is a non-commercial, personal project. It is not operated as a business and does not generate any revenue. The service is provided free of charge for testing and feedback purposes.

1. Introduction

Welcome to LighthouseRobot. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our website performance monitoring service.

LighthouseRobot is operated by Holger Koenemann, based in Germany. As a German operator, we comply with the General Data Protection Regulation (GDPR) and German data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

Holger Koenemann
Saatkamp 17
30938 Burgwedel
Germany
Email: office@holgerkoenemann.de

3. Data We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address (used for authentication and communication)

3.2 Website Monitoring Data

When you add websites to monitor, we collect and store:

  • URLs of websites you choose to monitor
  • Lighthouse audit scores (Performance, Accessibility, Best Practices, SEO)
  • Historical performance data and trends
  • Leaderboard names and configurations

3.3 Technical Data

We automatically collect certain technical information:

  • IP address (for security and abuse prevention)
  • Browser type and version
  • Device information
  • Usage patterns within the application

4. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and maintain our service
  • To authenticate your account using email-based OTP verification
  • To run automated Lighthouse audits on your specified websites
  • To display performance scores and historical data in your dashboard
  • To generate public share links when you choose to share leaderboards
  • To send important service-related communications
  • To improve and optimize our service
  • To prevent abuse and ensure security

5. Legal Basis for Processing

Under GDPR, we process your data based on:

  • Contract performance: Processing necessary to provide you with our service
  • Legitimate interests: For security, fraud prevention, and service improvement
  • Consent: Where you have explicitly agreed (e.g., for optional features)

6. Data Storage and Security

Your data is stored securely using Supabase, with servers located in the European Union. We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL)
  • Row Level Security (RLS) ensuring you can only access your own data
  • Secure authentication via email OTP
  • Regular security reviews and updates

7. Third-Party Services

We use the following third-party services:

  • Supabase: Database and authentication (EU servers)
  • Vercel: Hosting and deployment
  • Google PageSpeed Insights API: To perform Lighthouse audits on your websites

These services have their own privacy policies and are GDPR compliant.

8. Public Share Links

When you create a public share link for your leaderboard:

  • The leaderboard name and monitored URLs become publicly visible
  • Performance scores for those URLs are publicly accessible
  • Your email address is never displayed publicly
  • You can disable public sharing at any time

9. Your Rights

Under GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Request your data in a machine-readable format
  • Restriction: Request limitation of processing
  • Objection: Object to processing based on legitimate interests

To exercise these rights, contact us at office@holgerkoenemann.de. We will respond within 30 days.

10. Data Retention

We retain your data for as long as your account is active. Historical audit data is kept to provide you with performance trends over time. If you delete your account, all associated data will be permanently removed within 30 days.

11. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or any third-party analytics that track your behavior across websites.

12. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date.

14. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

Email: office@holgerkoenemann.de

You also have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement.