Privacy Policy

Effective Date: December 17, 2025 · Last Updated: June 12, 2026

1. Introduction

Low Orbit, LLC, doing business as Blacklight ("Blacklight," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services.

Blacklight is headquartered in Brooklyn, NY (USA). We comply with applicable data protection laws including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the UK General Data Protection Regulation (UK GDPR) for users in the United Kingdom, the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), and applicable US state privacy laws including the California Consumer Privacy Act (CCPA, as amended by the CPRA).

For the purposes of the GDPR and UK GDPR, the data controller is Low Orbit, LLC d/b/a Blacklight, Brooklyn, NY, USA, reachable at privacy@blklight.net. A German-language version of this policy is available at /datenschutz; in case of any conflict between the two versions, this English version governs.

2. Information We Collect

Account Information

When you create an account, we collect:

Phone Authentication & Our No-Spam Commitment

Blacklight uses phone-based authentication exclusively. When you sign up or log in, we send a one-time passcode (OTP) via SMS. This is the only time we will ever text you.

We will never:

Your phone number is used solely for account verification and security. We respect your privacy and your inbox.

Profile Content

Content you choose to upload to your EPK, including:

Usage Data

We automatically collect:

3. IP Address Handling

We collect IP addresses for security and analytics purposes. How we use IP data depends on your cookie consent:

IP addresses are retained for 24 hours for rate limiting and security purposes, after which they are deleted or anonymized.

4. Analytics and Tracking

We collect analytics to help you understand how visitors interact with your EPK:

If you enable Google Analytics integration on your EPK (optional), Google's privacy policy applies to that data collection.

5. Cookies

Essential Cookies

These cookies are necessary for the Service to function and cannot be disabled:

Analytics Cookies

These cookies help us understand how visitors use the Service. They are only set if you accept them:

Your cookie preference is remembered for 12 months. You can change your preference at any time through the cookie banner.

6. Consent Records

When you provide consent (for example, agreeing to our Terms or accepting cookies), we store a record of that consent including:

Consent records are retained for the duration of your relationship with Blacklight plus 3 years, as required by GDPR.

7. Third-Party Services

We use the following third-party services to operate Blacklight:

Each of these services has their own privacy policy governing how they handle your data.

8. Legal Basis for Processing (GDPR)

Under GDPR and UK GDPR, we process your personal data based on the following legal grounds:

You may withdraw consent at any time for processing based on consent. This will not affect the lawfulness of processing before withdrawal.

9. How We Use Your Information

We use your information to:

10. Data Sharing

We do not sell your personal information. We may share your information in the following circumstances:

11. Your Rights (GDPR and UK GDPR)

If you are in the European Economic Area (EEA) or the United Kingdom, you have the following rights under GDPR and UK GDPR:

Right to lodge a complaint:You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement (GDPR Art. 77). In the UK, the supervisory authority is the Information Commissioner's Office (ICO).

To exercise any of these rights, contact us at privacy@blklight.net. We may need to verify your identity before fulfilling your request, and we will respond within one month.

Data Export

You can export all your data at any time through your account settings. Your export will include:

Account Deletion

You can delete your account at any time. Account deletion will permanently remove all your data, including your profile, uploaded content, and analytics. This action cannot be undone.

We process deletion and data export requests within 30 days.

12. US State Privacy Rights

If you are a resident of California or another US state with a comprehensive privacy law, you have the following rights with respect to your personal information:

You may exercise these rights by emailing privacy@blklight.net. You may also designate an authorized agent to make a request on your behalf.

13. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you.

14. Data Retention

We retain your data for as long as your account is active. Specific retention periods:

When you delete your account, all associated data is permanently deleted.

15. Security

We implement appropriate technical and organizational measures to protect your data, including:

While we strive to protect your data, no method of transmission over the Internet is 100% secure.

16. International Transfers

Your data may be processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international data transfers in compliance with GDPR, including the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, adequacy decisions.

17. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

18. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

19. Contact Information

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

privacy@blklight.net