Privacy policy

This document explains what data we collect, why, how we use it, and how you can ask us to delete it. We aim for the shortest honest version of this.

Who we are

Lightrion is a service operated by MREDTECH LLC, a limited liability company registered in Wyoming, United States. For privacy-related inquiries, contact security@lightrion.com.

What we collect

When you sign up

• Your email address (required)
• Your name (optional)
• The free-text use-case description you provide
• The IP address of your signup request and a timestamp

When you use the API

For each request to the MCP server, we log:

• The first 12 characters of your API key (to identify which key was used — never the full key)
• HTTP method, path, response status code, and latency
• The MCP method and tool name (e.g. tools/call, search_code)
• A coarse summary of arguments (string length, list size, dict keys) — never the raw text of your queries or the content returned to you
• Source IP address (to enforce per-key rate limits and detect abuse)

What we do not collect

• We do not log the raw text of your search queries.
• We do not log the content returned to you from any tool call.
• We do not run third-party analytics, tracking pixels, or marketing cookies on lightrion.com.
• We do not sell or share data with advertisers. We have no advertisers.

How we use this data

• Authentication and rate limiting. Your hashed key and request log are used to authenticate you and enforce per-key rate limits.
• Operational analytics. Aggregate stats (total requests, tool usage distribution, latency) help us understand how the service is used and where to invest.
• Abuse prevention. IP-level metadata is used to detect and block automated abuse.
• Service communications. We may email you about service availability, breaking changes, and security incidents.

Cookies and third-party services

lightrion.com does not set cookies for tracking or analytics. We use the following third-party services strictly for the operation of the service:

• Cloudflare Pages for hosting this website (subject to Cloudflare’s privacy policy).
• Cloudflare Turnstile for bot protection on the signup form (no tracking cookies, but Cloudflare receives the page request).
• Resend for transactional email delivery (subject to Resend’s privacy policy).
• Voyage AI as our embedding provider. Your queries are sent to Voyage at the moment of embedding, but Voyage processes them under their own privacy terms and we do not store the raw query text.
• OVHcloud hosts the MCP server (subject to OVH’s privacy policy).

Where data is stored

Operational data (API keys, request logs) is stored on a server located in Beauharnois, Canada (operated by OVHcloud). Aggregate analytics may be reviewed from anywhere by authorized MREDTECH LLC personnel.

How long we keep it

• API keys and account metadata: until you ask us to delete them.
• Request logs (per-request metadata): up to 30 days, then deleted.
• Rate-limit counters: up to 25 hours.
• Aggregate analytics (counts, distributions, latency averages with no per-request identifiers): retained indefinitely.

Your rights

You can request, free of charge, to:

• See what data we hold about you
• Have your data deleted (this includes revoking your API key and removing your email and use-case description from our records)
• Have inaccurate data corrected

Email security@lightrion.com from the email address associated with your account, and we will respond within 14 days.

Children

Lightrion is not intended for use by anyone under 16 years of age. We do not knowingly collect data from minors. If we learn we have collected data from a minor, we will delete it.

Changes to this policy

We may update this policy as the service evolves. If we make significant changes, we’ll email registered users at least 14 days before the change takes effect. The current version is always available at this URL.

← Back to home