Data Policy

Light Strategy LLC — LeadOps Platform & Marketing Services  ·  Effective Date: March 17, 2026

Contents
1. What Data We Store 2. How Data Is Used 3. Where Data Is Stored 3a. Facebook & Meta Data 4. Security Practices 5. Data Sharing 6. Data Retention 7. Your Rights and Choices → Data Deletion Requests 8. Processing for Dealerships 9. Updates to This Policy 10. Contact

This Data Policy explains how Light Strategy LLC (“Light Strategy,” “we,” “our,” “us”) handles information stored and processed on the LeadOps platform. This includes dealership data, lead information, user accounts, analytics, and communication logs.

1 What Data We Store

  • Account data: dealership profiles, user accounts, permissions, and subscription information.
  • Lead data: customer contact details, inquiry history, communication logs, vehicle interest, and follow-up status.
  • Inventory data: vehicle listings, pricing, photos, and availability information provided by or collected for the dealership.
  • Communication data: inbound and outbound texts, emails, call metadata, and, if enabled, AI-generated responses.
  • Usage data: device information, IP address, dashboard activity, and performance metrics.
  • Automation data: n8n workflow events, webhook triggers, and related metadata.
  • Third-party integration data: data received from connected platforms — including Meta/Facebook Lead Ad submissions, Page information, and advertising performance data — limited to what is necessary to deliver the requested service.

2 How Data Is Used

We use stored data to provide, maintain, and improve the LeadOps platform. This includes:

  • Routing and managing leads for dealerships.
  • Generating diagnostics, performance insights, and reporting.
  • Sending requested communications such as appointment reminders and follow-ups.
  • Syncing with integrated services like email providers or advertising platforms.
  • Preventing fraud, abuse, and security threats.
  • We do not use data from Meta or other third-party integrations for advertising, profiling, or any purpose beyond the specific service requested by the dealership.

3 Where Data Is Stored

  • Primary hosting: servers located in the United States.
  • Database: MySQL datastore with restricted access credentials.
  • Storage: AWS S3 for attachments, logs, and email files.
  • Email: Amazon SES for outbound messaging infrastructure.
  • Automations: n8n automation server hosted on a secured environment.
  • Telephony: Twilio infrastructure for SMS and calling services.

f Facebook and Meta Data Storage

Meta Integration
When a dealership connects their Facebook Page to LeadOps, we store the following Meta-sourced data in our MySQL database on U.S.-based servers: Facebook Page ID, Lead Ad form submissions (mapped to our leads table), advertising performance metrics, and an encrypted OAuth access token.
  • Access tokens are stored in encrypted form using industry-standard encryption. They are never stored in plain text.
  • Meta-sourced lead data is stored in the same leads table as all other leads, scoped to the dealership’s account and never shared across dealerships.
  • Advertising performance data (spend, impressions, CTR) is stored temporarily for dashboard display and is refreshed on each session.
  • We do not transfer Meta user data to data brokers, ad networks, or any party outside of the dealership’s direct service.
  • Our use of Meta data complies with Meta’s Platform Terms and Developer Policies.
  • Dealerships may disconnect their Facebook Page at any time. Upon disconnection, we stop collecting new Meta data. To request deletion of existing Meta-sourced data, see the Data Deletion Requests section below.

4 Security Practices

  • Encrypted transport for all dashboards, APIs, and webhooks (HTTPS/TLS).
  • Access controls and authentication for dealership users.
  • API key restrictions for automation and integration endpoints.
  • Database access limited to specific internal servers.
  • Third-party OAuth tokens (including Meta access tokens) stored in encrypted form.
  • Regular monitoring for abnormal API or inbound message activity.

5 Data Sharing

  • Dealerships: data is shared only with the specific dealership that owns the lead or account.
  • Service providers: infrastructure vendors such as hosting servers, email delivery services, SMS/telephony providers, and workflow systems.
  • Legal compliance: information shared when required by law.
We do not sell data to third parties.

6 Data Retention

  • Lead data is retained as long as the dealership remains active or until deletion is requested.
  • Communication records are retained for diagnostic and proof-of-delivery purposes.
  • Meta-sourced lead data follows the same retention schedule as all other lead data.
  • Encrypted Meta access tokens are deleted upon dealership disconnection or upon request.
  • Backups and logs may persist for a limited period for security and continuity.

7 Your Rights and Choices

  • Request access, correction, or deletion of your data where applicable.
  • Opt out of text messages by replying STOP and request help by replying HELP.
  • Ask for account deletion or data export from your dealership’s admin contact.
  • Request deletion of Meta-sourced data — see the section below for full instructions.

Data Deletion Requests

How to Request Deletion of Your Data

If you have connected a Facebook account to LeadOps and would like us to delete the data associated with that connection, follow the steps below. We will process all verified deletion requests within 30 days.

To request deletion of your data:

1

Send an email to info@lightstrategy.com with the subject line: “Data Deletion Request — LeadOps”

2

Include the following in your message: your dealership name, the email address associated with your LeadOps account, and the Facebook Page name or Page ID you connected.

3

We will confirm receipt within 2 business days and complete the deletion within 30 days. We will send a confirmation email once deletion is complete.

What gets deleted upon request:

  • Your Facebook Page connection record and encrypted access token stored in LeadOps.
  • Any lead records in LeadOps that were sourced exclusively from your Meta Lead Ad forms (records with source = “Meta AIA”).
  • Associated ad performance data cached from your Meta account.

What is not deleted: leads that were entered manually or came from other sources, even if they overlap with Meta leads, remain unless you request full account deletion.

You can also disconnect your Facebook Page at any time from within your LeadOps account settings. Disconnecting stops all future data collection from Meta but does not delete historical data already stored. To delete historical data, follow the steps above.

8 Processing Data for Dealerships

Light Strategy acts as a service provider or processor. The dealership controls the lead and customer information stored on the platform. We process that data based on the dealership’s instructions and applicable agreements.

9 Updates to This Policy

We may update this Data Policy. Changes will be posted on this page with an updated effective date.

10 Contact

Questions about this policy can be sent to info@lightstrategy.com.

Effective Date: March 17, 2026  ·  Previous version: November 25, 2025  ·  Changes: Added Data Deletion Requests section; updated Sections 3a and 7 with Meta-specific language.