Your notes on your team are super important. They house key feedback, coaching, and context to help you be an effective manager.
Knowing how critical they are, below is a quick explanation of how we secure your information and respect your privacy, while working to provide the best service possible for you.
What are your policies on Encryption, Passwords, and Backups?
We salt and hash all passwords, which means your log in information is safe with us. We also require strong, multi-character type passwords so you can be secure on your end.
Then, if/when you reset your password, or invite your team, we always use a unique, one time use URL sent to your email, so we never know what your password is and ensure security.
Finally, for your security, we use SSL, which ensures that data transferred to and from Lighthouse is encrypted. We also encrypt all backups of our database to a second location so you know your information is safe and redundant.
How do you address EU and UK data privacy laws, EU Safe Harbor / EU Privacy Shield, and the GDPR?
Upon request, for a small fee per manager account, we can migrate you to our EU hosted servers based in Frankfurt, Germany.
This is only offered to paying customers; the product functions identically on the two sites, so you should test on our main servers (based in New York City, USA) before deciding if you would like to continue using Lighthouse and have us migrate your account data to the EU servers.
You also of course can start fresh accounts on our EU servers if you only have test data in your US-based trial account.
To address the GDPR:
- We have EU hosting available for EU customers so that ensures your data stays in the EU only.
- There is no Rapport tab in the EU to comply with storing that sort of data.
- All customers have access to a full export of their data any time from the Team section of Settings
If you have EU/UK privacy law questions or would like to request a migration, contact us at Help@GetLighthouse.com and include “privacy” in the subject line.
What is your policy for Lighthouse Support & Team Access?
We only access user accounts when necessary to provide requested support. For instance, if you tell us there’s an issue with your notes or a specific team member, we may take a look to help debug the issue, and then ensure everything is fixed after addressing the issue.
Otherwise, we rely on our analytics, which tracks activity, not entries. This means that we may know that you "updated notes" (a real event we track) but we do *not* see what the contents of the note itself (i.e.- "Joe needs to improve his performance on X").
We have also abstracted ways we help you to admin control panels that allow us to check logs and make changes without ever accessing or viewing information. For example, the job titles and photos can be checked on our end when we import them for you from an admin panel that only shows name, email, job title, and photos, but none of your entered data.
We strive to reduce the number of reasons we'd need to access your full account as issues come up more often.
How can I get my data I enter out of Lighthouse?
Go to the Team section of Settings and you can always download a convenient, organized export of any team member. Just click "Export Member Details."
This is in the format of a Microsoft Excel file for each team member. Each tab in the export represents one of the team member tabs: Rapport, Goals, and 1 on 1s.
Don’t have Excel? This file also neatly imports into Google Drive so you can view the information there.