Skip to content
Lights & Kits
Browse categories
Gift GuidesHolidays & EventsCool GadgetsSmart HomeCreator GearDIY & KitsNews & Deals All posts Search

Privacy Policy

What data Lights & Kits collects, how long we keep it, your rights under GDPR and CCPA, and how to exercise them.

Last updated May 22, 2026

This privacy policy explains what data Lights & Kits collects when you visit this site, how we use it, how long we keep it, and what rights you have. We aim for the bare minimum data collection necessary to run the site.

The data controller for this site is Lights & Kits. To contact us about anything in this policy, see our contact page.

Data we collect

Analytics

We use Cloudflare Web Analytics, a privacy-friendly analytics service that does not require cookies. Cloudflare Web Analytics collects anonymous, aggregated data about page views, referrer, country, and browser type. It does not track individual users across sessions or sites and does not assign persistent identifiers.

Server logs

Like all websites, our hosting provider (Cloudflare Pages) records standard server logs including IP address, user agent, request path, response status, and timestamp. These logs are used for security, abuse prevention, and operational diagnostics. They are retained per Cloudflare's standard retention policy (typically less than 30 days for raw logs) and are not used for advertising or profiling.

Affiliate link clicks

When you click an affiliate link to Amazon or another retailer, that retailer may set cookies on your browser to attribute the purchase. We do not see your purchase information beyond aggregated commission reports (totals, not individual orders or identities). The destination retailer's privacy policy governs their tracking.

Direct correspondence

If you email us, we retain that email and any reply we send for as long as needed to handle the conversation and any reasonable follow-up. We do not add email addresses to a mailing list or share them with third parties.

Data we do not collect

  • We do not require accounts or logins.
  • We do not operate a newsletter. If that ever changes, this policy will be updated before any sign-up form goes live.
  • We do not embed Google Analytics, Facebook Pixel, TikTok Pixel, or similar third-party trackers.
  • We do not use cookies for advertising, retargeting, or cross-site tracking.
  • We do not sell, rent, or share personal information with third parties for their marketing.

Cookies

Lights & Kits does not set its own cookies. Third-party services we use (Cloudflare for infrastructure, retailers reached via affiliate links) may set their own cookies on your browser. Because we do not set tracking cookies ourselves, we do not display a cookie consent banner. If you visit a retailer's site after clicking an affiliate link, that retailer's cookie disclosure applies on their site.

Data retention

  • Analytics: aggregated only; no individual records to retain
  • Server logs: per Cloudflare's standard retention (raw logs typically less than 30 days)
  • Email correspondence: kept for as long as needed to handle the conversation, then deleted on request or after 24 months of inactivity

International data transfers

Cloudflare operates a global network. Requests to this site are served from whichever Cloudflare edge location is geographically nearest the visitor, which means request data may be processed in countries outside your own. Cloudflare's data transfer mechanisms (including Standard Contractual Clauses for transfers out of the EU/EEA) are documented in Cloudflare's GDPR resources.

Children's privacy

Lights & Kits is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it. This policy is intended to comply with the Children's Online Privacy Protection Act (COPPA).

Your rights under GDPR

If you are in the EU/EEA, the General Data Protection Regulation gives you the right to:

  • Access the personal data we hold about you
  • Request correction or deletion of that data
  • Object to processing of your data
  • Request restriction of processing
  • Request portability of your data
  • Lodge a complaint with your local data protection authority

Our lawful basis for the limited processing we do is legitimate interest (operating, securing, and improving the site). Because we collect almost no personal data and do not process it for marketing or profiling, the practical exercise of these rights is straightforward: contact us and we will respond within 30 days as required by GDPR.

Your rights under CCPA

If you are a California resident, the California Consumer Privacy Act gives you the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale. We do not sell personal information. To exercise any CCPA right, contact us using the email on our contact page with the subject line beginning "CCPA:" and we will respond within 45 days.

Security

The site is served over HTTPS only. Cloudflare provides DDoS protection and standard web application firewall coverage. We do not store sensitive personal data (no accounts, no payment details, no health data), which significantly reduces the impact of any potential security incident.

Changes to this policy

Material changes to this policy will be posted on this page with an updated revision date at the top. The current effective date is shown below the page title.