Light
Light is a General Ledger solution which allows users to manage their invoicing, bills, accounting, and reporting in the Light Webapp.
We have workflows that allow users to upload and approve transactions (e.g. bills or reimbursements) directly from within Slack.This app includes AI-powered features that use a Large Language Model, which may occasionally generate inaccurate or incomplete responses. Use AI-generated outputs as guidance and review them carefully before taking action.
We have workflows that allow users to upload and approve transactions (e.g. bills or reimbursements) directly from within Slack.This app includes AI-powered features that use a Large Language Model, which may occasionally generate inaccurate or incomplete responses. Use AI-generated outputs as guidance and review them carefully before taking action.
Light will be able to view:
Light will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
General
Developer
Light Company ApS
Company headquarters location
Denmark
Terms of service
Privacy & data governance
Data retention policy
13. DELETION AND RETURN OF PERSONAL DATA
13.1. Following the end term or termination of the Agreement, the Data Processor shall retain Customer Data that remains stored in Data Controller’s tenant in a limited function account for 90 days after expiration or termination of Data Controller’s subscription. After the 90-day retention period ends, the Data Processor will disable Data Controller’s account and delete the Personal Data, unless Data Processor is permitted or required by applicable law, or authorized under this DPA, to retain such data. At all times during the term of Data Controller’s subscription, Data Controller will have the ability to access, extract and delete Customer Data stored in their tenant.
13.2. Upon the Data Controller’s request, the Data Processor shall certify in writing the destruction of the personal data.
Data archiving and removal policy
13. DELETION AND RETURN OF PERSONAL DATA
13.1. Following the end term or termination of the Agreement, the Data Processor shall retain Customer Data that remains stored in Data Controller’s tenant in a limited function account for 90 days after expiration or termination of Data Controller’s subscription. After the 90-day retention period ends, the Data Processor will disable Data Controller’s account and delete the Personal Data, unless Data Processor is permitted or required by applicable law, or authorized under this DPA, to retain such data. At all times during the term of Data Controller’s subscription, Data Controller will have the ability to access, extract and delete Customer Data stored in their tenant.
13.2. Upon the Data Controller’s request, the Data Processor shall certify in writing the destruction of the personal data.
Data storage policy
Light Company ApS stores data in accordance with GDPR and applicable law. See more at https://light.inc/dpa
Data center location(s)
Ireland
Data hosting details
Cloud hosted on AWS
Data hosting company
AWS
App/service has sub-processors
yes
Guidelines for sub-processors
App/service uses large language models (LLM)
yes
LLM model(s) used
Gemini
LLM retention settings
Gemini Enterprise retains API logs for up to 30 days for security. Data is not used for training. Deleted customer data follows Google Cloud’s standard deletion process.
LLM data tenancy policy
We use Google Gemini Enterprise via API. Our data remains fully owned by us and is not used by Google for model training. No human reviewers access our data.
LLM data residency policy
Data at rest is stored in our chosen Google Cloud region (US/EU). Inference may be processed globally within Google Cloud’s secure infrastructure.
Certifications & compliance
Data deletion request procedure
Request Initiation: A user or Workspace Admin can initiate a data deletion request by contacting us at support@light.inc.
Identity Verification: We will reply to the request and ask the requester to confirm their identity. For a user, we verify they are contacting us from the email address associated with their Slack account. For a workspace-wide deletion, we require the request to come from a registered Workspace Admin.
Deletion Execution: Once verified, we will begin the deletion process. We permanently and irrevocably delete all associated data, including user profile information, access tokens, and any content generated or stored by the app. This process is completed within 30 days of the initial request.
Confirmation: After the data has been permanently deleted from our systems, we will send a final confirmation email to the requester.
HIPAA compliant
no
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack Marketplace, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Security
Date of latest pen test
2025-10-03
Executive summary is available to potential customers upon request
yes
Supports Single Sign On (SSO) with the following providers
Google
Supports Security Assertion Markup Language (SAML)
no
Has a dedicated security team
no
Contact for security issues
support@light.inc
Has a vulnerability disclosure program
no
Has a bug bounty program
no
Requires third party authorization/connections
no
Uses token rotation
no