Lighthouse

AI revenue management and business intelligence for hospitality and travel

Tractable

AI-powered visual damage assessment for auto and property insurance claims

Lighthouse

Strong

20/25

Tractable

Moderate

13/25

Score Breakdown

DimensionLighthouseTractable

Data Residency

Where is your data stored and processed?

Lighthouse: Data hosted on AWS with EU region configuration for European customers. Belgian incorporation means primary data governance is under EU law. Appropriate for European hotel groups with GDPR obligations on guest and revenue data.

Tractable: Multi-cloud deployment (Azure confirmed). EU affiliates in France and Germany suggest EU data handling capability. Specific data centre regions not publicly documented.

4/5

Data hosted on AWS with EU region configuration for European customers. Belgian incorporation means primary data governance is under EU law. Appropriate for European hotel groups with GDPR obligations on guest and revenue data.

3/5

Multi-cloud deployment (Azure confirmed). EU affiliates in France and Germany suggest EU data handling capability. Specific data centre regions not publicly documented.

Legal Jurisdiction

Which laws govern the company and your data?

Lighthouse: Incorporated in Belgium under Belgian and EU law. GDPR applies as a matter of corporate law, not just contractual obligation. EU incorporation with no US parent company. No CLOUD Act exposure. Strong EU sovereignty story for the hospitality sector.

Tractable: UK limited company. Post-Brexit UK GDPR applies. EU adequacy decision enables straightforward data transfers. Serves European insurers (Covea, Direct Assurance) demonstrating EU regulatory acceptance.

5/5

Incorporated in Belgium under Belgian and EU law. GDPR applies as a matter of corporate law, not just contractual obligation. EU incorporation with no US parent company. No CLOUD Act exposure. Strong EU sovereignty story for the hospitality sector.

3/5

UK limited company. Post-Brexit UK GDPR applies. EU adequacy decision enables straightforward data transfers. Serves European insurers (Covea, Direct Assurance) demonstrating EU regulatory acceptance.

Data Retention & Training

Is your data used for model training?

Lighthouse: Customer hotel data is not used for cross-customer model training without consent. GDPR-compliant data processing agreements available under Article 28. Configurable data retention aligned with hospitality operational requirements.

Tractable: Core AI model pre-trained on proprietary historical dataset. Customer-specific data handling governed by enterprise DPA. Insurance claims data is highly sensitive — specific retention terms negotiated per contract.

4/5

Customer hotel data is not used for cross-customer model training without consent. GDPR-compliant data processing agreements available under Article 28. Configurable data retention aligned with hospitality operational requirements.

3/5

Core AI model pre-trained on proprietary historical dataset. Customer-specific data handling governed by enterprise DPA. Insurance claims data is highly sensitive — specific retention terms negotiated per contract.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Lighthouse: Holds ISO 27001 certification. Appropriate baseline for a hospitality technology platform. SOC 2 Type II would strengthen the posture for hotel groups with enterprise procurement requirements.

Tractable: No SOC 2 or ISO 27001 publicly confirmed. Serves major regulated insurers suggesting contractual security requirements are met. Public certification would significantly strengthen enterprise procurement.

3/5

Holds ISO 27001 certification. Appropriate baseline for a hospitality technology platform. SOC 2 Type II would strengthen the posture for hotel groups with enterprise procurement requirements.

1/5

No SOC 2 or ISO 27001 publicly confirmed. Serves major regulated insurers suggesting contractual security requirements are met. Public certification would significantly strengthen enterprise procurement.

Regulatory Fit

Suitability for regulated industries and professional services

Lighthouse: Excellent fit for European hotel operators subject to GDPR and national data protection authorities. Belgian legal jurisdiction and EU data hosting provide a credible compliance posture. Good alignment with hospitality-specific data governance requirements.

Tractable: Deployed by FCA-regulated UK insurers and ACPR-regulated French insurers. UK jurisdiction with EU adequacy. Insurance-specific AI with proven regulatory acceptance across multiple markets.

4/5

Excellent fit for European hotel operators subject to GDPR and national data protection authorities. Belgian legal jurisdiction and EU data hosting provide a credible compliance posture. Good alignment with hospitality-specific data governance requirements.

3/5

Deployed by FCA-regulated UK insurers and ACPR-regulated French insurers. UK jurisdiction with EU adequacy. Insurance-specific AI with proven regulatory acceptance across multiple markets.

Total Score

20/25

13/25

Best For

Lighthouse

Best for EU-headquartered organisations needing maximum data sovereignty; regulated industries (ICO, APD (Belgium)); privacy-conscious teams who need strong data retention controls.

Tractable

Best for teams that prioritise data residency (scores 3/5) and need a bronze-tier tool.

Detailed Comparison

Lighthouse vs Tractable: Trust & Compliance Comparison

Lighthouse (Lighthouse, BE) scores 20/25 overall with a Silver (Strong) trust badge. AI revenue management and business intelligence for hospitality and travel. Tractable (Tractable, GB) scores 13/25 with a Bronze (Moderate) trust badge. AI-powered visual damage assessment for auto and property insurance claims.

Dimension-by-Dimension Breakdown

#### Data Residency

Lighthouse leads with 4/5 vs 3/5.

●Lighthouse (4/5): Data hosted on AWS with EU region configuration for European customers. Belgian incorporation means primary data governance is under EU law. Appropriate for European hotel groups with GDPR obligations on guest and revenue data.

●Tractable (3/5): Multi-cloud deployment (Azure confirmed). EU affiliates in France and Germany suggest EU data handling capability. Specific data centre regions not publicly documented.

#### Legal Jurisdiction

Lighthouse leads with 5/5 vs 3/5.

●Lighthouse (5/5): Incorporated in Belgium under Belgian and EU law. GDPR applies as a matter of corporate law, not just contractual obligation. EU incorporation with no US parent company. No CLOUD Act exposure. Strong EU sovereignty story for the hospitality sector.

●Tractable (3/5): UK limited company. Post-Brexit UK GDPR applies. EU adequacy decision enables straightforward data transfers. Serves European insurers (Covea, Direct Assurance) demonstrating EU regulatory acceptance.

#### Data Retention & Training

Lighthouse leads with 4/5 vs 3/5.

●Lighthouse (4/5): Customer hotel data is not used for cross-customer model training without consent. GDPR-compliant data processing agreements available under Article 28. Configurable data retention aligned with hospitality operational requirements.

●Tractable (3/5): Core AI model pre-trained on proprietary historical dataset. Customer-specific data handling governed by enterprise DPA. Insurance claims data is highly sensitive — specific retention terms negotiated per contract.

#### Certifications

Lighthouse leads with 3/5 vs 1/5.

●Lighthouse (3/5): Holds ISO 27001 certification. Appropriate baseline for a hospitality technology platform. SOC 2 Type II would strengthen the posture for hotel groups with enterprise procurement requirements.

●Tractable (1/5): No SOC 2 or ISO 27001 publicly confirmed. Serves major regulated insurers suggesting contractual security requirements are met. Public certification would significantly strengthen enterprise procurement.

#### Regulatory Fit

Lighthouse leads with 4/5 vs 3/5.

●Lighthouse (4/5): Excellent fit for European hotel operators subject to GDPR and national data protection authorities. Belgian legal jurisdiction and EU data hosting provide a credible compliance posture. Good alignment with hospitality-specific data governance requirements.

●Tractable (3/5): Deployed by FCA-regulated UK insurers and ACPR-regulated French insurers. UK jurisdiction with EU adequacy. Insurance-specific AI with proven regulatory acceptance across multiple markets.

Certifications at a Glance

Certification	Lighthouse	Tractable
ISO 27001	Yes	No

Overall Verdict

Lighthouse has a clear trust advantage, scoring 20/25 compared to Tractable's 13/25. Lighthouse particularly excels in data residency, legal jurisdiction, data retention & training, certifications, regulatory fit.

Frequently Asked Questions

Which is better for EU compliance, Lighthouse or Tractable?

Lighthouse has a TrustKit score of 20/25 while Tractable scores 13/25. Lighthouse currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Lighthouse and Tractable compare on data residency?

Lighthouse scores 4/5 for data residency (Data hosted on AWS with EU region configuration for European customers. Belgian incorporation means primary data governance is under EU law. Appropriate for European hotel groups with GDPR obligations on guest and revenue data.), while Tractable scores 3/5 (Multi-cloud deployment (Azure confirmed). EU affiliates in France and Germany suggest EU data handling capability. Specific data centre regions not publicly documented.).

Are Lighthouse and Tractable GDPR compliant?

Both tools are assessed across five compliance dimensions. Lighthouse has a regulatory fit score of 4/5 and Tractable scores 3/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool