The safety measures is the key for any online service, including SpeedLight. This document describes how do we maintain your data security.
SpeedLight servers never receive your passwords.
According to Linden Lab Third Party Viewer policy, viewers are strictly forbidden to send credentials anywhere except SL login servers. SpeedLight is an approved Second Life viewer and obeys this rule.
When you login, your credentials are being sent directly to SL login server. It responds with a one-time login token which is being used by SpeedLight to keep avatar online (this communication can be examined in browser's network inspector).
The "Save password with SpeedLight" checkbox just saves the password in your browser only.
Storing other data
SpeedLight website may store the other data: last login time, last login location, IM history and L$ transaction history.
You may irreversibly remove these data by removing your avatar. The future updates will include automatic and on-demand cleanup of the sensitive data.
IM history can be end-to-end encrypted to prevent storing your messages with SpeedLight.
We do not provide any of your data to any third-parties: neither personal nor depersonalized. This statement can be considered a warrant canary.