Privacy Policy

Last updated: February 7, 2025

Introduction

Lantern Capital ("we," "us," or "our") is committed to protecting the privacy of our subscribers, visitors, and users. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you visit our website at lanterncapital.com and use our services, including our subscription-based research platform, newsletter, and proprietary LDEI Index data.

By accessing or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

Information We Collect

Information You Provide Directly

We collect information that you voluntarily provide when you:

  • Create an account: Email address and password. You may optionally provide your first name, last name, phone number, and company or organization name.
  • Subscribe to a plan: When you subscribe, payment information is collected and processed directly by our payment processor, Stripe. We do not store your credit card number or payment card details on our servers. We receive and store your Stripe customer identifier and subscription status to manage your account.
  • Contact us: If you use our contact form, we collect your name, email address, company name (optional), and the content of your message.
  • Update your profile: Any additional information you choose to add to your account settings, such as your name, phone number, or company.

Information Collected Automatically

When you visit our website, certain information may be collected automatically:

  • Authentication cookies: We use cookies to manage your login session. These are essential cookies required for the website to function and cannot be disabled.
  • Server logs: Our hosting provider, Cloudflare, may collect standard server log information such as your IP address, browser type, referring page, and pages visited. This data is managed by Cloudflare under their own privacy policy.
  • Local preferences: We store your display theme preference (light or dark mode) in your browser's local storage. This is not transmitted to our servers and is used solely to remember your visual preference.

Email Engagement Data

When we send you newsletters and research updates, our email delivery service may collect data about whether emails were delivered, opened, or if links were clicked. We use this data in aggregate to improve our content and ensure reliable delivery. We do not use this data to build individual behavioral profiles.

How We Use Your Information

We use the information we collect for the following purposes:

  • Provide our services: To create and manage your account, deliver newsletters and research content, provide access to the LDEI Index and historical data, and process your subscription.
  • Communicate with you: To send you daily research insights, respond to your inquiries, and provide important account notifications (such as subscription status changes or password resets).
  • Improve our services: To understand how our content is received and to improve the quality and delivery of our research.
  • Ensure security: To protect against unauthorized access, maintain data integrity, and ensure the proper functioning of our platform.
  • Comply with legal obligations: To meet applicable legal and regulatory requirements.

How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We share your information only in the following limited circumstances:

  • Service providers: We use trusted third-party services to operate our platform. These providers only have access to the information necessary to perform their functions and are contractually obligated to protect your data. Our current service providers include:
    • Supabase — Database hosting and user authentication
    • Stripe — Payment processing and subscription management
    • Resend — Email delivery for newsletters and transactional emails
    • Cloudflare — Website hosting, content delivery, and security
  • Legal requirements: We may disclose your information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

Data Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it, including:

  • All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
  • Passwords are cryptographically hashed and never stored in plain text.
  • Our application runs in full server-side rendering mode, ensuring sensitive data and credentials are never exposed to the client.
  • Database access is controlled through row-level security policies, ensuring users can only access their own data.
  • Payment information is handled entirely by Stripe and is never stored on our servers. Stripe is PCI DSS Level 1 compliant.
  • Webhook communications from third-party services are verified using cryptographic signatures.

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to implementing industry best practices.

Cookies and Tracking Technologies

We use a minimal set of cookies, limited to what is necessary to operate our service:

  • Authentication cookies: These cookies are set when you log in and are required to maintain your session. They are essential for the website to function and cannot be opted out of while using authenticated features.

We do not use third-party analytics cookies, advertising cookies, or any form of cross-site tracking. We do not participate in ad networks or use retargeting technologies.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. Specifically:

  • Account data: Retained while your account is active. If you request account deletion, your data will be removed from our systems, subject to any legal retention requirements.
  • Email delivery logs: Retained to monitor delivery quality and troubleshoot issues. These logs are periodically purged.
  • Contact form submissions: These are delivered to us via email and are not stored in our database.
  • Payment records: Subscription identifiers are retained as long as your account exists. Full payment history is maintained by Stripe under their own retention policies.

Your Rights and Choices

You have the following rights regarding your personal information:

  • Access and update: You can access and update your profile information at any time through your account settings.
  • Email preferences: While our newsletters are a core part of the subscription service, you may contact us to discuss your email preferences.
  • Data portability: You may request a copy of the personal information we hold about you in a commonly used format.
  • Account deletion: You may request deletion of your account and associated personal data by contacting us at the email address below.
  • Withdraw consent: Where processing is based on consent, you may withdraw consent at any time.

For California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, please contact us using the information below.

For European Residents (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object. Our legal bases for processing your data include performance of a contract (providing our subscription service), legitimate interest (improving our services and ensuring security), and consent (where applicable). To exercise your GDPR rights, please contact us using the information below.

International Data Transfers

Our services are hosted in the United States. If you access our services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using our services, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we may have collected information from a child, please contact us immediately.

Third-Party Links

Our website and newsletters may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you via email. We encourage you to review this page periodically.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Lantern Capital
Email: contact@lanterncapital.com