Privacy Policy

This policy explains how Lanten Ltd (“Lanten”, “we”, “us”) collects and uses personal data when you use our website and the Lanten service. We are the controller for account and website data, and act as a processor for the email and CRM data we handle on behalf of your organisation.

1. Data we collect

Account data: your name, work email, agency name and billing details. Service data: the content of emails you open with Lanten and the CRM records it retrieves, processed to generate context and suggestions. Usage data: product analytics such as features used and actions approved, used to operate and improve the service. Website data: standard logs and any details you submit through forms.

2. How we use data

We use personal data to provide the service (surfacing context, drafting suggestions, running compliance checks), to operate accounts and billing, to secure the platform, to provide support, and to improve the product. We do not sell personal data, and we do not use your emails or CRM records to train foundation models.

3. AI processing

When you open an email, relevant content and CRM records are processed by our AI systems to produce suggestions. This processing is automated but advisory: a human user reviews and approves every action. Suggestions you accept or reject are used to personalise future suggestions for your account.

4. Legal bases

Under UK GDPR we rely on: performance of a contract (providing the service), legitimate interests (security, product improvement, B2B communications), consent where required (e.g. marketing emails), and legal obligation (e.g. accounting records).

5. Sharing and subprocessors

We share data only with service providers who help us run Lanten — cloud hosting, AI model providers, payment processing and analytics — under contracts that restrict their use of it, and with authorities where the law requires. A current list of subprocessors is available on request.

6. International transfers

Where data is transferred outside the UK or EEA, we use appropriate safeguards such as the UK International Data Transfer Agreement or EU Standard Contractual Clauses.

7. Retention

Account data is kept while your account is active and for a limited period afterwards. Email and CRM content is processed transiently to generate suggestions and is not retained longer than needed to operate the service. When your organisation deletes its account, customer data is deleted within 30 days, except minimal records we must keep by law.

8. Security

Data is encrypted in transit and at rest. Access is role-based and logged, integrations use scoped credentials, and we operate to recognised security standards. More detail is on our security overview.

9. Your rights

You have rights of access, rectification, erasure, restriction, portability and objection. To exercise them, email privacy@lanten.co.uk. You can also complain to the UK Information Commissioner’s Office at ico.org.uk.

10. Cookies

Our website uses strictly necessary cookies and, with consent, lightweight analytics to understand how the site is used. You can control cookies through your browser settings.

11. Changes and contact

We’ll update this policy as the service evolves and flag material changes in the product. Questions about privacy at Lanten: privacy@lanten.co.uk, or write to Lanten Ltd, registered in England & Wales.