Security & Trust

Last updated: September 25, 2025

Lantern is built for enterprises that need strong security, privacy, and operational controls. We continuously invest in people, processes, and technology to protect customer data.

Security

Compliance & Certifications

We follow SOC 2/ISO 27001 aligned practices. We are in the process of preparing for SOC 2 Type I certification.

Encryption

In Transit: TLS 1.3
At Rest: AES-256

Access Controls

RBAC with MFA requirements for admin access

Secure Development

Code reviews and automated security scanning

Data Security & Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. We implement zero-trust principles and regularly audit our encryption implementations.

Encryption Standards

In Transit: TLS 1.3 for all data transmission
At Rest: AES-256 encryption for stored data
Key Management: Industry-standard key rotation and management practices
Zero-Trust Architecture: All network traffic is authenticated and encrypted

Security Audits

Regular third-party security assessments
Continuous vulnerability scanning
Penetration testing by certified security professionals
Automated security monitoring and alerting

Access Control

Role-based access control (RBAC) ensures users only access data necessary for their roles. Multi-factor authentication (MFA) is required for all administrative access. Access Control Features:

Role-Based Access Control (RBAC): Granular permissions based on user roles
Multi-Factor Authentication (MFA): Required for all admin and sensitive operations
Session Management: Automatic timeout and secure session handling
Audit Logging: Comprehensive logs of all access and changes
IP Whitelisting: Optional IP restrictions for enterprise customers

Incident Response

We maintain a comprehensive incident response plan with 24/7 monitoring, automated alerting, and clear escalation procedures to minimize impact and ensure rapid recovery.

Detection

Automated monitoring systems detect anomalies and security events in real-time.

Alert & Escalation

Security team is immediately notified with clear escalation procedures based on severity.

Containment

Rapid response to isolate and contain any security incidents.

Recovery

Restore normal operations with minimal disruption to customers.

Post-Incident Review

Comprehensive analysis to prevent future incidents and improve security posture.

Vendor Management

All third-party vendors undergo rigorous security assessments before onboarding. We maintain detailed subcontractor agreements and regular security reviews. Vendor Security Requirements:

Pre-onboarding security questionnaires
SOC 2 or equivalent certifications
Data processing agreements (DPAs)
Regular security review cycles
Contractual security obligations

Enterprise Security

Enterprise customers can request:

Security Questionnaire - Detailed security controls documentation
SOC 2 Attestation - When available
Compliance Documentation - GDPR, CCPA, and other frameworks
Custom Security Reviews - Tailored to your organization’s requirements

Request Enterprise Security Documentation

Contact our sales team for enterprise security reviews and compliance documentation.

Privacy

We minimize data collection, process data only for described purposes, and provide mechanisms to support data deletion and retention requirements.

Data Handling

We believe in transparency about how we collect, use, and share information. Data transfers to subprocessors are governed by contractual safeguards. Our Privacy Principles:

Data Minimization - Collect only what’s necessary
Purpose Limitation - Use data only for stated purposes
Transparency - Clear communication about data practices
User Control - Tools for managing your data
Security First - Protect data throughout its lifecycle

What Data We Collect

Account Information: Name, email, company details
Usage Data: How you use Lantern (aggregated and anonymized)
Brand Data: Information about your brand for AI visibility tracking
Analytics: Platform performance and feature usage

We do not collect sensitive personal information unless explicitly required for service delivery.

How We Use Your Data

Provide and improve Lantern services
Analyze AI visibility and brand mentions
Generate reports and insights
Communicate service updates and support
Ensure security and prevent fraud

We never sell your data to third parties.

Data Sharing & Subprocessors

Your Rights

You have the right to:

Access your data
Correct inaccurate information
Delete your data (subject to legal retention requirements)
Export your data in standard formats
Object to certain processing activities

Contact support@asklantern.com to exercise your rights.

Legal Compliance

Our terms are continually assessed by privacy experts to ensure compliance with GDPR, CCPA, and other global privacy standards. Regulatory Compliance:

GDPR (General Data Protection Regulation) - European Union
CCPA (California Consumer Privacy Act) - California, USA
Privacy Shield successor frameworks for international data transfers
Industry-specific regulations as applicable to your sector

Data Governance

Data governance ensures our users’ data remains secure, private, accurate, and accessible throughout its lifecycle. Governance Framework:

Data Classification: Categorize data by sensitivity
Retention Policies: Clear rules for data lifecycle management
Access Audits: Regular reviews of who can access what
Breach Notification: Procedures for timely disclosure if incidents occur
Training: Ongoing security and privacy training for all team members

Contact

Security Inquiries

For security questions or responsible disclosure, contact our security team at support@asklantern.com

Privacy Questions

For privacy-related inquiries, contact support@asklantern.com

Enterprise Sales

Request a demo to discuss enterprise security requirements and custom implementations.

Support

General support inquiries: support@asklantern.com

Responsible Disclosure: If you discover a security vulnerability, please report it to security@asklantern.com. We appreciate responsible disclosure and will work with you to address issues promptly.

Learn About Our Enterprise Plan

Explore enterprise features including advanced security controls, dedicated support, and custom compliance options.

Security Inquiries

Privacy Questions

Support

Getting started

Product How-Tos

Best Practices & Playbooks

Reference

Security & Trust

Troubleshooting & FAQs

Security & Trust

Security

Compliance & Certifications

Encryption

Access Controls

Secure Development

Data Security & Encryption

Access Control

Incident Response

Vendor Management

Enterprise Security

Request Enterprise Security Documentation

Privacy

Data Handling

Legal Compliance

Data Governance

Contact

Enterprise Sales

Learn About Our Enterprise Plan

Getting started

Product How-Tos

Best Practices & Playbooks

Reference

Security & Trust

Troubleshooting & FAQs

​Security

​Compliance & Certifications

Encryption

Access Controls

Secure Development

​Data Security & Encryption

​Access Control

​Incident Response

​Vendor Management

​Enterprise Security

Request Enterprise Security Documentation

​Privacy

​Data Handling

​Legal Compliance

​Data Governance

​Contact

Security Inquiries

Privacy Questions

Enterprise Sales

Support

Learn About Our Enterprise Plan

Security

Compliance & Certifications

Data Security & Encryption

Access Control

Incident Response

Vendor Management

Enterprise Security

Privacy

Data Handling

Legal Compliance

Data Governance

Contact