Privacy Policy

Effective date: April 22, 2026
Last updated: June 4, 2026

1. Introduction and who we are

CodeLantern Corp. (“CodeLantern,” “we,” “us,” or “our”) is a consultancy based in Toronto, Ontario, Canada that helps companies adopt agentic development workflows. We are committed to protecting your privacy and handling your personal information responsibly.

This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit our website at https://codelantern.ai (the “Site”) and when you use the CodeLantern platform — our customer portal, GitHub App, and related developer services (together, the “Platform”). It also describes your rights and choices regarding your personal information.

We may update this Privacy Policy from time to time as our services evolve. When we make material changes, we will update the “Last updated” date above. We encourage you to review this policy periodically.

2. Information we collect

Information you provide directly

When you submit our contact form, we collect the following:

Your name
Your work email address
Your company name
Your job title (optional)
A free-text message
Your marketing communication preference (whether you opt in to receive updates from CodeLantern)

We also record the date and time of your submission, so we can maintain an accurate record of when you provided consent.

Information collected automatically

Web analytics. We use Vercel Web Analytics to understand how visitors interact with our Site. Vercel Web Analytics does not use cookies or store any information on your device. Instead, it uses a privacy-preserving server-side technique that generates a temporary, anonymized identifier from request attributes (such as IP address and browser type). This identifier is automatically discarded after 24 hours and cannot be used to identify you personally or track you across websites. The analytics data we receive is aggregated and includes page views, referral sources, general geographic location (country/region level), device type, and browser information. For more information about how Vercel Web Analytics handles data, see Vercel Web Analytics: Privacy and Compliance.

Hosting. Our Site is hosted on Vercel’s platform. Like any web server, Vercel’s infrastructure processes your IP address and request headers in the course of serving web pages to your browser. This processing is transient and necessary for the Site to function. For more information, see Vercel’s Privacy Policy.

Information we collect through the Platform

To understand what we collect, it helps to know the parts of the Platform and how they fit together. The portal is an admin dashboard where you manage your team, create API keys, and connect the tools you already use for source control and project management — today, GitHub for source control, and GitHub Projects or Linear for project management. Your developers then use CodeLantern agent skills from their own coding tools; behind the scenes, those skills call our MCP server (a web service) to carry out actions on your behalf, like updating an issue or moving a work item. Finally, our GitHub App lets your team ask CodeLantern to run those same skills as cloud agents — with the work running in your own GitHub Actions environment, not on our servers.

With that in mind, here is what we collect and store, grouped by how it arises.

When you sign up or sign in:

Account information. When you sign in with GitHub OAuth or a magic link, we receive your name, email address, and public profile information (such as your username and avatar) from your identity provider.
Organization and membership data. The name of your organization, who its members are, and their roles and invitation status.

Information you create in the portal:

API keys (hashed). Your API key is shown to you once, when it is created. We store only a one-way hash and cannot recover the key afterward.
Integration connections. When you connect GitHub or Linear, we store installation identifiers, connected account names, and the OAuth tokens needed to act on your behalf. Tokens are encrypted at rest with AES-256-GCM.

Information generated by your team’s use of the Platform:

Workflow metadata. Repository names, issue numbers, and workflow states.
Usage analytics. Which Platform tool was called, the repository it was called against, whether it succeeded, how long it took, and any error message.
Knowledge-base entries. Learnings and patterns your team chooses to save through Platform workflows.

However the data arises, we use it for only two purposes: operating and securing the Platform for your organization, and understanding how the service is used so we can improve it. Integration credentials, workflow metadata, and knowledge-base entries exist solely so we can act on your organization’s instructions — we do not use them for anything else. We do not sell Platform data, use it for advertising, or train AI models on it. If your organization requires formal data-processing terms, contact us at privacy@codelantern.com.

We do not store your source code, diffs, or the contents of your issues and pull requests. When you use the Platform to work with GitHub or Linear, that data passes through our service to fulfill your request and is returned to you — it is not retained. For more detail on how we secure the Platform, see our Security overview.

Information we do not collect

We do not use third-party advertising cookies, social media tracking pixels, or cross-site tracking technologies. We do not purchase personal information from data brokers or other third parties.

3. How we use your information

We use the information we collect for the following purposes:

Responding to your inquiries. When you submit our contact form, a notification is sent to our team at info@codelantern.com. A member of our team will respond to your inquiry directly from their email client. Your form submission (including your name, email, company, title, and message) is stored as our record of your inquiry.

Sending marketing communications. If you check the marketing consent box on our contact form, we will add you to our marketing audience and send you periodic updates. We will only send marketing communications to individuals who have expressly opted in. You can unsubscribe at any time (see Section 5).

Providing the Platform. We use the information collected through the Platform to operate the service: to authenticate you and your team, to connect to the repositories and integrations you authorize, to run the commands and workflows you request, and to show your organization its own usage.

Improving our Site. We use aggregated, anonymous analytics data to understand which pages are visited, how visitors find our Site, and what devices and browsers are commonly used. This helps us improve the Site’s content and performance. Because this data is anonymous and aggregated, it cannot be linked to any individual.

We do not use automated decision-making or profiling in connection with any personal information we collect through the Site.

4. Legal basis for processing

Under PIPEDA (Canada)

We rely on your consent as the primary basis for collecting and using your personal information. When you submit our contact form, you consent to our collection and use of your information for the purpose of responding to your inquiry. When you sign up for and use the Platform, you consent to our collection and use of the information described above for the purpose of providing the service. Marketing communications are sent only with your express opt-in consent.

You may withdraw your consent at any time by contacting us at privacy@codelantern.com or by using the unsubscribe mechanism in any marketing email.

If you are located in the European Economic Area or the United Kingdom, we process your personal information on the following legal bases:

Consent (Article 6(1)(a)): For sending marketing communications. You may withdraw your consent at any time.
Contractual necessity (Article 6(1)(b)): For processing the account and usage information needed to provide the Platform to you and your organization.
Legitimate interests (Article 6(1)(f)): For responding to your inquiries when you contact us through the form, for operating and improving the Site, and for protecting against spam and abuse. We have assessed that these interests do not override your fundamental rights and freedoms.

5. Marketing communications and CASL compliance

We comply with Canada’s Anti-Spam Legislation (CASL) in all of our electronic communications.

Express consent only. We will only add you to our marketing audience if you affirmatively check the marketing consent box on our contact form (“I’d like to hear from CodeLantern about its product and services, company news and events, and unique perspective on agentic development.”). This checkbox is unchecked by default. We do not use pre-checked boxes, implied consent, or bundled consent for marketing communications.

What we send. Marketing communications from CodeLantern may include updates about our services and product offerings, upcoming events and news, and other topics relevant to our services.

How to unsubscribe. Every marketing email includes a one-click unsubscribe link. You can also unsubscribe by contacting us at privacy@codelantern.com. We will process your request promptly.

Consent records. We maintain records of when you provided your marketing consent, including the timestamp of your submission.

Transactional messages. Direct replies to inquiries you submit through our contact form are not commercial electronic messages under CASL. These are one-to-one responses to your request and do not require separate consent.

We do not sell, rent, or trade your personal information to third parties.

Service providers we use

We share your information with the following service providers, who process it on our behalf or in connection with the services they provide to us:

Provider	Role	What they receive	Data location
Supabase	Database, system of record, and Platform authentication	Contact form submissions, Platform account and organization data, hashed API keys, encrypted integration tokens, usage analytics	Canada (AWS ca-central-1)
Resend	Email delivery and marketing audience management	Email addresses, notification and invitation content, marketing audience list, consent status	United States
Vercel	Website and Platform hosting, web analytics	Deployment assets, anonymous analytics data, Platform data in transit (not persisted)	Global CDN (primary infrastructure in the United States)

Supabase and Resend act as data processors on our behalf, processing your information only in accordance with our instructions and for the purposes described in this policy.

Vercel acts as a data processor for website hosting and as a controller for its anonymous web analytics service.

Integrations you connect

CodeLantern works alongside the source-control and project-management platforms your team already uses. Your organization chooses which of these to connect — today, GitHub for source control, and GitHub Projects or Linear for project management, with more planned over time. Once connected, the Platform makes API requests to these services on your behalf, scoped to the access you authorize: for example, the repositories you select when installing our GitHub App, or your Linear workspace if your organization connects it. GitHub can also serve as an optional sign-in method for the portal.

For this reason, we do not consider these platforms our service providers. They are independent services that your organization holds its own accounts and agreements with, and we access them only on your instructions. Their handling of your data is governed by their own privacy policies and your agreements with them.

Disclosure required by law or business transfer

We may also disclose your information where required or permitted by law, such as in response to a court order, subpoena, or other legal process, or to protect the rights, property, or safety of CodeLantern, our users, or others.

In the event that CodeLantern is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you of any such change by updating this Privacy Policy.

7. International data transfers

CodeLantern is based in Canada, and your personal information is primarily stored in Canada through our use of Supabase’s Canadian data region (AWS ca-central-1). This includes all persistent Platform data.

Data retrieved from GitHub or Linear to fulfill your Platform requests transits our compute layer (Vercel), which may run outside Canada, while your request is being processed. It is not persisted there.

However, some of our service providers process data outside of Canada:

Resend stores all account data, including email addresses and message content, in the United States. Resend is certified under the EU-US Data Privacy Framework and includes Standard Contractual Clauses in its Data Processing Addendum to support lawful transfers of data from the EU.
Vercel operates a global content delivery network with primary infrastructure in the United States. Vercel is certified under the EU-US Data Privacy Framework, Swiss-US Data Privacy Framework, and the UK Extension to the EU-US Data Privacy Framework.

When your personal information is transferred outside of Canada, it may be subject to the laws of those jurisdictions. We select service providers that maintain appropriate security certifications and privacy frameworks, and we have reviewed their data processing practices. Please be aware that the privacy laws of other jurisdictions may differ from those in Canada.

For individuals in the European Economic Area, the United Kingdom, or Switzerland: where personal data is transferred outside of these regions, we rely on recognized transfer mechanisms including Data Privacy Framework certifications and Standard Contractual Clauses approved by the European Commission.

8. Data retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

Contact form submissions are retained for as long as necessary to respond to your inquiry and maintain a record of our communications with you, plus any additional period needed for legal or business record-keeping purposes.

Marketing consent records are retained for as long as you remain subscribed, and for a reasonable period afterward to demonstrate compliance with CASL and other applicable anti-spam laws.

Marketing audience data is removed when you unsubscribe. Resend processes unsubscribe requests automatically.

Platform data is retained for as long as your organization exists. Deleting your organization permanently removes all of its data — organization records, memberships, API keys, integration tokens, usage analytics, and knowledge-base entries — in a single hard delete. There is no soft-delete or recovery period. Revoking the GitHub App installation or Linear authorization on those platforms is done through those platforms directly.

Web analytics data is anonymous and aggregated. Vercel Web Analytics discards the temporary hashed visitor identifier after 24 hours. Aggregated statistics are retained by Vercel in accordance with its data retention practices.

If you would like us to delete your personal information, please contact us at privacy@codelantern.com. We will respond to your request in accordance with applicable law.

9. Security

We take reasonable administrative and technical measures to protect the personal information we collect against unauthorized access, disclosure, alteration, or destruction.

Our service providers maintain industry-recognized security certifications. Supabase and Resend hold SOC 2 Type II certifications. Vercel holds SOC 2 Type II and ISO 27001:2022 certifications. Data is encrypted in transit using TLS and at rest by our service providers.

On the Platform, API keys are stored only as one-way hashes, OAuth tokens and integration credentials are encrypted at rest with AES-256-GCM, and incoming webhooks are cryptographically signature-verified. For a fuller description of our security practices, see our Security overview.

While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your information.

10. Your rights

Depending on where you are located, you may have certain rights regarding your personal information. We are committed to honoring these rights regardless of your location, to the extent reasonably practicable.

All individuals

You may contact us at any time to:

Access the personal information we hold about you
Correct inaccurate or incomplete personal information
Withdraw consent for marketing communications or other processing based on consent
Request deletion of your personal information, subject to any legal obligations we may have to retain certain records

Under PIPEDA (Canada)

You have the right to access your personal information held by CodeLantern and to challenge its accuracy. You also have the right to withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. If you are not satisfied with how we handle your request, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca).

If you are in the European Economic Area or the United Kingdom, you have additional rights under the General Data Protection Regulation, including the right to:

Request restriction of processing of your personal data
Object to processing of your personal data based on legitimate interests
Request portability of your personal data in a structured, commonly used, machine-readable format
Lodge a complaint with your local data protection supervisory authority

Under the CCPA / CPRA (California)

CodeLantern does not currently meet the applicability thresholds of the California Consumer Privacy Act, as amended by the California Privacy Rights Act.

Nevertheless, if you are a California resident and have questions about your personal information, you are welcome to contact us at privacy@codelantern.com and we will respond to your inquiry.

We do not sell or share personal information as those terms are defined under the CCPA / CPRA.

How to exercise your rights

To make a request regarding your personal information, please contact us at privacy@codelantern.com. We will respond to your request within 30 days, or within the timeframe required by applicable law. We may need to verify your identity before processing your request.

11. Cookies and tracking technologies

Our Site does not use cookies for analytics, advertising, or tracking purposes.

The Platform portal uses essential, HTTP-only session cookies to keep you signed in. These are strictly necessary for the service to function and are not used for analytics, advertising, or tracking.

Vercel Web Analytics does not set cookies or store any data on your device. It uses a server-side hashing technique applied to request attributes to generate a temporary, anonymous visitor identifier that is discarded after 24 hours.

If we introduce cookies or other tracking technologies in the future, we will update this policy and implement appropriate consent mechanisms.

12. Third-party links

Our Site may contain links to third-party websites, services, or resources that are not operated by us. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party site you visit.

13. Children’s privacy

Our Site and services are not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at privacy@codelantern.com and we will promptly delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make changes, we will revise the “Last updated” date at the top of this policy. If we make material changes that affect how we handle your personal information, we will notify individuals on our marketing list by email in advance of the changes taking effect.

We encourage you to review this Privacy Policy periodically for any updates.

15. Contact us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

CodeLantern Corp.
66 Wellington Street West, Suite 4100
Toronto Ontario M5K 1B7
Canada

Email: privacy@codelantern.com

If you are not satisfied with our response to your inquiry, you may contact:

Office of the Privacy Commissioner of Canada: priv.gc.ca
Your local data protection authority if you are located in the European Economic Area or the United Kingdom

This Privacy Policy was last reviewed on June 4, 2026.

← Back to home