Privacy Policy
Effective date: April 22, 2026
Last updated: April 22, 2026
1. Introduction and who we are
CodeLantern Corp. (“CodeLantern,” “we,” “us,” or “our”) is a consultancy based in Toronto, Ontario, Canada that helps companies adopt agentic development workflows. We are committed to protecting your privacy and handling your personal information responsibly.
This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit our website at https://codelantern.ai (the “Site”) and interact with us. It also describes your rights and choices regarding your personal information.
We may update this Privacy Policy from time to time as our services evolve. When we make material changes, we will update the “Last updated” date above. We encourage you to review this policy periodically.
2. Information we collect
Information you provide directly
When you submit our contact form, we collect the following:
- Your name
- Your work email address
- Your company name
- Your job title (optional)
- A free-text message
- Your marketing communication preference (whether you opt in to receive updates from CodeLantern)
We also record the date and time of your submission, so we can maintain an accurate record of when you provided consent.
Information collected automatically
Web analytics. We use Vercel Web Analytics to understand how visitors interact with our Site. Vercel Web Analytics does not use cookies or store any information on your device. Instead, it uses a privacy-preserving server-side technique that generates a temporary, anonymized identifier from request attributes (such as IP address and browser type). This identifier is automatically discarded after 24 hours and cannot be used to identify you personally or track you across websites. The analytics data we receive is aggregated and includes page views, referral sources, general geographic location (country/region level), device type, and browser information. For more information about how Vercel Web Analytics handles data, see Vercel Web Analytics: Privacy and Compliance.
Hosting.Our Site is hosted on Vercel’s platform. Like any web server, Vercel’s infrastructure processes your IP address and request headers in the course of serving web pages to your browser. This processing is transient and necessary for the Site to function. For more information, see Vercel’s Privacy Policy.
Information we do not collect
We do not use third-party advertising cookies, social media tracking pixels, or cross-site tracking technologies. We do not purchase personal information from data brokers or other third parties.
3. How we use your information
We use the information we collect for the following purposes:
Responding to your inquiries. When you submit our contact form, a notification is sent to our team at info@codelantern.com. A member of our team will respond to your inquiry directly from their email client. Your form submission (including your name, email, company, title, and message) is stored as our record of your inquiry.
Sending marketing communications. If you check the marketing consent box on our contact form, we will add you to our marketing audience and send you periodic updates. We will only send marketing communications to individuals who have expressly opted in. You can unsubscribe at any time (see Section 5).
Improving our Site.We use aggregated, anonymous analytics data to understand which pages are visited, how visitors find our Site, and what devices and browsers are commonly used. This helps us improve the Site’s content and performance. Because this data is anonymous and aggregated, it cannot be linked to any individual.
We do not use automated decision-making or profiling in connection with any personal information we collect through the Site.
4. Legal basis for processing
Under PIPEDA (Canada)
We rely on your consent as the primary basis for collecting and using your personal information. When you submit our contact form, you consent to our collection and use of your information for the purpose of responding to your inquiry. Marketing communications are sent only with your express opt-in consent.
You may withdraw your consent at any time by contacting us at privacy@codelantern.com or by using the unsubscribe mechanism in any marketing email.
Under the GDPR (European Economic Area and United Kingdom)
If you are located in the European Economic Area or the United Kingdom, we process your personal information on the following legal bases:
- Consent (Article 6(1)(a)): For sending marketing communications. You may withdraw your consent at any time.
- Legitimate interests (Article 6(1)(f)): For responding to your inquiries when you contact us through the form, for operating and improving the Site, and for protecting against spam and abuse. We have assessed that these interests do not override your fundamental rights and freedoms.
5. Marketing communications and CASL compliance
We comply with Canada’s Anti-Spam Legislation (CASL) in all of our electronic communications.
Express consent only.We will only add you to our marketing audience if you affirmatively check the marketing consent box on our contact form (“I’d like to hear from CodeLantern about its product and services, company news and events, and unique perspective on agentic development.”). This checkbox is unchecked by default. We do not use pre-checked boxes, implied consent, or bundled consent for marketing communications.
What we send. Marketing communications from CodeLantern may include updates about our services and product offerings, upcoming events and news, and other topics relevant to our services.
How to unsubscribe. Every marketing email includes a one-click unsubscribe link. You can also unsubscribe by contacting us at privacy@codelantern.com. We will process your request promptly.
Consent records. We maintain records of when you provided your marketing consent, including the timestamp of your submission.
Transactional messages. Direct replies to inquiries you submit through our contact form are not commercial electronic messages under CASL. These are one-to-one responses to your request and do not require separate consent.
6. How we share your information
We do not sell, rent, or trade your personal information to third parties.
We share your information with the following service providers, who process it on our behalf or in connection with the services they provide to us:
| Provider | Role | What they receive | Data location |
|---|---|---|---|
| Supabase | Database and system of record | Contact form submissions (name, email, company, title, message, consent record) | Canada (AWS ca-central-1) |
| Resend | Email delivery and marketing audience management | Email addresses, notification content, marketing audience list, consent status | United States |
| Vercel | Website hosting and web analytics | Deployment assets, anonymous analytics data | Global CDN (primary infrastructure in the United States) |
Supabase and Resend act as data processors on our behalf, processing your information only in accordance with our instructions and for the purposes described in this policy.
Vercel acts as a data processor for website hosting and as a controller for its anonymous web analytics service.
We may also disclose your information where required or permitted by law, such as in response to a court order, subpoena, or other legal process, or to protect the rights, property, or safety of CodeLantern, our users, or others.
In the event that CodeLantern is involved in a merger, acquisition, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you of any such change by updating this Privacy Policy.
7. International data transfers
CodeLantern is based in Canada, and your personal information is primarily stored in Canada through our use of Supabase’s Canadian data region (AWS ca-central-1).
However, some of our service providers process data outside of Canada:
- Resend stores all account data, including email addresses and message content, in the United States. Resend is certified under the EU-US Data Privacy Framework and includes Standard Contractual Clauses in its Data Processing Addendum to support lawful transfers of data from the EU.
- Vercel operates a global content delivery network with primary infrastructure in the United States. Vercel is certified under the EU-US Data Privacy Framework, Swiss-US Data Privacy Framework, and the UK Extension to the EU-US Data Privacy Framework.
When your personal information is transferred outside of Canada, it may be subject to the laws of those jurisdictions. We select service providers that maintain appropriate security certifications and privacy frameworks, and we have reviewed their data processing practices. Please be aware that the privacy laws of other jurisdictions may differ from those in Canada.
For individuals in the European Economic Area, the United Kingdom, or Switzerland: where personal data is transferred outside of these regions, we rely on recognized transfer mechanisms including Data Privacy Framework certifications and Standard Contractual Clauses approved by the European Commission.
8. Data retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
Contact form submissions are retained for as long as necessary to respond to your inquiry and maintain a record of our communications with you, plus any additional period needed for legal or business record-keeping purposes.
Marketing consent records are retained for as long as you remain subscribed, and for a reasonable period afterward to demonstrate compliance with CASL and other applicable anti-spam laws.
Marketing audience data is removed when you unsubscribe. Resend processes unsubscribe requests automatically.
Web analytics data is anonymous and aggregated. Vercel Web Analytics discards the temporary hashed visitor identifier after 24 hours. Aggregated statistics are retained by Vercel in accordance with its data retention practices.
If you would like us to delete your personal information, please contact us at privacy@codelantern.com. We will respond to your request in accordance with applicable law.
9. Security
We take reasonable administrative and technical measures to protect the personal information we collect against unauthorized access, disclosure, alteration, or destruction.
Our service providers maintain industry-recognized security certifications. Supabase and Resend hold SOC 2 Type II certifications. Vercel holds SOC 2 Type II and ISO 27001:2022 certifications. Data is encrypted in transit using TLS and at rest by our service providers.
While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your information.
10. Your rights
Depending on where you are located, you may have certain rights regarding your personal information. We are committed to honoring these rights regardless of your location, to the extent reasonably practicable.
All individuals
You may contact us at any time to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete personal information
- Withdraw consent for marketing communications or other processing based on consent
- Request deletion of your personal information, subject to any legal obligations we may have to retain certain records
Under PIPEDA (Canada)
You have the right to access your personal information held by CodeLantern and to challenge its accuracy. You also have the right to withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. If you are not satisfied with how we handle your request, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca).
Under the GDPR (EEA and UK)
If you are in the European Economic Area or the United Kingdom, you have additional rights under the General Data Protection Regulation, including the right to:
- Request restriction of processing of your personal data
- Object to processing of your personal data based on legitimate interests
- Request portability of your personal data in a structured, commonly used, machine-readable format
- Lodge a complaint with your local data protection supervisory authority
Under the CCPA / CPRA (California)
CodeLantern does not currently meet the applicability thresholds of the California Consumer Privacy Act, as amended by the California Privacy Rights Act.
Nevertheless, if you are a California resident and have questions about your personal information, you are welcome to contact us at privacy@codelantern.com and we will respond to your inquiry.
We do not sell or share personal information as those terms are defined under the CCPA / CPRA.
How to exercise your rights
To make a request regarding your personal information, please contact us at privacy@codelantern.com. We will respond to your request within 30 days, or within the timeframe required by applicable law. We may need to verify your identity before processing your request.
11. Cookies and tracking technologies
Our Site does not use cookies for analytics, advertising, or tracking purposes.
Vercel Web Analytics does not set cookies or store any data on your device. It uses a server-side hashing technique applied to request attributes to generate a temporary, anonymous visitor identifier that is discarded after 24 hours.
If we introduce cookies or other tracking technologies in the future, we will update this policy and implement appropriate consent mechanisms.
12. Third-party links
Our Site may contain links to third-party websites, services, or resources that are not operated by us. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party site you visit.
13. Children’s privacy
Our Site and services are not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at privacy@codelantern.com and we will promptly delete it.
14. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make changes, we will revise the “Last updated” date at the top of this policy. If we make material changes that affect how we handle your personal information, we will notify individuals on our marketing list by email in advance of the changes taking effect.
We encourage you to review this Privacy Policy periodically for any updates.
15. Contact us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:
CodeLantern Corp.
66 Wellington Street West, Suite 4100
Toronto Ontario M5K 1B7
Canada
Email: privacy@codelantern.com
If you are not satisfied with our response to your inquiry, you may contact:
- Office of the Privacy Commissioner of Canada: priv.gc.ca
- Your local data protection authority if you are located in the European Economic Area or the United Kingdom
This Privacy Policy was last reviewed on April 22, 2026.