Effective Date: July 15th, 2026
Privacy Policy
Last Updated: July 15th, 2026
1. Introduction
Lanternpost IT LLC, doing business as Lanternpost IT (“Company,” “we,” “us,” or “our”), provides managed information technology, infrastructure management, data hosting, data storage, backup, recovery, security, support, and related services to business and organizational customers.
This Privacy Policy explains how we collect, receive, store, process, disclose, retain, and protect Personal Information in connection with:
- our managed services and related customer environments;
- our websites, customer portals, and administrative systems;
- customer onboarding, account administration, billing, and support;
- communications with customers, prospective customers, vendors, and other business contacts.
Our principal role is to store, maintain, and protect data on behalf of our customers. We do not sell Customer Data, use Customer Data for advertising, monetize Customer Data, or use Customer Data for purposes independent of providing the services requested by the applicable customer.
2. Our Role as a Managed Service Provider
When we process information that a customer provides, stores, transmits, backs up, or otherwise makes available through our services, the customer generally determines why and how that information is processed.
In that context:
- the customer is the applicable data controller, business, or organization responsible for the information; and
- we act as the customer’s data processor, service provider, contractor, or similar restricted service provider, as those terms may be defined under applicable privacy laws.
We process Customer Data only:
- on the customer’s documented instructions;
- as necessary to provide, maintain, support, secure, back up, recover, or administer the contracted services;
- as expressly permitted by the applicable customer agreement;
- to prevent, detect, investigate, or respond to security incidents or unlawful activity; or
- when required by applicable law.
We do not determine the purposes for which our customers originally collect Personal Information, and we do not control the content that customers choose to place within the services.
For limited information that we collect for our own account administration, billing, website operation, legal compliance, and business communications, we may act as an independent controller or business.
3. Definitions
“Customer”
“Customer” means an organization that purchases, receives, or uses our managed services, including its authorized users and representatives.
“Customer Data”
“Customer Data” means data, records, files, content, databases, system images, configurations, communications, credentials, logs, documents, and other information that a Customer or its authorized users submit to, store within, transmit through, back up to, or otherwise make accessible through our services.
Customer Data may include Personal Information and Sensitive Personal Information, depending on the information the Customer chooses to place within the services.
“Personal Information”
“Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an individual or household. It also includes equivalent terms such as “personal data” where applicable.
“Sensitive Personal Information”
“Sensitive Personal Information” includes Personal Information that receives heightened protection under applicable law, such as government identification numbers, financial account information, authentication credentials, health information, precise location information, biometric information, or information revealing certain protected characteristics.
4. Information We Process
4.1 Customer Data
The nature and categories of Customer Data depend entirely on the Customer’s operations, systems, users, and instructions. We do not require Customers to provide any particular category of personal content unless it is necessary for the contracted services.
Customer Data may include:
- identity and contact information.
- business and employment records.
- account information and authentication credentials.
- communications and documents.
- financial or transactional records.
- system, device, network, and application information.
- backup files and archived information.
- other information selected and controlled by the Customer.
We do not use the content of Customer Data for our own marketing, advertising, profiling, data brokerage, or product-development purposes.
4.2 Customer Account and Business Contact Information
We may collect information about Customer representatives and authorized users, including:
- name, job title, company, and department.
- business email address, mailing address, and telephone number.
- account username and authentication information.
- service preferences and administrative permissions.
- contract, order, and billing information.
- communications with our sales, account-management, security, or support personnel.
4.3 Technical, Operational, and Security Information
We may collect limited technical information necessary to operate and secure the services, such as:
- Internet Protocol address.
- login date and time.
- device, browser, and operating-system information.
- authentication and access events.
- system availability and performance information.
- security alerts and audit logs.
- configuration and diagnostic information.
- support-ticket activity.
We use this information only for legitimate operational purposes, including authentication, availability, troubleshooting, capacity management, security monitoring, abuse prevention, and legal compliance.
4.4 Website Information
When a person visits our website, we may collect ordinary web-server and security-log information. We use this information to operate, protect, and diagnose the website.
We do not use advertising cookies, cross-site tracking technologies, or third-party behavioral advertising technologies.
4.5 Payment Information
Payments may be processed through Square. We may receive transaction confirmations, billing contact information, and limited payment-related records but do not store complete payment-card numbers unless expressly disclosed and appropriately secured.
5. Limited Purposes for Processing Customer Data
We process Customer Data solely for the limited and specific purposes of:
- provisioning and operating the contracted services.
- storing, hosting, transmitting, backing up, restoring, or recovering Customer Data.
- administering Customer-authorized accounts and access.
- maintaining service availability, integrity, and performance.
- providing technical support requested by the Customer.
- diagnosing and correcting errors.
- implementing Customer-requested configurations or changes.
- preventing, detecting, investigating, and responding to security incidents, fraud, abuse, or unlawful activity.
- complying with documented Customer instructions.
- satisfying applicable legal obligations.
- enforcing the applicable Customer agreement.
We do not process Customer Data for purposes outside our direct business relationship with the Customer, except where required by law.
6. No Sale, Advertising, Profiling, or Independent Use
We do not:
- sell or rent Customer Data or Personal Information.
- share Customer Data for cross-context behavioral advertising.
- disclose Customer Data to data brokers.
- use Customer Data to advertise or market products to the individuals identified in that data.
- create advertising profiles from Customer Data.
- use Customer Data to make unrelated decisions about individuals.
- use Customer Data to train or improve general-purpose artificial intelligence or machine-learning models.
- use Customer Data for unrelated benchmarking, market research, or commercial analytics.
- combine Customer Data with information obtained from unrelated sources for profiling or advertising purposes.
- claim ownership of Customer Data.
Customer Data remains subject to the Customer’s ownership and control, as provided in the applicable Customer agreement.
We may use service-level operational metrics that do not reveal Customer Data or identify individual data subjects solely to maintain the security, availability, capacity, and performance of the services. We do not use such metrics to reconstruct Customer Data, profile individuals, or monetize Customer information.
7. Access to Customer Data
Our personnel may access Customer Data only when reasonably necessary to:
- perform the contracted services.
- respond to an authorized Customer support request.
- maintain or restore service availability.
- investigate or respond to a security issue.
- comply with a lawful and binding legal requirement.
- carry out another purpose expressly authorized by the Customer.
Access is limited to authorized personnel with a legitimate business need. Personnel with access to Customer Data are subject to confidentiality obligations and applicable security policies.
We do not routinely inspect, review, or monitor the content of Customer Data except where necessary for the limited purposes described above.
8. When We Disclose Information
We may disclose Personal Information only in the following circumstances.
8.1 To the Customer
We may make Customer Data and account information available to the applicable Customer and its authorized administrators or users.
8.2 To Authorized Subprocessors
We may engage carefully selected hosting, infrastructure, backup, communications, security, or other service providers to perform limited functions necessary to provide the services.
A subprocessor may receive Customer Data only to the extent necessary to perform its contracted function. Subprocessors must be subject to written privacy, confidentiality, security, purpose-limitation, and data-deletion obligations appropriate to the information they process.
We do not authorize subprocessors to sell Customer Data, use it for advertising, or use it for their independent commercial purposes.
Our current subprocessor information is available upon request at contact@lanternpost-it.com.
8.3 At the Customer’s Direction
We may disclose information to a third party when the Customer expressly directs or authorizes us to do so.
8.4 Legal Requirements
We may disclose information when we reasonably believe disclosure is required by a valid subpoena, court order, warrant, regulatory demand, or other binding legal obligation.
Where legally permitted, we will notify the affected Customer before disclosing Customer Data so that the Customer may seek a protective order or other remedy. We will seek to limit any disclosure to the information legally required.
8.5 Protection of Rights and Security
We may disclose limited information when reasonably necessary to protect the security, rights, property, or safety of the Company, our Customers, users, or others; investigate fraud or unlawful activity; or respond to an emergency.
8.6 Corporate Transactions
If we are involved in a merger, acquisition, financing, reorganization, or sale of all or part of our business, relevant information may be transferred as part of that transaction, subject to confidentiality obligations and continued protection consistent with this Privacy Policy and the applicable Customer agreement.
9. Information Security
We maintain administrative, technical, organizational, and physical safeguards designed to protect Customer Data against unauthorized access, acquisition, destruction, loss, alteration, use, or disclosure.
Depending on the service and applicable agreement, safeguards may include:
- role-based access controls and least-privilege access.
- multifactor authentication.
- encryption in transit and at rest.
- logging, monitoring, and security-event review.
- secure backup and recovery procedures.
- vulnerability, patch, and configuration management.
- malware and threat-protection controls.
- personnel confidentiality and security training.
- incident-response and business-continuity procedures.
- risk-based review of relevant service providers.
Security measures are selected based on factors such as the sensitivity of the information, the nature and scope of the services, reasonably foreseeable threats, and applicable contractual and legal requirements.
No information system or method of transmission can be guaranteed to be completely secure. Accordingly, we do not warrant that unauthorized access or a security incident can never occur. We will, however, maintain safeguards appropriate to the nature of the information and respond to confirmed incidents in accordance with our contractual and legal obligations.
Customers are responsible for protecting their own credentials, endpoints, local systems, user permissions, configurations, and authorized-user activity.
10. Security Incident Notification
If we confirm a security incident affecting Customer Data, we will notify the affected Customer without undue delay and in accordance with:
- the applicable Customer agreement or data processing addendum;
- applicable breach-notification law; and
- any agreed incident-response procedures.
Our notice will include information reasonably available to us that the Customer may need to investigate the incident, mitigate harm, and comply with its own legal obligations.
Notification of an incident does not, by itself, constitute an admission of fault or liability.
11. Data Retention, Return, and Deletion
We retain Customer Data only for the duration necessary to provide the contracted services and as otherwise directed or authorized by the Customer.
Upon expiration or termination of the services, we will return or delete Customer Data in accordance with the applicable Customer agreement, data processing addendum, documented Customer instructions, and legal requirements.
Unless a different period is stated in the applicable agreement:
- Customer Data will be removed from active production systems within 90 days after the applicable deletion event; and
- residual copies maintained in protected backups will be overwritten or deleted through our ordinary backup-rotation process within approximately 365 days.
Until deleted, residual backup data remains subject to the confidentiality, security, and use restrictions described in this Privacy Policy.
We may retain limited information when required to:
- comply with applicable law.
- establish, exercise, or defend legal claims.
- maintain legally required financial or business records.
- investigate fraud or security incidents.
- enforce an agreement.
Any information retained for these purposes will remain protected and will not be used for other purposes.
Account, billing, contractual, and business-contact information is retained for as long as reasonably necessary to administer the Customer relationship and satisfy legal, tax, accounting, security, and dispute-resolution obligations.
12. Privacy Rights and Requests
Depending on the individual’s location and applicable law, an individual may have rights to request:
- access to Personal Information.
- correction of inaccurate Personal Information.
- deletion of Personal Information.
- a portable copy of Personal Information.
- restriction of or objection to certain processing.
- withdrawal of consent where processing is based on consent.
- an appeal of a decision concerning a privacy request.
Requests Concerning Customer Data
When we hold Personal Information solely as a service provider or processor for a Customer, the Customer is responsible for receiving and responding to privacy requests relating to that information.
Individuals should direct those requests to the organization with which they have a direct relationship. If we receive such a request directly, we may:
- refer the requester to the appropriate Customer;
- notify the Customer of the request; or
- act on the request in accordance with the Customer’s instructions and applicable law.
We will reasonably assist Customers in responding to valid privacy requests as required by the applicable agreement and law.
Requests Concerning Information We Control
Requests concerning account, website, business-contact, or other Personal Information that we control directly may be submitted to:
Email: contact@lanternpost-it.com
We may take reasonable steps to verify the requester’s identity and authority before fulfilling a request. We will not unlawfully discriminate against an individual for exercising a privacy right.
Because we do not sell Personal Information or share it for cross-context behavioral or targeted advertising, we do not provide an opt-out for those practices.
13. International Data Processing
Customer Data will be hosted in the regions identified in the applicable order, service description, or Customer agreement.
Where Personal Information is transferred across national borders, we will use contractual, organizational, and technical protections required by applicable law. Where applicable, international transfer terms may be addressed in a separate data processing addendum.
14. Children’s Information
Our website and services are offered to businesses and organizations and are not directed to children for their personal or household use.
We do not knowingly collect Personal Information directly from a child through our website without appropriate authorization. A Customer may store information concerning minors within Customer Data only where the Customer has a lawful basis to do so and the applicable agreement permits that category of information.
15. Regulated and Highly Sensitive Data
Customers must not place regulated or specially protected information within the services unless:
- the applicable service is designed and approved for that information;
- the Customer has informed us of the applicable requirements; and
- the parties have executed any required contractual addendum.
This may include, as applicable, a business associate agreement for protected health information, financial-services provisions, payment-card terms, criminal-justice requirements, government-security terms, or other sector-specific documentation.
16. Customer Responsibilities
Each Customer is responsible for:
- determining whether the services are appropriate for the information it intends to store.
- collecting Customer Data lawfully.
- providing required privacy notices.
- obtaining required authorizations or consents.
- establishing a lawful basis for processing.
- responding to requests from individuals.
- configuring access permissions appropriately.
- providing lawful and documented processing instructions.
- complying with laws applicable to its operations and use of the services.
We will inform a Customer if, in our reasonable judgment, a Customer instruction violates applicable data-protection law, unless prohibited from doing so.
17. Third-Party Websites and Services
Our website or services may contain links to third-party websites or integrations. This Privacy Policy does not govern a third party’s independent privacy practices.
When a Customer directs us to connect the services to a third-party system, information transmitted to that system may be governed by the Customer’s agreement with that third party.
18. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our services, security practices, legal obligations, or information-processing activities.
We will post the revised Privacy Policy with an updated “Last Updated” date. If a change materially affects how we process Customer Data, we will provide any additional notice required by the applicable Customer agreement or law.
We will not materially expand our rights to use existing Customer Data for independent purposes without appropriate notice, authorization, and contractual amendment.
19. Relationship to Customer Agreements
This Privacy Policy provides a general description of our privacy practices. Customer Data is also governed by the applicable master services agreement, order, statement of work, service description, security exhibit, and data processing addendum.
If there is a conflict concerning the processing of Customer Data, the executed Customer agreement or data processing addendum will control to the extent of the conflict.
Nothing in this Privacy Policy authorizes us to process Customer Data beyond the purposes permitted by the applicable Customer agreement.
20. Contact Us
Questions, concerns, or requests concerning this Privacy Policy may be directed to:
Lanternpost IT LLC
Attn: Privacy Officer
Email: contact@lanternpost-it.com
Website: www.lanternpost-it.com