Last updated: 7 April 2025

Privacy Policy

How Lanternpath collects, uses, and protects your personal data.

---

1. Introduction

Lanternpath ("we", "us", "our") is committed to protecting the personal data of individuals who interact with our business. This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with our business analytics consulting services, our website, and our client engagements.

This policy applies to prospective clients, current clients, website visitors, and any individual whose personal data is shared with us in connection with an engagement. It is governed by the Personal Data Protection Act 2012 (PDPA) of Singapore.

If you have questions about this policy, please contact us at [email protected].

2. Data We Collect

We collect the following categories of personal data:

• Contact information: Name, email address, and phone number provided through our enquiry form or in correspondence.
• Business context: Organisation name, role, and information about your reporting or analytics situation, shared voluntarily during calls or in writing.
• Website usage data: Pages visited, time on site, browser type, and device information, collected via cookies and analytics tools (with your consent).
• Correspondence records: Emails, written notes from calls, and deliverables shared in the course of an engagement.

We collect data directly from you when you submit our contact form, send us an email, or participate in a call or workshop. We also collect limited technical data automatically when you visit our website.

3. How We Use Your Data

We use personal data for the following purposes:

• Responding to enquiries and setting up engagements
• Delivering agreed consulting services (reviews, workshops, retainer calls)
• Sending written notes, deliverables, and engagement-related correspondence
• Maintaining records for invoicing and accounting purposes
• Improving our website based on aggregated, anonymised usage data

The legal basis for processing is: consent (for website analytics cookies), contract performance (for delivering agreed services), and legitimate interest (for responding to enquiries and maintaining business records).

4. Data Retention

We retain personal data only as long as necessary for the purpose for which it was collected:

• Enquiry data from contacts who do not proceed to an engagement: deleted within 12 months of last contact.
• Engagement materials (call notes, deliverables): retained for the duration of the engagement and deleted within 60 days of engagement close, unless the client requests earlier deletion.
• Invoicing and financial records: retained for 7 years in accordance with Singapore accounting requirements.
• Website analytics data: retained in aggregated, anonymised form. Raw session data is not retained beyond 26 months.

5. Data Sharing

We do not sell personal data to third parties. We may share data in the following limited circumstances:

• Service providers: We use a small number of third-party services for email hosting, video calls, and accounting. These providers are contractually bound to handle data securely and only for the purposes we specify.
• Analytics: If you consent to analytics cookies, limited website usage data is shared with Google Analytics. This data is anonymised and does not identify you personally.
• Legal requirements: We may disclose data if required to do so by Singapore law or lawful regulatory order.

6. Data Security

We take reasonable steps to protect personal data from unauthorised access, disclosure, or loss. Measures include encrypted email for sharing sensitive materials, access controls limiting data to staff directly involved in the relevant engagement, and prompt deletion of client materials at engagement close. We will notify affected individuals without undue delay if a data breach occurs that is likely to result in significant harm.

7. Cookies

Our website uses cookies. Essential cookies are necessary for basic site functionality. Optional analytics and preference cookies are only set with your consent. You can manage your cookie preferences at any time via our Cookie Policy page.

8. Your Rights Under the PDPA

Under Singapore's Personal Data Protection Act, you have the right to:

• Request access to personal data we hold about you
• Request correction of inaccurate personal data
• Withdraw consent to the collection, use, or disclosure of your data (subject to legal and contractual restrictions)
• Request that we stop using your data for marketing purposes

To exercise any of these rights, contact us at [email protected]. We will respond within 10 business days. If you are not satisfied with our response, you may contact the Personal Data Protection Commission (PDPC) of Singapore at www.pdpc.gov.sg.

9. Third-Party Links

Our website may contain links to external sites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing personal data.

10. Children's Privacy

Our services are directed at business professionals aged 18 and above. We do not knowingly collect personal data from individuals under 18. If you believe we have received such data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this policy periodically. Material changes will be noted at the top of this page with a revised "last updated" date. Continued use of our website or services after a change constitutes acceptance of the updated policy.

12. Contact