Privacy Policy
Last Updated: July 17, 2026
This Privacy Policy describes how Lantry ("we", "us", or "our") collects, uses, shares, and protects your personal information when you use the Lantry mobile application ("App" or "Service").
We take your privacy seriously. This policy explains your privacy rights under GDPR (European Union), CCPA (California), and other applicable data protection laws.
1. Information We Collect
1.1 Information You Provide Directly
Account Information:
- Email address
- Name (optional)
- Password (encrypted)
- Profile photo (optional)
- Authentication tokens (Apple Sign-In, Google Sign-In)
User Content:
- Chat messages and conversations with AI
- Journal entries and reflections
- Goals and micro-goals
- Emotional check-ins and wellness ratings
- Notes and personal insights
Subscription Information:
- Subscription status (Free, Premium, Trial)
- Payment method (processed by Apple/Google, not stored by us)
- Transaction history and receipts
- Subscription preferences
Support Communications:
- Email correspondence
- Support tickets and feedback
- Bug reports and feature requests
1.2 Information Collected Automatically
Device Information:
- Device type and model
- Operating system and version
- App version
- Device identifiers (Firebase Installation ID)
- Language and timezone settings
Usage Data:
- Features used and interactions
- Session duration and frequency
- Screens visited
- Buttons clicked and actions taken
- Crash reports and error logs
Analytics Data:
- Firebase Analytics events
- User engagement metrics
- Feature adoption rates
- Retention and churn metrics
Push Notification Tokens:
- FCM (Firebase Cloud Messaging) tokens for notifications
1.3 Information from Third Parties
Apple Sign-In:
- Name (if provided by user)
- Email address (real or Apple-provided relay)
- User identifier
Google Sign-In:
- Name
- Email address
- Profile photo
- User identifier
2. How We Use Your Information
We use your information for the following purposes:
2.1 To Provide the Service
- AI Conversations: Process your messages through AI models (OpenAI GPT) to generate responses
- Reflection Insights: Analyze your personal patterns and journaling trends
- Goal Tracking: Monitor your progress toward personal development goals
- Personalization: Customize your experience based on preferences and usage
- Sync Across Devices: Maintain consistency across your devices (future feature)
2.2 To Process Payments
- Verify subscription status through Adapty
- Process refunds and handle billing issues
- Prevent fraud and abuse
- Comply with payment regulations
2.3 To Improve the Service
- Analyze usage patterns to improve features
- Debug and fix technical issues
- Develop new features and functionality
- Train and improve AI models (using anonymized data only)
- Conduct A/B testing and experiments
2.4 To Communicate With You
- Send transactional emails (account verification, password resets)
- Deliver push notifications (if enabled)
- Respond to support requests
- Send important service updates
- Share product news and updates (with consent)
2.5 To Ensure Security
- Detect and prevent fraud
- Monitor for abuse and violations of Terms of Service
- Protect against security threats
- Comply with legal obligations
2.6 Legal Bases for Processing (GDPR)
We process your data under the following legal bases:
- Contract Performance: To provide the Service you agreed to
- Legitimate Interest: To improve our Service and ensure security
- Consent: For marketing communications and optional features
- Legal Obligation: To comply with applicable laws
3. How We Share Your Information
We do not sell your personal information. We share your data only in the following circumstances:
3.1 With AI Service Providers
OpenAI (GPT Models):
- What we share: Your chat messages and conversation context
- Purpose: To generate AI responses
- Data retention: OpenAI may retain data for up to 30 days for abuse monitoring, then deletes it
- Privacy policy: https://openai.com/policies/privacy-policy
- Location: United States (EU-US Data Privacy Framework certified)
Important: We do not use your data to train OpenAI's models. OpenAI processes data on our behalf as a data processor.
3.2 With Infrastructure Providers
Supabase (Database):
- What we share: All user data and content
- Purpose: Data storage and backend services
- Location: EU-West (Frankfurt, Germany) - GDPR compliant
- Encryption: Data encrypted at rest and in transit (TLS)
- Privacy policy: https://supabase.com/privacy
Firebase (Google):
- What we share: Analytics events, crash reports, device identifiers
- Purpose: Analytics, crash reporting, push notifications
- Location: United States (with EU data processing addendum)
- Privacy policy: https://firebase.google.com/support/privacy
Services used:
- Firebase Analytics (usage analytics)
- Firebase Crashlytics (error tracking)
- Firebase Cloud Messaging (push notifications)
3.3 With Payment Processors
Adapty (Subscription Management):
- What we share: User ID, subscription status, transaction IDs
- Purpose: Manage subscriptions and process payments
- Location: United States (GDPR compliant)
- Privacy policy: https://adapty.io/privacy
Apple App Store / Google Play Store:
- What we share: Purchase information is processed directly by Apple/Google
- Purpose: Payment processing and subscription management
- Privacy policies:
Note: We do not receive or store your credit card information. All payment data is handled by Apple and Google.
4. Data Security
We implement industry-standard security measures to protect your data:
4.1 Encryption
- In Transit: All data is encrypted using TLS 1.3
- At Rest: Database is encrypted at rest (AES-256)
- Passwords: Hashed using bcrypt (never stored in plaintext)
- API Keys: Stored securely on backend (never exposed to client)
4.2 Access Controls
- Role-based access control (RBAC) for team members
- Multi-factor authentication (MFA) for admin accounts
- Regular security audits and penetration testing
- Principle of least privilege
4.3 Monitoring
- Real-time monitoring for suspicious activity
- Automated threat detection
- Intrusion detection systems
- Regular security patches and updates
However: No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
5. Your Privacy Rights
5.1 GDPR Rights (European Union)
If you are in the EU/EEA, you have the following rights:
- Right to Access: Request a copy of your personal data in a structured, machine-readable format
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data (we will delete within 30 days)
- Right to Restrict Processing: Limit how we process your data
- Right to Data Portability: Transfer your data to another service
- Right to Object: Object to processing based on legitimate interests or direct marketing
- Right to Withdraw Consent: Withdraw consent at any time (does not affect past processing)
- Right to Lodge a Complaint: File a complaint with your local data protection authority
5.2 CCPA Rights (California)
If you are a California resident, you have the following rights:
- Right to Know: What personal information we collect, sources, purposes, and third parties we share with
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt-out of "sale" of personal information (we do not sell data)
- Right to Non-Discrimination: Equal service regardless of exercising privacy rights
- Right to Correct: Correct inaccurate personal information
5.3 How to Exercise Your Rights
To exercise your privacy rights:
- In-App: Go to Settings → Privacy → Manage My Data
- Email: Send a request to support@lantry.app
- Subject Line: "Privacy Rights Request - [Your Name]"
- Include:
- Your full name
- Email address associated with your account
- Specific right you wish to exercise
- Any additional information to verify your identity
Response Time: We will respond within 30 days (GDPR) or 45 days (CCPA).
6. Data Retention
We retain your data for as long as necessary to provide the Service and comply with legal obligations.
6.1 Active Accounts
- User content: Retained indefinitely while your account is active
- Usage data: Retained for up to 2 years
- Analytics: Aggregated and anonymized after 26 months
6.2 Deleted Accounts
When you delete your account:
- User content: Deleted within 30 days
- Backup copies: Deleted within 90 days
- Anonymized data: May be retained for analytics (cannot identify you)
- Legal records: Retained as required by law (e.g., tax records for 7 years)
6.3 Inactive Accounts
Accounts inactive for 3 years may be deleted after we notify you.
7. Children's Privacy
Lantry is not intended for children under 18. We do not knowingly collect personal information from children.
If you are under 18:
- You must obtain parental consent before using the App
- Parents can request deletion of children's data by contacting us
If we learn we have collected data from a child under 13 (or under 16 in the EU) without parental consent, we will delete it immediately.
Parents: If you believe your child has provided us with personal information, contact us at support@lantry.app.
8. International Data Transfers
Lantry is based in the United States. If you are outside the U.S., your data will be transferred to and processed in:
- United States (OpenAI, Firebase, Adapty)
- European Union (Supabase - EU-West)
8.1 Safeguards
We use the following safeguards for international transfers:
- Standard Contractual Clauses (SCCs) approved by the EU Commission
- EU-US Data Privacy Framework (for certified providers like OpenAI)
- Adequacy decisions for transfers to countries with adequate protection
8.2 Your Consent
By using Lantry, you consent to the transfer of your data to these locations.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do:
- We will update the "Last Updated" date at the top
- We will notify you via email or in-app notification
- Material changes will be highlighted
- Continued use after changes constitutes acceptance
We encourage you to review this policy periodically.
11. Acknowledgment
BY USING LANTRY, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.