Privacy Policy

Last updated: 26 April 2026

This Privacy Policy explains how Augmt ("we", "us", "our") collects, uses, and protects your information when you use Lantern, our visual feedback and bug tracking platform. We are committed to protecting your privacy and handling your data transparently.

1. Information We Collect

Account Information

When you create an account, we collect:

Name and email address
Password (stored as a salted PBKDF2-SHA256 hash — we never store plaintext passwords)
Organisation name
Google account identifier (if you sign in with Google)
Profile picture URL (optional — uploaded to our storage or pulled from Google)
Notification preferences — which sites you've opted into PWA badge updates and per-site email alerts for
Two-factor authentication state (optional, opt-in): if you enable 2FA, we store an encrypted TOTP secret (AES-256-GCM at rest), a salted hash array of your single-use backup codes, and timestamps of enrollment + most-recent verification. Backup codes are shown to you exactly once at generation; we do not retain a way to recover them after that.
Anti-abuse signals on login attempts: when you log in with a password, your IP address and a brief Cloudflare Turnstile token are evaluated to detect credential-stuffing bots. The token contains a browser fingerprint generated by Cloudflare; we do not see or retain the underlying signals beyond the pass/fail outcome.

Billing Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers. We retain your Stripe customer ID and subscription details to manage your plan.

Content You Submit

Through the Service, you and your end users may submit:

Screenshots and screen recordings
Bug reports, comments, and file attachments
Browser and device information (user agent, viewport, URL)
JavaScript error logs and stack traces
Console logs and network request metadata (collected as breadcrumbs for debugging context)

Automatically Collected Data

IP address (used for rate limiting and security — not stored long-term)
Request timestamps and API usage patterns (for monitoring and abuse prevention)

2. How We Use Your Information

Purpose	Data Used
Provide and operate the Service	Account info, Content, usage data
Process payments and manage subscriptions	Billing info via Stripe
Send transactional emails (magic links, invoices, verification, bug-report notifications)	Email address, name
AI-assisted bug diagnosis (LanternIQ feature)	Bug report contents and, if you've connected your repository, excerpts of your source code — sent to Anthropic's Claude API at request time. See § 4.
Prevent abuse and enforce rate limits	IP address, request patterns
Monitor errors and maintain service reliability	API logs, error data
Respond to support requests	Email, account details

We do not sell your data. We do not use your Content to train machine learning models, and our AI provider (Anthropic) does not retain or train on API inputs by default. We do not serve advertising.

3. Data Storage and Security

Database: Your data is stored in Neon Postgres in the EU (Frankfurt) with encrypted connections (TLS) and point-in-time recovery.
File storage: Screenshots, recordings, and attachments are stored in Cloudflare R2 (S3-compatible object storage), scoped to your Organisation (path: org-{orgId}/...).
Encryption at rest: OAuth integration tokens (Jira, Slack, Bitbucket) are encrypted with AES-256-GCM before storage.
Passwords: Hashed with PBKDF2-SHA256 (100,000 iterations) with a unique salt per user.
API: All traffic is served over HTTPS via Cloudflare's edge network.
Session: Authentication uses HttpOnly, Secure, SameSite=Lax cookies (pp_session, pp_client_session) for the API; the dashboard also stores a JWT in localStorage for SPA convenience.
Access control: All data is tenant-isolated — every database query is scoped to your Organisation ID. Roles (Owner / Admin / Member) gate sensitive actions.
Vulnerability disclosure: Public policy at lantern.augmt.xyz/#security with a 48-hour acknowledgment SLA. Machine-readable contact at /.well-known/security.txt (RFC 9116).

4. Third-Party Services

We use the following third-party services to operate Lantern. The full Sub-processor list with locations and transfer mechanisms is at /sub-processors.html.

Service	Purpose	Data Shared
Cloudflare	Hosting, CDN, edge compute, file storage (R2), KV cache, email routing	Request data, uploaded files, cached state
Neon (EU)	PostgreSQL database	All structured Personal Data — accounts, projects, pin reports, comments, error events, audit log
Stripe	Payment processing and subscription billing	Email, name, billing address, payment details
Resend	Transactional email delivery (magic links, invites, bug-report notifications)	Recipient email, name, email subject and metadata
Anthropic	AI-assisted bug analysis (LanternIQ feature, optional per site)	Bug report contents and excerpts of source code (when a repository is connected). Anthropic does not retain or train on API inputs by default.
BetterStack (EU)	API request logging and error monitoring on Lantern itself (not customer-captured errors)	API request paths, status codes, IPs, user-agent strings (30-day retention)
Atlassian (Jira / Bitbucket)	Optional integrations — only when you connect them. Jira sync mirrors bug content to your Jira project; Bitbucket source code is fetched on-demand for AI analysis.	Bug content, attachments, environment metadata, source-code requests (Bitbucket only)
Slack	Optional integration — only when you connect it. Bug-report notifications are posted to selected channels.	Bug content, attachments, environment metadata
Google OAuth	OAuth sign-in (optional)	Email, name, profile ID
Google Analytics	Marketing-site analytics and conversion tracking	Page views, events, hashed email (Enhanced Conversions), device/browser info, IP address (anonymised by Google)

For business customers under GDPR / CCPA, our Data Processing Addendum sets out the contractual terms for these Sub-processors, including 30-day advance notice of any changes.

5. Data Retention

Active accounts: Your data is retained for as long as your account is active.
Deleted Organisations: When you delete an Organisation, all associated data (projects, pins, screenshots, recordings, comments, error logs, members) is permanently deleted via cascade deletion. Uploaded files in R2 storage are removed.
Resolved bugs: Resolved bugs are automatically archived after a configurable period (default: 7 days, range: 7–90 days). Auto-archive can be disabled per site.
API logs: Request logs in BetterStack are retained for 30 days.
Rate limit data: IP-based rate limit counters in KV cache expire automatically (15 minutes to 1 hour depending on the limit type).

6. Your Data Rights

Under the EU/UK General Data Protection Regulation (GDPR Articles 15–22) and the California Consumer Privacy Act (CCPA), you have the following rights regarding personal data we process about you:

Right of access (Art 15) — request a copy of all personal data we hold about you. Most of your Content (organisation, sites, bug reports, comments) is already accessible through the dashboard at any time. For a complete machine-readable export, contact us.
Right to rectification (Art 16) — correct inaccurate data. You can update your profile, organisation details, and project settings directly in the dashboard.
Right to erasure / "right to be forgotten" (Art 17) — request deletion of your personal data. You can delete individual items or your entire Organisation from Settings; for full account erasure including audit-log scrubbing, contact us.
Right to restriction of processing (Art 18) — request that we stop processing your data while a dispute or correction is being resolved.
Right to data portability (Art 20) — receive your data in a structured, machine-readable format (JSON), or have it transmitted to another controller where technically feasible.
Right to object (Art 21) — object to processing based on our legitimate interests; we'll stop unless we can demonstrate compelling legitimate grounds.
Right to withdraw consent — disconnect integrations, revoke OAuth tokens, and delete your account at any time.

To exercise any of these rights, email [email protected]. We will:

Acknowledge your request within 5 business days.
Verify your identity (we'll match the request against the account email on file; for sensitive requests we may ask for additional verification).
Respond within 30 days, as required by GDPR Article 12. If your request is complex we may extend by up to two further months and will notify you.
Charge nothing for the first request in a 12-month period. Manifestly unfounded or excessive requests may incur a reasonable fee.

If you're unhappy with our response, you have the right to lodge a complaint with your local supervisory authority — for the EU, the list is at edpb.europa.eu; in the UK, the ICO; in Australia, the OAIC.

7. Cookies and Local Storage

Lantern uses the following first-party storage to maintain your session and the widget's state:

Session cookies (pp_session, pp_client_session): HttpOnly, Secure, SameSite=Lax cookies set by the API to authenticate dashboard requests. Cleared on logout.
JWT in localStorage: A duplicate of the session token, stored in dashboard localStorage for SPA convenience (avoids re-fetching on page load). Cleared on logout.
Widget token (localStorage): Stored on sites where the Lantern widget is embedded, to identify the project.
Guest token (localStorage): A random identifier for anonymous widget users, used to attribute feedback within a single browser.
Sidebar collapse state (localStorage): Remembers your dashboard sidebar preference.

No third-party cookies are set by the dashboard or the embedded widget.

We also use Google Analytics 4 (GA4), which sets first-party cookies to distinguish unique users and sessions:

_ga: Distinguishes unique users. Expires after 2 years.
_ga_*: Maintains session state. Expires after 2 years.

Google Analytics collects usage data (pages visited, actions taken, device and browser information) to help us understand how visitors interact with our site and improve the service. Google may also use this data in accordance with Google's Privacy Policy. We do not use advertising cookies.

8. Analytics and Conversion Tracking

We use Google Analytics 4 ("GA4") to understand how visitors use our website and to measure the effectiveness of our marketing campaigns. This section explains what data is collected, how it is used, and your choices.

What GA4 Collects

Pages visited and actions taken (e.g. clicking a button, scrolling to a section)
Device and browser information (type, screen size, operating system, language)
Approximate geographic location (derived from IP address, which Google anonymises)
Referral source (how you arrived at our site, including UTM campaign parameters)
Conversion events (e.g. starting a free trial, completing sign-up) including the plan selected and billing cycle

Enhanced Conversions

When you submit a sign-up form, we may send a hashed (SHA-256) version of your email address to Google to improve conversion measurement accuracy across devices and sessions. Google does not receive your email in plaintext. This data is used solely for attribution and is processed in accordance with Google's Privacy Policy.

User Identity Linking

After you sign up or log in, we associate your anonymous analytics data with your Lantern account ID. This allows us to understand the journey from first visit to sign-up. Your email address and personal details are not shared with Google in plaintext — only a pseudonymous user ID.

How We Use Analytics Data

To understand which features and content attract the most interest
To identify where visitors drop off in the sign-up process and improve the experience
To measure the return on investment of marketing campaigns
To build audience segments for remarketing (e.g. visitors who viewed pricing but did not sign up)

Your Choices

You can opt out of Google Analytics tracking by:

Installing the Google Analytics Opt-out Browser Add-on
Using a browser extension that blocks analytics scripts (e.g. uBlock Origin)
Enabling "Do Not Track" in your browser (we respect this signal)

Opting out does not affect the functionality of Lantern — you can still use the full service without analytics tracking.

Data Sharing with Google

By using our website, you acknowledge that we collect and process usage data through Google Analytics as described above, and that this data may be associated with your visit information. Google processes this data on our behalf and may also use it in accordance with their own privacy policy. We do not sell analytics data to third parties.

Australian Privacy Act Compliance

Under the Australian Privacy Principles (APPs), we are transparent about the collection and use of personal information. The analytics data described above is collected for the legitimate purpose of improving our service and measuring marketing effectiveness. You have the right to access, correct, or request deletion of your personal information at any time by contacting us.

9. The Widget and End-User Data

When you embed the Lantern widget on your website, it may collect data from your end users (visitors, clients, testers):

Screenshots of the current page (may include visible content)
Screen recordings (browser tab capture, requires user consent via browser prompt)
Browser information (user agent, viewport size, current URL)
JavaScript errors and console logs
Comments and file attachments submitted by the end user

As the widget embedder, you are the data controller for your end users' data. You are responsible for:

Informing your end users about data collection
Obtaining any required consent under applicable laws (e.g. GDPR, CCPA)
Using the privacy masking feature for sensitive page elements

We process end-user data solely on your behalf and do not use it for any other purpose.

9a. PII redaction in error reports

Two layers of automatic scrubbing run on every error report before it is stored:

Widget-side URL sanitisation — sensitive query-string parameters (token, access_token, password, code, email, otp, session, and similar) are replaced with [redacted] before any URL leaves the browser. The hash fragment of the URL is also stripped, since OAuth implicit-flow tokens commonly land there.
Server-side regex redaction — every string field on an inbound error event (message, stack trace, page URL, breadcrumbs) is scanned for high-precision PII patterns: email addresses, JWTs, AWS access key IDs, Stripe live/test keys, GitHub personal access tokens, Authorization: Bearer … headers, and US Social Security numbers. Matches are replaced with a typed placeholder such as [redacted:email] or [redacted:jwt].

rrweb session replays additionally mask all input field values by default, and the screenshot pipeline blacks out password fields, payment-card fields, and any element marked with data-pp-private client-side before the image is uploaded.

Console output captured as breadcrumbs is subject to server-side regex redaction but is otherwise stored verbatim — if your application logs sensitive data via console.log we strongly recommend disabling those log statements in production code.

10. Children's Privacy

Lantern is not directed at children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

11. International Data Transfers

Your structured data is stored in the EU (Neon Postgres in Frankfurt; BetterStack logs in Frankfurt). Files are stored in Cloudflare R2 distributed across Cloudflare's global edge network. Some Sub-processors (Stripe, Resend, Anthropic, Atlassian, Slack) operate from the US and other regions; for these, we rely on the EU Standard Contractual Clauses (SCCs, Module 2) and each vendor's published Data Processing Agreement. The full per-vendor location and transfer mechanism is in our Sub-processor list.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice at least 14 days before the changes take effect. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact

If you have questions about this Privacy Policy or how we handle your data, contact us at:

Augmt
Email: [email protected]