Last updated: 28/01/2026
This Privacy Policy explains how App Attic Ltd (“Company”, “we”, “us”, “our”) collects, uses, stores, and shares personal data when you use Lantern and our related services (“Services”).
This policy applies to:
- the Lantern Shopify application
- our website and documentation
- sales, marketing, and support communications
If you do not agree with this Privacy Policy, you should not use the Services.
1. Who we are
App Attic Ltd is a company incorporated in England and Wales (company number 13045669) with its registered office at:
Flat 22 Lawford Mews
28 Waterloo Road
Bristol
BS2 0PN
United Kingdom
Lantern is a Shopify application developed and operated by App Attic Ltd.
2. Roles and responsibilities
Merchants
When you use Lantern to collect personal data from your customers or store visitors, you act as the data controller. You determine what data is collected, why it is collected, and how it is used.
You are responsible for:
- informing your customers that their data will be processed using Lantern
- making this Privacy Policy available to them where required
- ensuring you have a valid legal basis to collect and share their data
App Attic Ltd
We act as a data processor when processing customer data on your behalf to provide the Services. We act as a data controller for our own business data, such as merchant contact details, support communications, and marketing data.
3. Personal data we collect
Data you provide to us
We collect personal data you provide when you:
- install or use the Services
- contact us for support or sales
- participate in marketing activities or events
This may include your name, email address, phone number, company name, store URL, and account configuration details.
Support and communications
When you contact us for support or communicate with us in relation to the Services, we process the information you choose to provide in order to respond to your enquiry and support the use of the Services. This may include communications from merchants, their authorised users, or, where applicable, individuals contacting us in relation to the operation of a merchant’s use of Lantern.
Please do not include sensitive personal information (such as health information, payment card details, or other special category data) in communications with us, as this is not required for us to provide support or respond to enquiries
Data collected automatically
When you use the Services or visit our website, we collect technical and usage data such as:
- IP address
- browser and device information
- operating system and language
- usage logs, timestamps, and error data
This data is used for security, performance monitoring, and analytics.
Customer data collected through Lantern
Depending on how you configure Lantern, your customers may provide personal data such as:
- contact details (for example name, email, phone number)
- quiz responses, preferences, and selections
- product interests and interactions
We process this data only on your behalf and in accordance with your instructions.
4. Special category data
Lantern does not require the collection of special category or sensitive personal data by default. However, you may choose to collect such data through quiz questions or configurations.
Where special category data is processed:
- you are responsible for identifying and relying on a valid legal basis under applicable law
- you must provide any required notices to data subjects
We process special category data solely on your behalf, under your instructions, and only to provide the Services. Where required by law, our processing relies on corresponding lawful grounds available to processors under applicable data protection laws.
5. How we use personal data
We process personal data to:
- provide, operate, and maintain the Services
- store quiz configurations and results
- enable integrations you choose to activate
- provide analytics and reporting
- respond to support requests
- ensure platform security and prevent misuse
- comply with legal obligations
We do not sell personal data.
6. Marketing and partner communications
We may use your contact details to communicate with you about:
- the Services
- updates, new features, or changes
- other services we and our partners offer
7. Data storage and location
Personal data processed through Lantern is stored on servers located in the European Union.
Access to personal data may be provided to authorised personnel or service providers located outside the EU or UK for support, maintenance, or operational purposes, subject to appropriate security and confidentiality controls.
8. Integrations and third party services
Lantern integrates with third party services such as email, SMS, analytics, automation, subscriptions, reviews, and marketing platforms.
When you enable an integration:
- you instruct us to share relevant data with that provider
- the provider processes data under its own terms and privacy policy
- Lantern is not responsible for the provider’s data practices
Some integration providers may process data outside the EU or UK.
9. When and with whom we share personal data
We may share personal data in the following circumstances:
Service providers and subprocessors
We use trusted third party providers to operate and support the Services, including providers of:
- cloud infrastructure and hosting
- analytics and monitoring
- customer support and communications
- security, fraud prevention, and error tracking
- AI and automation services, including services provided by OpenAI
These providers process data only under our instructions and subject to contractual data protection and confidentiality obligations.
Shopify
We receive data from and share data with Shopify as required to provide the Services and support authentication and app functionality.
Integrations chosen by you
When you enable an integration, personal data may be shared with that provider at your instruction.
Legal requirements
We may disclose personal data where required to do so by law, regulation, or legal process, or to protect our rights, users, or others.
A current list of categories of subprocessors, and examples where appropriate, is available on request or through our website.
10. International access and transfers
While data is stored in the EU, personal data may be accessed from or transferred to locations outside the EU or UK, including through support operations or third party providers.
Where required by applicable law, we ensure appropriate safeguards are in place to protect such data transfers.
11. Data retention, uninstallation, and deletion
We retain data associated with your use of the Services after uninstallation to support reinstallation, continuity, and service reactivation.
You may request deletion of personal data at any time. Upon receiving a valid deletion request from you, we will delete or anonymise the relevant data unless retention is required by law.
12. Security
We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, or disclosure.
No system can be guaranteed to be completely secure, and use of the Services is at your own risk.
13. Data subject rights
Depending on applicable law, individuals may have rights to access, correct, delete, restrict, or object to processing of their personal data.
As the data controller, you are responsible for responding to requests from your customers. We will provide reasonable assistance where required.
14. Children’s data
The Services are not intended for use by children. We do not knowingly collect personal data from individuals under 18.
15. Changes to this policy
We may update this Privacy Policy from time to time. The updated version will be effective when published.
16. Contact us
For privacy or data protection questions, contact:
Email: support@trylantern.com or contact@appattic.com
Address:
App Attic Ltd
Flat 22 Lawford Mews
28 Waterloo Road
Bristol
BS2 0PN
United Kingdom
