LanternBRP™ Privacy Policy

LanternBRP™ is an AI-native SaaS Business Resource Planning (BRP) platform focused on providing enterprise-grade solutions to organizations of all sizes and across multiple verticals. Our highly flexible, AI-native BRP solution can be fully customized to meet every business's unique needs, with scalable and buildable onboarding that is significantly less costly and integrates far faster than traditional ERP systems.

LanternBRP™ is designed from the ground up to illuminate operational complexities while placing data privacy, security, and governance at its core. This Data Privacy Policy explains in detail how we collect, use, protect, and manage your information within our secure, scalable cloud environment and our proprietary 8-layer architecture (with a central trust boundary). The policy is grounded in the architecture described in our Data Whitepaper and reflects our commitment to real-time visibility, personalized AI insights, automated workflows, and scalable optimization—all while preserving your original business intent, processes, and data sovereignty.

By using LanternBRP™, you acknowledge and agree to the practices described below. If you have questions, please contact us immediately.

1. Information We Collect

We collect only the data necessary to deliver the powerful, unified intelligence that LanternBRP™ provides. All collection occurs through secure, consented connections and is strictly limited to what you choose to integrate.

Categories of information include:

  • Account and Contact Data: Business name, authorized user names, email addresses, phone numbers, and billing details provided during signup, onboarding, or account management.
  • Business Operational Data: The core of your LanternBRP™ experience. This includes inventory levels, financial records, CRM data, point-of-sale (POS) transactions, supply chain information, production schedules, bills of materials (BOMs), routings, quality records, and any other data you connect from your existing ERP, CRM, inventory, finance, or other systems.
  • Usage and Interaction Data: How your team interacts with the platform, including conversational AI queries, dashboard usage, workflow executions, feedback submissions, and human-in-the-loop approvals.
  • Technical and Security Data: IP addresses, device identifiers, browser types, session metadata, and system logs generated during access and use (used solely for security, performance, and compliance purposes).

We do not collect sensitive personal information (such as health, biometric, racial, or religious data) unless you explicitly include it within your own operational records. Even then, such data remains fully isolated within your dedicated tenant and is processed only for the business purposes you define.

2. How We Use Your Information

LanternBRP™ transforms fragmented data into a single source of truth through our Data Unification and Analysis layer. Secure connectors and APIs aggregate information from your ERP, CRM, inventory, finance, POS, and supply chain systems. All incoming data is validated and cleansed in real time to ensure accuracy and consistency.

Your data powers the following core functions:

  • AI Agents and Predictive Models: Agentic AI and advanced predictive models analyze your unified data to deliver personalized recommendations for forecasting, inventory optimization, anomaly detection, production scheduling, demand planning, and workflow automation—always while maintaining your original business intent and vertical-specific requirements.
  • Personalization and Vertical Framework: The platform learns from your operational history, user preferences, and vertical-specific configurations to refine insights over time. This learning occurs entirely within your isolated tenant and is used exclusively to improve relevance for your business.
  • Real-Time Visibility and Automation: Generating dashboards, proactive insights, notifications, and automated workflows that unify departments and accelerate decision-making.
  • Platform Improvement: Aggregated, anonymized usage patterns (never linked to any specific business) help us continuously enhance the flexibility, scalability, and performance of our BRP solution.

We never use your data for advertising, profiling unrelated to your business operations, or any purpose outside the scope of delivering and improving LanternBRP™.

3. Data Sharing and Disclosure

LanternBRP™ operates on a strict tenant-isolation model. Your data is never commingled with any other customer's data.

We share information only in the following limited, controlled circumstances:

  • With your explicit consent or at your direction (e.g., when you approve an integration or export)
  • With trusted subprocessors (such as cloud infrastructure providers) who are contractually bound by data-processing agreements that meet or exceed our own standards
  • When required by applicable law, court order, or government authority (in which case we will notify you unless prohibited)
  • To protect the security and integrity of the platform or the rights of others

We do not sell, rent, trade, or monetize your business data in any way. AI processing occurs entirely within our secure environments with no external data exposure.

4. Data Security and Protection: Our 8-Layer Architecture

Security and privacy are not add-ons at LanternBRP™, they are architecturally enforced at every level. Our platform runs in a secure, scalable cloud environment built on an 8-layer architecture with a central trust boundary that serves as the single, non-bypassable enforcement point for all AI activity and data operations.

Key protective layers include:

Trust Boundary (Layer 2)

Every request, AI action, tool call, and workflow must pass through this central enforcement point. Capabilities include strong authentication and authorization, rate limiting and abuse prevention, session controls and bot protection, action guardrails, and policy enforcement. Unlike traditional gateway approaches, this boundary is architecturally enforced and cannot be bypassed, providing consistent, non-optional protection for every interaction.

Security Plane (Layer 3)

Comprehensive enterprise-grade protection for identity, data, and AI behavior. Features include enterprise SSO and tenant isolation, fine-grained Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC), prompt-injection and data-leakage defenses, sandboxed execution environments with default-deny network access, secrets management, and encryption both in transit and at rest.

Control Plane (Layer 4)

Orchestrates lifecycle governance and quality. Policy-as-code enforcement, staged promotion across environments (development → staging → production), automated evaluations, and regression gates ensure predictable, testable, and governable AI behavior.

Runtime Plane (Layer 5)

Executes AI workflows in secure, isolated environments. Supports synchronous, asynchronous, and batch processing with built-in scheduling, retries, rollback mechanisms, human-in-the-loop approval checkpoints for sensitive actions, and strict resource quotas and concurrency controls.

Data Management Practices

All data is encrypted in transit and at rest, stored with robust governance controls, and handled responsibly in full compliance with applicable privacy standards. Provenance tracking, integrity controls, data classification, and data-loss prevention mechanisms provide end-to-end accountability.

Additional safeguards include regular security assessments, continuous monitoring, anomaly detection, and a default-deny approach to all network and external access.

5. Data Retention and Deletion

We retain your data only for as long as it is needed to provide the LanternBRP™ services or as required by law. When your subscription ends or you request deletion, we permanently and securely remove your data within 30 days (with any backup copies purged shortly thereafter), subject to any legal retention obligations.

You may request deletion of specific records or your entire dataset at any time through the in-platform tools or by contacting us.

6. Your Privacy Rights and Choices

Depending on your location and applicable laws, you may have the right to:

  • Access, correct, or delete your data
  • Restrict or object to certain processing activities
  • Port your data in a structured, machine-readable format
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, simply submit a request via our in-platform "Data Subject Request" tool or email [email protected]. We respond to verified requests within 30 days (or the timeframe required by law). For enterprise customers, we also provide detailed audit logs and data-export capabilities upon request.

7. International Data Transfers

For customers outside the United States, LanternBRP™ uses approved legal mechanisms (including Standard Contractual Clauses) to ensure your data receives an equivalent level of protection when processed in the U.S. or other jurisdictions.

8. Cookies and Tracking Technologies

We use essential cookies and similar technologies to enable core platform functionality, security, and performance. Optional analytics cookies help us understand usage patterns and improve your experience. You can manage preferences through your browser settings or our cookie consent banner. Full details are available in our separate Cookie Policy.

9. Children's Privacy

LanternBRP™ is a business-to-business platform. We do not knowingly collect or process data from individuals under the age of 16 and do not offer services to children.

10. Changes to Lantern's Privacy Policy

We may update this policy to reflect enhancements to our platform or changes in legal requirements. Material changes will be communicated via email or prominent in-app notice at least 30 days in advance. Continued use of LanternBRP™ after such updates constitutes acceptance of the revised policy.

Questions about this policy?

[email protected]