Lantern
Effective: April 11, 2026  ·  Last updated: April 11, 2026

Privacy Policy

This Privacy Policy describes how Clinic Lantern ("Lantern," "we," "us," or "our") collects, uses, and protects information in connection with the Lantern analytics dashboard available at cliniclantern.com (the "Service").

Lantern is designed with a privacy-first architecture. Clinic data you upload is processed entirely within your web browser and is never transmitted to our servers. We take this approach because we understand the sensitivity of healthcare practice data.

1. Information We Collect

1.1 Account Information

When you create an account or subscribe to Lantern, we collect:

  • Email address
  • Name
  • Password (stored in hashed form by our authentication provider, Supabase)
  • Billing information (processed and stored by Stripe; we do not store your full credit card number)

1.2 Clinic Data You Upload

You may upload CSV or Excel files exported from Jane App or other practice management software. These files may contain appointment records, financial summaries, client tracking data, and related clinic operations information.

This data is processed entirely in your web browser using client-side JavaScript. It is stored in your browser's local storage on your device. Lantern's servers never receive, transmit, store, or have access to your uploaded clinic data.

1.3 Automatic De-identification

When you upload a file, Lantern automatically de-identifies the data inside your browser before anything is stored. This processing happens entirely on your device — no version of the file, identified or otherwise, is ever sent to our servers.

The de-identification process works as follows:

  • Whitelist-based column filtering. Lantern uses an explicit allow-list of operational columns it knows how to interpret (appointment dates, status, fee, clinician, treatment type, and similar fields). Any column that is not on this list is dropped during import by default. This means that even columns Lantern has never seen — including custom or future Jane App fields — are not retained.
  • Explicit removal of identifying fields. Common direct identifiers — including client first and last names, full names, email addresses, phone numbers (mobile, home, work), dates of birth, mailing addresses (street, city, province, postal code), emergency contact details, and Canadian health card numbers — are explicitly listed as fields to delete during import, even when present in the source export.
  • Generation of an internal anonymized Client ID. For each unique client, Lantern generates an internal identifier (e.g., "Client_0001") that is used purely as a key to group that client's appointments together for analytics. The original client name and Jane App's patient identifier are not stored alongside this internal ID.
  • Free-text field scrubbing. Free-text fields from inquiry and consult tracker uploads (such as inquiry notes or stated reason for seeking therapy) are scanned for personal information patterns — email addresses, phone numbers, postal codes, ZIP codes, dates of birth, and health card numbers — and any matches are replaced with placeholder tokens (e.g., "[email]", "[phone]") before storage. The "client id" column from the consult tracker is intentionally not stored at all.
  • Local-only storage. The de-identified result is written only to your browser's local storage. It is not uploaded, synced, or backed up by Lantern.

While we have designed this process to remove direct identifiers, no automated de-identification system is perfect. You remain responsible for reviewing your source files and ensuring you are authorized to use them. See our Data Processing Disclaimer for more detail.

1.4 Usage and Technical Data

We collect limited technical data to operate and improve the Service:

  • Browser type and version
  • Device type and operating system
  • Pages visited within the Service and feature usage patterns
  • IP address (collected automatically by our hosting infrastructure)
  • Date and time of access

1.5 Cookies and Similar Technologies

We use strictly necessary cookies for authentication and session management. See our Cookie Policy for details.

For a detailed explanation of how Lantern processes your clinic data within your browser, see our Data Processing Disclaimer.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your subscription payments
  • Authenticate your identity and manage your account
  • Send transactional communications (e.g., payment confirmations, service updates)
  • Respond to your support requests
  • Monitor for security threats and prevent fraud
  • Comply with legal obligations

We do not use your clinic data for any purpose. We cannot — it never reaches our servers.

3. How We Share Your Information

We share account and technical information only with the following categories of service providers, and only as necessary to operate the Service:

  • Supabase — authentication and account management
  • Stripe — payment processing and subscription management
  • Hosting provider — infrastructure to serve the application

We do not sell, rent, or trade your personal information to third parties. We do not share your information for advertising purposes.

We may disclose information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Data Storage and Security

4.1 Account Data

Your account information is stored by Supabase (authentication) and Stripe (billing), both of which maintain industry-standard security practices, including encryption at rest and in transit.

4.2 Clinic Data

Your uploaded clinic data is stored exclusively in your browser's local storage on your own device. It is not transmitted over the internet and is not stored on any Lantern server or cloud service. You can delete all stored clinic data at any time using the "Clear All Data" function within the application.

4.3 Security Measures

We implement appropriate technical and organizational measures to protect account information, including HTTPS encryption for all communications, secure authentication protocols, and regular security reviews.

5. Data Retention

  • Account data: Retained for the duration of your account. Upon account deletion, we remove your information from our active systems within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).
  • Clinic data: Stored in your browser only. You control its retention entirely. Clearing your browser data or using the in-app "Clear All Data" button removes it permanently.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate personal information
  • Request deletion of your personal information
  • Withdraw consent where processing is based on consent
  • Request a portable copy of your personal information
  • Object to certain processing activities

To exercise any of these rights, contact us at support@cliniclantern.com. We will respond within 30 days.

Canadian Privacy Rights

If you are located in Canada, your personal information is protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, including the Personal Health Information Protection Act (PHIPA) in Ontario. You have the right to access and correct your personal information held by Lantern, and to file a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.

7. International Data Transfers

Our service providers (Supabase, Stripe) may process account data in the United States or other jurisdictions outside of Canada. Where this occurs, we ensure appropriate safeguards are in place, including contractual protections consistent with applicable privacy laws.

Your clinic data is never transferred internationally — it remains in your browser on your device.

8. Children's Privacy

Lantern is a business-to-business service intended for use by clinic owners, practice managers, and authorized staff. We do not knowingly collect personal information from individuals under the age of 18. If we learn that we have collected personal information from a child, we will take steps to delete it promptly.

9. Third-Party Links

The Service may contain links to third-party websites or services (e.g., Jane App, Stripe). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service with a revised "Last Updated" date and, where appropriate, by email. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Clinic Lantern Email: support@cliniclantern.com Website: cliniclantern.com

Questions? Email support@cliniclantern.com.