Calm LanternA calm way to check messages, links, and phone numbers.Sign in
Home

Privacy Policy

Version 1.0Effective April 9, 2026

1. What we collect

When you use the website without an account:

  • The text or link you submit for a check
  • A salted SHA-256 hash of your IP address (for rate limiting and quota tracking — never the raw IP)
  • Standard request metadata (timestamp, browser User-Agent)

When you create an account:

  • Your email address
  • A timestamp of when you created the account and last signed in
  • Your subscription state (managed by Stripe — we do not store your full card number)

When you submit a check (any channel):

  • The text or link you submitted
  • The verdict our system generated
  • The deterministic findings (domains, phones, brands mentioned in your text)
  • Cost and token counts for the LLM call

When you enroll a phone for SMS (Family plan):

  • The phone number in E.164 format
  • Timestamps of enrollment and verification
  • The fact that you consented to receive SMS from us

2. What we do not collect

  • Your full IP address (we hash it on receipt)
  • Your full payment card number (handled by Stripe)
  • Your password (we don't use passwords)
  • Browsing history outside our Service
  • Location data
  • Anything from social logins

3. Retention

By default we keep your check records for 30 days and then delete them automatically. You can opt in to longer retention from the Privacy section of your account page if you want to be able to look back at your history.

For accounts that have not opted in to longer retention, we apply automated PII redaction (SSNs, credit cards, account numbers, emails, and phone numbers) before storing the checked text.

We keep your account record (email, subscription state) for as long as your account exists. When you delete your account, we delete the account record and all associated checks within 7 days, except for items required for legal or accounting reasons (such as Stripe invoices).

4. Why we collect what we collect

  • To run the checks — text and link you submit are passed through our analysis pipeline
  • To bill you — email and Stripe customer ID for paid plans
  • To prevent abuse — hashed IP and quota counters
  • To respond to you — magic-link emails, SMS replies
  • To improve the product — only with your explicit opt-in (Privacy section of your account)

5. Who we share data with

We use the following vendors. None of them sell your data either.

VendorPurposeData shared
StripePayment processingEmail, billing address, payment method
MailgunMagic-link emails, transactional emailEmail address, message body
TwilioSMS verification and verdict repliesPhone number (E.164), message body
AnthropicLLM verdict generationThe text you submitted plus our deterministic findings
Google Cloud (Web Risk)URL threat lookupThe URL you submitted
CloudflareDDoS protection, DNSRequest metadata
HetznerHostingWhatever is in our database

We may also share data when legally required (subpoena, court order, statutory request) or to protect the rights, property, or safety of Calm Lantern, our users, or the public.

We do not sell your personal information.

6. Cookies

We use a small number of cookies. See our Cookie Policy.

7. Your rights

Regardless of where you live, you can:

  • See what we have about you. Email privacy@calmlantern.com and we'll send you an export.
  • Correct or delete it. Delete your account from the account page, or email us.
  • Object to processing or restrict it. Email us. (We may not be able to operate the Service for you if you do.)
  • Opt out of email communications. All non-transactional email has an unsubscribe link. Magic-link sign-in emails are transactional and cannot be opted out of (you can simply not request them).

If you are in California you have additional rights under the CCPA, including the right to opt out of "sale" of your personal information. We do not sell personal information.

8. Children

The Service is not for users under 18. We do not knowingly collect information from anyone under 18. If you believe we have collected information from a child, please email us and we will delete it.

9. Security

We take reasonable steps to protect your information. See our Security Statement.

10. International transfers

Our servers are in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US. The Service is not currently offered outside the US.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email to active accounts at least 14 days before they take effect. The version and effective date at the top of this page reflect the current version.

12. Contact

Questions or requests about your privacy? Email privacy@calmlantern.com.