Your Privacy & Security at Lantern

Welcome! We know privacy matters to you. It matters to us too. This guide explains how we protect your information and what you can do to stay safe.

---

What Makes Lantern Different

Most social apps collect as much data as possible. Lantern does the opposite.

What We DON'T Collect

❌ Photos of you - Ever. Not allowed in the app.
❌ Your real name - Optional. If provided, it's encrypted.
❌ Your age - We verify you're 18+, but don't display it.
❌ Your location history - Deleted after 48 hours automatically.
❌ Your chat logs - Stored only on your device, not our servers.

What We DO Collect

✅ Lantern Name - A generated username like "Sapphire Lantern"
✅ Interests - Tags you choose (Coffee, Jazz, Hiking, etc.)
✅ Mood - Your current vibe (Chatty, Quiet, Exploring)
✅ Check-ins - Where you light your lantern (deleted after 48hr)
✅ Birth date - Encrypted, only for age verification

The difference: Most of what we collect is PUBLIC and helps you meet people. The sensitive stuff (birth date) is ENCRYPTED so we can't see it.

---

Your Location Privacy

How We Use Your Location

Lantern needs your location to enable proximity features:

• Waves: Connecting with people physically nearby (within ~50 feet)
• Lantern Hub: Showing who's at the same venue as you
• Check-ins: Verifying you're actually at a venue for merchant offers

How We DON'T Use Your Location

❌ No location history - We don't track where you've been
❌ No movement tracking - We don't monitor your routes
❌ No location profiles - We don't build a map of your habits
❌ No GPS storage - Your coordinates are NEVER saved to our database

The Technical Details (Simple Version)

When you use a proximity feature:

1. Browser asks permission - You see "Allow Lantern to access your location?"
2. You grant access - Your device gets GPS coordinates (just for this moment)
3. We check proximity - "Are you within 50 feet of User X?" or "Are you at Venue Y?"
4. We answer yes/no - The feature works (or doesn't)
5. We forget your location - GPS coordinates deleted immediately

What we keep (briefly):

• Check-in event: "User checked into Bar XYZ at 8pm" (deleted after 48 hours)
• Wave event: "User A waved to User B" (deleted after 7 days)

What we NEVER keep:

• Your GPS coordinates
• Your movement patterns
• Where you went yesterday, last week, or last year

Browser Protection

Your browser has extra safeguards:

• You must click "Allow" each time you open the app (or grant persistent permission)
• Only Lantern's website can request location (third-party scripts cannot)
• You can revoke permission anytime in browser settings
• You can use the app without granting location (some features won't work)

What About Stalking/Harassment?

Protection layers:

1. Zero-knowledge design - Nobody knows who's nearby until you BOTH wave
2. Block feature - Blocked users never see you or your location
3. Pattern detection - Our system flags users who suspiciously check into the same venues as you repeatedly
4. No real-time presence - We don't broadcast "User X is at Bar Y right now" to everyone

If you feel unsafe:

• Use the block feature immediately
• Report the user (we investigate patterns)
• Contact us at safety@ourlantern.app

---

How Encryption Protects You

Your Passphrase = Your Privacy

When you sign up, you create a passphrase (like a super-strong password). This passphrase encrypts your sensitive information on YOUR device before it ever reaches our servers.

┌─────────────────────────────────────────────┐
│  Your Device                                │
│                                             │
│  Birth date: 1990-05-15                    │
│       ↓                                     │
│  Your passphrase encrypts it                │
│       ↓                                     │
│  Encrypted: "k2j3n4lk5j6h7..."             │
└─────────────────────────────────────────────┘
                    │
                    ▼
┌─────────────────────────────────────────────┐
│  Our Servers                                │
│                                             │
│  Received: "k2j3n4lk5j6h7..."              │
│  (Gibberish without your passphrase)        │
│                                             │
│  ⚠️ We CANNOT decrypt this                  │
└─────────────────────────────────────────────┘

What this means for you:

• ✅ Even if our servers are hacked, your data is safe
• ✅ Even if the government demands your info, we can't give plaintext
• ⚠️ If YOU forget your passphrase, your data is GONE forever

Creating a Strong Passphrase

Your passphrase protects everything. Make it strong:

Good examples:

• Coffee&Jazz2025!
• Luna*Hikes@Midnight
• BookWorm#415Reader

Bad examples:

• password ❌
• 12345678 ❌
• lantern ❌

Requirements:

• At least 12 characters
• Mix of uppercase and lowercase
• At least one number
• At least one special character (!@#$%^&*)

Pro tip: Write it down and keep it somewhere safe (NOT in a digital file).

---

What Happens to Your Data

Automatic Deletion

We don't hoard your data. Here's what gets auto-deleted:

What	When
Venue check-ins	After 48 hours
Wave requests	After 7 days
Chat messages	When you delete them (stored on your device only)
Your entire account	30 days after you request deletion

Manual Deletion

You control your data:

• Delete account: Settings → Privacy & Data → Delete Account
• Clear check-in history: Automatically happens every 48 hours
• Remove interests: Settings → Profile → Edit interests

---

Chat Privacy

How Chat Works

Unlike most apps, Lantern doesn't store your chats on our servers. Here's the flow:

Your message
    ↓
Encrypted on YOUR device
    ↓
Relayed through our server (not stored)
    ↓
Delivered to recipient's device
    ↓
Stored on THEIR device (not ours)

What this means:

• ✅ We can't read your chats
• ✅ We can't hand over chat logs (we don't have them)
• ⚠️ If you lose your device, your chats are gone (unless you backup)

What We CAN See

We can see metadata (not content):

• Who sent a message to whom
• When it was sent
• Approximate size of message

We CANNOT see:

• What the message says
• Any photos/content shared

This is similar to how your phone company knows you called someone but doesn't record the conversation.

---

Your Rights

Data Access

You have the right to see all data we have on you:

1. Settings → Privacy & Data → Download My Data
2. We'll send you a file with everything we store
3. Most of it will be encrypted (you'll need your passphrase to read it)

Data Portability

You can export your data and take it elsewhere:

• Interests, mood, Lantern name → JSON file
• Check-in history → CSV file
• Chat messages → Stored on your device already

Data Deletion

You can delete your account anytime:

1. Settings → Privacy & Data → Delete Account
2. Confirm you understand data is unrecoverable
3. Account deleted within 24 hours
4. All data purged within 30 days

Warning: Deletion is permanent. We CANNOT recover your account.

---

Safety Tips

Protect Your Passphrase

🔒 Do:

• Write it down on paper
• Store it in a safe place
• Use a password manager (optional)

❌ Don't:

• Share it with anyone
• Save it in a text file or email
• Use the same passphrase for other sites

Meeting People Safely

Lantern helps you meet people at public venues. Stay safe:

✅ Do:

• Meet in public places only
• Tell a friend where you're going
• Trust your instincts
• Use the block/report feature if needed

❌ Don't:

• Share personal info (address, full name) in chat
• Meet at private locations
• Feel pressured to meet if uncomfortable

Recognize Scams

If someone asks for:

• Money or gift cards
• Your passphrase
• Photos or videos
• Personal information (SSN, credit card)

🚨 That's a scam. Block and report immediately.

---

Security Features in Your Control

Location Tracking (Opt-In)

By default, we DON'T track your location history. You can opt-in if you want:

Settings → Privacy & Data → Location History

• OFF (default): Check-ins deleted after 48 hours, no history kept
• ON: We remember your recent spots to suggest venues

Even with tracking ON, data is deleted after 48 hours.

Profile Visibility

Control what others see:

• Lantern Name: Always visible (that's how you connect)
• Interests: Always visible (helps people find you)
• Mood: Always visible (shows your vibe)
• Age: NEVER visible to anyone
• Birth date: NEVER visible, encrypted

---

Questions & Concerns

What if I forget my passphrase?

Bad news: Your encrypted data is gone. We CANNOT reset it.

Why: If we could reset it, we could also decrypt your data, which defeats the purpose.

Prevention: Write it down NOW and keep it safe.

What if my device is lost or stolen?

Immediate steps:

1. Use another device to log into Lantern
2. Change your passphrase (Settings → Security → Change Passphrase)
3. Report device stolen to your phone carrier

What happens to your data:

• Encrypted data on our servers: Still safe (needs passphrase)
• Chat messages on lost device: Potentially accessible if device was unlocked
• Solution: Enable device encryption on your phone (iOS/Android settings)

What if Lantern gets hacked?

What hackers would get:

• Encrypted birth dates (gibberish without passphrase)
• Public data (Lantern names, interests, moods)
• No chat logs (we don't store them)

What hackers would NOT get:

• Your passphrase (never stored)
• Your decrypted birth date (we can't decrypt it)
• Your chat messages (on your device, not our servers)

What we'd do:

1. Notify all users within 72 hours
2. Force password resets if auth system compromised
3. Publish transparency report
4. Work with security experts to patch vulnerability

Can the government read my data?

What we'd provide if ordered by court:

• Encrypted data (we'd say: "we cannot decrypt this")
• Public profile data (Lantern name, interests, moods)
• Account metadata (creation date, last login)

What we CANNOT provide:

• Decrypted private data (we don't have passphrase)
• Chat message content (not stored on our servers)

Our position: We comply with valid legal requests, but our architecture ensures we have minimal useful data to hand over.

---

How We're Getting Better

We're Always Improving

Security is a journey, not a destination. Here's what we're working on:

Now:

• ✅ Zero-knowledge encryption for sensitive data
• ✅ Device-local chat storage
• ✅ Automatic data deletion

Next 6 months:

• 🔄 External security audit
• 🔄 Bug bounty program
• 🔄 Backup codes (in case you forget passphrase)

Future:

• 🔮 Signal Protocol (gold standard for chat encryption)
• 🔮 Hardware security key support
• 🔮 Even better metadata protection

We Want Your Feedback

Found a security issue? Have a suggestion?

Please tell us:

• Email: security@ourlantern.app (coming soon)
• GitHub: Report vulnerabilities responsibly
• In-app: Settings → Help → Security Concern

We take every report seriously and respond within 48 hours.

---

Trust, But Verify

How to Verify Our Claims

We say we can't decrypt your data. Here's how you can verify:

1. Check the code: Our encryption code is open for review
2. Ask an expert: Share our docs with a security professional
3. Read audits: We'll publish external audit reports (when available)

We believe in transparency over trust. Don't just take our word for it—verify it yourself.

---

Summary: Your Data in 60 Seconds

✅ Your passphrase encrypts sensitive data on YOUR device
✅ Our servers only see encrypted gibberish
✅ Your chats are stored on YOUR device, not our servers
✅ Your check-ins are auto-deleted after 48 hours
✅ Your account can be deleted anytime, permanently
✅ We can't decrypt your data even if forced to
✅ We welcome security feedback and research

Bottom line: We built Lantern so we don't have your private data. Because if we don't have it, we can't lose it, leak it, or be forced to hand it over.

---

Questions? Settings → Help → Security & Privacy

Stay safe out there! 🔒