Privacy Policy

Effective date: July 14, 2026 · Last updated: July 14, 2026

Lantern Phish (“we,” “us”) helps families learn to recognize phishing and online scams by sending safe, simulated scam messages to family members you add (“family members”) and showing you how they responded.

Information we collect

Account information. Your email, name, phone number, and password (stored only as a secure hash). If you sign in with Apple or Google, we receive your name and email from that provider.

Family member information you provide. To run practice tests, you add family members and provide their name, email, and/or phone. You are responsible for having permission to add them. Used only to send the practice messages you request and show results.

Practice-test and usage data. Which simulated tests were sent and whether a family member clicked a practice link, to calculate a “safety score” and show reports. We do not collect the content of anyone’s real messages.

Device and technical data. A device token for push notifications, and basic technical data (e.g., IP address, timestamps) when practice links are opened, used only to attribute a click to the correct practice test.

Subscription data. Subscriptions are purchased through the Apple App Store. We receive subscription status only; we never receive or store payment card details — Apple handles payment.

How we use your information

  • Send the practice messages you request and show results.
  • Calculate safety scores and reports for the family members you add.
  • Send you notifications (e.g., a family member clicked a practice link).
  • Manage your subscription and account.
  • Secure the service and prevent abuse.

We do not sell your personal information and do not use it for third-party advertising.

Third-party service providers

These processors handle data only to provide their service to us:

  • Supabase — database, authentication, backend hosting
  • Twilio — practice SMS
  • Mailgun — practice email
  • Firebase / Google — push notifications
  • RevenueCat — subscription entitlements
  • Apple — app distribution and subscription payments

Data retention & deletion

We keep your data while your account is active. You can delete your account and all associated data at any time: open the app → AccountDelete Account. This permanently removes your account and all data about you and the family members you added — profile, family members, practice-test history, click records, notifications, device tokens, and subscription records — across all our systems. Deletion is immediate and cannot be undone. You may also request deletion by emailing [email protected].

Children’s privacy

Lantern Phish is for adults (parents/guardians) protecting their families. If you add a minor as a family member, you confirm you are their parent/guardian or have permission to add their contact info. We do not knowingly let children create accounts. If you believe a child gave us information directly, contact us and we will delete it.

Security

We use industry-standard measures (encryption in transit, hashed passwords, access controls). No method is 100% secure, but we work to protect your information.

Your rights

You may have the right to access, correct, or delete your information, or object to certain processing. Use the in-app deletion above or contact us for any request.

Changes to this policy

We may update this policy; we will revise the “Last updated” date and, for material changes, notify you in the app or by email.

Contact

Questions? Email [email protected].