Last Updated on 31st, October 2019
Lanternoid is fully-owned by Lanternoid. At Lanternoid, we work hard to build trust and take responsibility for securing the privacy of all the information you share with us the same way we would like a site to take care of our data. Our top priority for Lanternoid and our users is GDPR compliance.
The Lanternoid Privacy Statement ("Privacy Statement") helps you understand what information we collect, why and how we collect it, and how you can manage and delete your information.
In this policy "we", "us", "our", "company", "site" and "service" refer to Lanternoid, and "you", "user", "individual", "client" refers to Lanternoid's visitors and signed-in users.
We are a UK-based startup. The founder, Mahsa Mohammadkhani, started building the website in 2018. We are in beta mode at the moment.
If you have any question about Privacy Statement, personal information and security, please feel free to reach us with the information below:
What personal data we collect using third parties, and why
1. Google Analytics and Google Tag Manager:
What Google Analytics and Google Tag Manager collect from your personal information:
- first-party cookies (cookies with the .lanternoid.com domain, and GA's cookies)
- your anonymised internet protocol (IP) (last 3 IP digits are cleared to zeros) -- for protecting the security of the Google Analytics service, and to provide us with a sense of where in the world our traffic comes from
- your demographics and interest related information (age, gender)
- your device identifier
We won't be able to identify an individual as all the analytics data are anonymous. To read more about Google Analytics please look at https://policies.google.com/privacy.
Opting out of Google Analytics and Google Tag Manager
To opt-out from Google analytics globally, you can install the Google addon: https://tools.google.com/dlpage/gaoptout/
To opt-out from our platform, please contact us at email@example.com
Why we use Google Analytics and Google Tag Manager:
These anonymous analytic data help us to understand how our users are engaged to our site and where the traffic is coming from to improve our site based on the demand of our users. We may use this data to improve, maintain, protect and develop our platform.
How we mitigate the risk of sharing unwanted personal information with third parties
- we do not share any of your personal information on our website, and page URLs (including all the private pages)
- we have enabled the anonymizing IP feature in Google Analytics so that IP is not identifiable.
- we do not send any personal identifier information to Google Analytics
- we have disabled any unnecessary features on Google Analytics to limit the data sharing with Google Analytics as much as possible
- Advertising features are disabled on our Google Analytics and Google Tag Manager setup
2. Google Books APIs:
- Your user-agent strings
- Your IP addresses
- The referrer URLs (i.e. Lanternoid's Books URL you are visiting)
- The origin domain (i.e. lanternoid.com)
Note: In order to mitigate the amount of data you share with Google, if you have a Google account, you may modify your setting on Google Ad Setting separately for all the Google Accounts you have.
3. Google Cloud Platform:
The Google Cloud Platform is hosting our servers. We log all the HTTP request headers to our system that contain your user-agent strings, IP addresses, time and date of the request in the Google Cloud Platform. We use it to detect malicious usages, spam activities and maintenance if necessary. We keep them for as long as possible. They are all stored in our secure Google Cloud Platforms. All the read operation to the log files will be logged for security and auditing.
Lanternoid members are "Visitors" who are signed in. Some of the functionality of the site is dedicated to only our signed in members such as writing a review. In this way, we can monitor review contents, detect spams and fake reviews, protect our users.
Note: The Policy Statement in the "Visitors" section above is also valid and included in the "Members" section.
1. Firebase Authentication (a Google Product):
Lanternoid uses Firebase Authentication for our authentication to provide better security to our users' personal data. Firebase Authentication encrypts data in transit using HTTPS and logically isolate customer data. It also encrypts all its data at rest.
Currently, we have 2 methods of authentication.
- using email and a password ("Email-Password").
- using Google Account to sign in. The information shared from Google will be kept private and secure in Firebase Authentication servers at US central.
What Firebase Authentication collects
- Your user-agent strings
- Your IP addresses
- for Email-Password: your email, and password
- for Google Account signups: your email, displayed name, and profile image URL
We use the above information for authentication and sign in process. We may send you an authentication-related email in the following events:
- verification emails (on Email-Password only): when you signup to Lanternoid using Email-Password method
- password reset: when you request to change your password
- email address change: you have requested to change your email
Why Firebase Authentication collects the data
Firebase Authentication uses the above data to authenticate users for processing signing up, signing in, and serving user account management. In order to provide security and prevent abuse during the authentication or signup process, it uses user-agent string and IP addresses.
How long Firebase Authentication keeps the data
Firebase Authentication keeps logged IP addresses for a few weeks. It retains other authentication information until the Lanternoid initiates the erasure of the associated user on behave of the user, violation of our terms of policy, or when required by law, after which data is removed from live and backup systems within 180 days.
What we use the data for
We may email you regarding the updates in the Policy Statement, authentication-related email, security breach, and notifications and updates about the site features. We do not send any notification emails before you give us your consent first. You may withdraw your consent at any time by contacting us without affecting the lawfulness of the above processing at the time of consent before withdrawal.
2. Google Books APIs:
If you want to write a review about a book, we use Google Books APIs to search and fetch the books related to your search. Please read more at "Google Books APIs" in the "Visitor" section.
Trust and security
We value your security the way we would like other sites to take care of our personal data.
At Lanternoid, we take precautions including organizational, physical and technical measures to preserve the security and safety of your personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorised use, or modification, or disclosure of, or access to, the personal data we process or use and against all other unlawful forms of processing.
Personal data location
Our authentication data are all stored in Google Cloud Firebase located at US central. Other personal data (IP addresses, user-agent strings) are located in our Google Cloud Platform at US central regions.
We use the Google Cloud Platform to host our site. The Google Cloud Platform has secure-by-design infrastructure and encryption at rest by default for all the data and transactions. We also restricted our site to only use Secure Socket Layer (SSL) for transmitting data between server and clients.
We log all the access to our Cloud Resources and data for auditing and security so that in the case of unauthorized access, or unwanted changes we can trail and address the issue.
Access to personal data is only allowed to the authorised staff. All staff (including subcontractors) are required to sign a confidentiality agreement with us primarily.
Performance and availability
We are in the beta version at the moment. We use the dynamic environment on our servers that the first request to our site will start the server and this causes a bit of delay at the start.
We monitor our site performance and availability regularly on the Google Cloud Platform.
We use Google Firebase for authentication (See the "Firebase authentication" section above). We have enabled the security setup on the Firebase Authentication which checks the validity of the requests from and to our domain only.
All the authentication personal data are stored at one place in Firebase servers and only an identifier is used to set the rest of the data in the site such as user's reviews. No personal data other than IP addresses and user agents are logged. We do not display any personal information on our website, and page URLs to increase security.
We have set up security headers on HTTP requests to reduce security vulnerabilities on the client side (e.g. browsers). If you find any security vulnerability please do not hesitate to contact us.
Transparency & privacy
We keep you updated at all time about all the changes to our site operations, processing and collection of data to protect data privacy and security.
Please contact us if you have any questions about the security of our site or if you find any security vulnerability. You can find our contact information at the "Contact us" section.
Personal data breach notification
In case your data has been compromised, we will email you within 72 hours with the information about the extent of the breach, affected data, date, any impact on the service, Lanternoid's actions and plans to secure the data and limit any harm or damage to the affected users.
Communication and cooperation
Lanternoid will cooperate at all times and do our best to communicate and assist you with your needs, concerns, questions, requests, and rights. We ensure compliance with applicable data protection laws including but not limited to the right of access, rectification, erasure, to be forgotten, restriction of processing, blocking, objection.
EU General Data Protection Regulation (GDPR)
- We may also process personal data in the role of a processor. In our site, we treat everyone's personal data from any part of the world with respect to GDPR laws.
- We keep a user's personal data as long as the user is active (not banned from the service) until one the following happens:
- a user asks to delete their personal data,
- if it is required by law,
- due to misuse of terms of service, Lanternoid can decide to remove their data for the security and integrity of the site.
- Any unnecessary and unused data including (personal data) will be erased imminently from our systems.
Children’s Online Privacy Protection Act Compliance
Lanternoid, our site and services are only directed at individuals who are at least 13 years old or above. We do not intentionally collect any information from anyone under the age of 13. If you are a parent or a guardian and believe that your child has provided us with personal data, please do not hesitate to contact us and we will remove such personal data from our systems. You can find our contact information at the "Contact us" section.
Disclosure of the personal identifier information
Lanternoid does not sell, trade or transfer your personally identifiable information to any outside parties. This does not include the subcontractors or the trusted third parties we mentioned in the "What personal data we collect using third parties, and why" section. The trusted parties have signed a confidential agreement to keep the personal data confidential at all times.
In case we believe disclosure of your information is necessary to comply with and required by law, safety and vital interests of a person, protect our or other's rights or property, we may share personal identifier information. Depends on the circumstances, we attempt to disclose only the mandatory information. We will notify you about such disclosure with the copy of the information unless we are prohibited by law to do so.
Third party links
You might find third party links on all the pages of our website, whether it was added by our users or by us. These website links have their independent privacy and policy that you may refer to. While we do our best to monitor these third party links to protect our site integrity and security, we do not have any responsibility or liability for the activities or contents that these links may offer. Please do not hesitate to send us any feedback regarding these links and help us to improve Lanternoid's content and integrity.
The links to Amazon purchases are affiliation links. As an Amazon Associate, I earn from qualifying purchases.
Your legal rights
You may exercise any of your rights related to your personal data. These may include but not limited to the following rights:
Right to access -- access to your personal data:
If you want to access your personal data held by us, please contact us with the email you have used to sign in to our systems. Please keep in mind that this request might take time (about a month or more) with respect to the load of requests we might have at the time. We will communicate the status of such an inquiry with you. You can find our contact information at the "Contact us" section.
Right of rectification -- modify your personal data:
We do not display any of your personal data through our website.
- If you have signed up using Email-Password, for changing your password, sign out first if you are signed in, go to the Lanternoid's signin page and click 'Sign in with email', enter your email, and on the password page click on 'Trouble signing in?'. Then click 'Send' on the password recovery page to receive a password reset link in your email.
- If you have signed up using Google account, you may change your data in Google profile and the changes should be updated on our Firebase system, as well.
- If you wish to change, correct, or complete any of the personal data you have with us, please contact us using the information at the "Contact us" section.
Right of restriction of processing personal data -- manage and control the processing of your personal data:
Lanternoid does not process any of your data without your prior consent. (e.g. using settings on our site, emails). You may contact us to know whether we process your personal data or not.
You may withdraw your consent at any time by contacting us without affecting the lawfulness of the processing at the time of consent before withdrawal.
You may request to restrict the processing of your personal data at any time. In the case of the restriction on processing personal data, we may continue to store your personal data. You can find our contact information at the "Contact us" section.
Right of erasure, the right of to be forgotten -- delete your account and personal data:
You may contact Lanternoid to request the erasure of your personal data, and we shall take the necessary actions to apply the erasure of your personal data without undue delay.
Please email us with the email(s) you have initially signed up into Lanternoid, and give us the authority to delete your account(s) which includes your personal data related to that account. Please keep in mind that this action is irreversible. The removal action may take up to a couple of days to be confirmed and processed. After that, we inform the third parties and take necessary actions to initiate your data removal request with them. While we do everything we can to remove your personal data from third parties, please be aware that the third party removal is not under our control. Each of the third parties has their own time to process the removal of your data after our request. Firebase Authentication takes up to 180 days to remove the data.
- You may sign back up to Lanternoid with the same email after deletion.
- Any unnecessary and unused data including (personal data) will be erased imminently from our systems.
Right to object:
You may object at any time to our processing of your personal data for direct marketing purposes or the data we share with our third parties and they use it for their direct marketing purposes. For this objection, you don't need to provide any specific reason. In that case, Lanternoid will cease to process your personal data for such a matter.
Right to complain to a supervisory authority:
We are committed to doing our best to assist you regarding your concerns, and complaints about privacy. You may lodge a complaint with supervisory authority at any time regarding Lanternoid's personal data collection and processing.
Terms of service
Please read our Terms of Service at https://lanternoid.com/terms-of-service.
By using our site, you consent to this Privacy Statement.
Changes to this Privacy Statement
In case we update this Privacy Statement, we will update the 'Last Updated' date at the start of this Privacy Statement. We may update you by showing a banner on the site, or sending you an email if the update might affect you or your data.