Privacy Policy

1. Introduction

This Privacy Policy is intended to explain how Lantway ("we," "us," or "our") collects, uses, and protects the information you provide when using our website and services. This policy is effective as of December 23, 2025.

2. Information We Collect

A. Information You Provide to Us

• Account Information: When you register, we collect your email address and a hashed password. If you choose to sign up via Google, Facebook, or Outlook integration, we only request and retain your email address for account identification.
• Trip Information: To provide an entry assessment, we collect the nationality, purpose of visit, and length of stay you select in the form. This information is used only to generate your assessment result in real-time. We will never store your specific trip information on our servers linked to your identity. To continuously improve our service, we retain a fully anonymized copy of trip data for aggregate statistical analysis.
• Contact Information: When you contact us via email or our contact form, we collect your name and email address in order to respond to your inquiry and provide you with support.
• Payment Information: We process your payments through the third-party platform Paddle. We do not collect or store your sensitive payment details, such as credit card numbers or bank account information but do receive payment confirmation information related to your service plan status.

B. Information We Collect Automatically

• Service Usage & Quota Information: When you use our Premium features, our systems automatically track your usage to administer your service plan. This includes recording the number of assessments you generate and the timestamps of these requests to manage your premium usage limits and quota. Note that while we track when and how many times you use these premium features, we do not link the specific content of your queries to your user account.
• Authentication & Session Information: After you log in, we store an anonymous unique user identifier in a secure cookie in your browser. This is used to maintain your login state during your visit and avoid repeated logins.
• Device & Technical Log Information: To maintain the normal operation and security of our Service, our hosting platform, Vercel, may automatically collect some basic technical information, such as your IP address, browser type, and access times. For detailed information on how they process this data, please refer to their official privacy policy at https://vercel.com/legal/privacy-policy.

3. How We Use Your Information

• To Provide Core Services: We use your trip information to generate your entry assessment result. We use your account information to verify your identity, grant you access to paid content, and track your premium feature usage to administer your service plan limits.
• To Process Transactions: We use your payment confirmation information to manage your service plan status.
• For Communication and Support: We use your contact information to respond to your questions and requests.
• For Service Improvement: We use the anonymized copy of trip data described in Section 2 for aggregate statistical analysis to understand usage trends and improve our services. We guarantee that this statistical data cannot be traced back to any individual.

4. How We Share and Disclose Information

We respect your privacy and will never sell your personal information. We only share information with third parties in the following limited circumstances:

• Service Providers: We rely on the following third-party services to operate Lantway. They are only authorized to access the information necessary to provide services to us and are contractually obligated to protect your information.
  • Vercel: Our website hosting platform.
  • Supabase: Our database and authentication service provider. Your account information is securely stored on Supabase's infrastructure. Additionally, the anonymized trip data we use for statistical analysis is stored here. We reiterate that no trip details that could be linked to your personal identity are ever stored.
  • Paddle: Our payment and service plan management partner. We share necessary information with Paddle to process your transactions.
• Legal Requirements: We may disclose your information if required by law, court order, or governmental request.
• Business Transfers: If the company is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.

5. Data Security

We implement industry-standard security measures to protect your information, including the use of HTTPS (SSL) to encrypt all data transmissions and secure hashing for user passwords. We rely on platforms with robust security infrastructures, such as Vercel, Supabase, and Paddle, to ensure the safety of your data.

6. Data Retention

We retain your personal information only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The specific retention periods are as follows:

• Account & Usage Information: We will retain your account information and associated premium feature usage records for as long as your account remains active. Upon your request for account deletion, we will delete or anonymize your information as described in Section 8.
• Contact Information: We may retain records of our communications with you, such as support inquiries, for up to one year to provide consistent support.
• Transaction Information: To comply with our legal, tax, and accounting obligations, payment confirmation information related to your transactions may be retained for up to 7-10 years.

7. International Data Transfers

To provide our service, your personal information may be processed in countries outside of your country of residence, including the United States, where our key service providers are based. We ensure such transfers are conducted lawfully. We do this by entering into Data Processing Addendums with our service providers that incorporate the European Commission's Standard Contractual Clauses (SCCs), and by relying on our U.S. providers' certification under the Data Privacy Framework (DPF), which provides adequate protection for your data.

8. Your Rights

Depending on your region, you have specific rights regarding your personal information. These rights typically include:

• Right to Access: You have the right to access the information we hold about you.
• Right to Rectification: You have the right to ask us to correct any inaccurate information.
• Right to Erasure: You have the right to request the closure of your account and the deletion of your personally identifiable information.

To exercise these rights, please contact us at hello@lantway.com. Upon receiving and verifying a request for account deletion, your account will be deactivated, and your personally identifiable information (such as your email) will be permanently deleted or anonymized. Please note that we may be required to retain certain information, such as non-sensitive transaction records (e.g., payment confirmations from Paddle), to comply with our legal, tax, and accounting obligations.

9. Information for Users in Certain Regions

We recognize that users in different regions have specific privacy rights. This section outlines these rights.

A. For Users in the European Economic Area (EEA) and the United Kingdom (UK)

If you are a resident of the EEA or UK, you should know the legal basis for processing your personal information. As the "Data Controller" of your personal information, Lantway's legal bases for processing are as follows:

• Performance of a Contract: When you create an account and use our core services, we process your account and authentication information to fulfill our service agreement with you.
• Legitimate Interests: We process your anonymized trip data to improve our services and your contact information to respond to your inquiries based on our legitimate interests. We believe these activities do not override your fundamental rights and freedoms.
• Legal Obligation: In some cases, we may need to process your information to comply with a legal obligation.

You also have specific rights granted by the GDPR, including the right to object to our processing of your data based on legitimate interests and the right to lodge a complaint with your national data protection authority.

B. For Users in California

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA).

• Categories of Information: In Section 2, "Information We Collect," we have detailed the categories of personal information we have collected over the past 12 months.
• "Do Not Sell" Promise: We hereby state that we do not "sell" your personal information, as defined by the CCPA.
• Your Rights: You have the "Right to Know" and the "Right to Delete," which are detailed in Section 8, "Your Rights."

10. Children's Privacy

Our service is not directed to children under the age of 18. We do not knowingly collect personally identifiable information from children under 18. If we become aware that we have inadvertently collected such information, we will take immediate steps to delete it from our records.

11. Changes to This Privacy Policy

When we make significant changes to this Privacy Policy, we will post a notice in a prominent location on our website and may notify you via the email address associated with your account. For minor adjustments, we will only update the 'Last Updated' date at the top of this page.

12. Contact Us

If you have any questions, comments, or wish to exercise your privacy rights, please do not hesitate to contact us at hello@lantway.com.