How we handle personal information.

1. Who is responsible for your information

North Lantern Group Inc. is responsible for personal information collected through this website. Our Privacy Office is accountable for compliance with this policy and for responding to privacy questions, requests, and complaints.

2. Scope of this policy

This policy applies to personal information we collect through northlanterngroup.com, including general website visits, contact forms, consultation requests, web-to-lead forms, newsletter or update signups, gated resources, downloads, lead magnets, event or webinar registrations, surveys, future intake forms, embedded third-party tools where enabled, and email correspondence initiated from the website.

This policy does not cover information handled under a signed client engagement agreement. Client engagement data is governed by the applicable agreement and any supporting data-processing terms.

3. What personal information we collect

We collect the personal information needed to operate the website, respond to inquiries, deliver requested resources, protect forms from abuse, and manage our business-development process.

Information you choose to provide:

• Contact details, such as name, work email, phone number, and organization
• Organization details, role, business context, preferences, service interest, or message content
• Information submitted through contact forms, consultation requests, web-to-lead forms, newsletters or update signups, gated resources, downloads, lead magnets, event registrations, surveys, and future intake forms
• Consent, communication preference, and unsubscribe information where a feature collects it

Technical and operational information:

• IP address, browser and device signals, request metadata, and standard hosting logs used for availability, security, and abuse prevention
• reCAPTCHA v3 risk signals where forms use Google reCAPTCHA to distinguish humans from bots
• Source page and referrer context, with arbitrary query strings removed before it is stored with lead records
• Where enabled, aggregate analytics signals such as page path, approximate geography, device and browser information, traffic source, page engagement, call-to-action clicks, successful submissions, downloads, and resource requests

4. Forms, resources, and business-development flows

When you submit information through an NLG website form or business-development flow, including contact forms, consultation requests, newsletter or update signups, gated resources, downloads, lead magnets, event registrations, web-to-lead forms, surveys, or future intake forms, we collect the information you choose to provide. Depending on the feature, this may include contact details, organization details, role or business context, preferences, message content, and technical/security information needed to process the submission.

We use this information to respond, qualify the inquiry, deliver the requested resource, manage follow-up, maintain records, protect the website, improve our services, and operate our business-development process.

5. Website analytics, cookies, and similar technologies

NLG may use privacy-limited website analytics, cookies, and similar technologies to understand aggregate website performance, traffic sources, page engagement, inquiry conversion, and the effectiveness of website content and business-development flows.

Release one is limited to Google Analytics 4 Standard with no Google Ads, Google Signals, remarketing, session recording, heatmaps, or behavioural advertising. We will not enable non-essential analytics, marketing, advertising, session-recording, or lead-tracking technologies unless the privacy notice, consent approach, vendor settings, and implementation controls are aligned.

Where enabled, cookies and similar technologies may be used to operate the website, protect forms from spam or abuse, remember limited preferences, measure aggregate website activity, and understand whether website content is useful to visitors. We do not use cookies for Google Ads, remarketing, behavioural advertising, session recording, or heatmaps in release one. Visitors can control cookies through their browser settings, though blocking some technologies may affect site functionality.

We may measure aggregate interactions with website forms and business-development flows, such as page engagement, call-to-action clicks, form starts, successful submissions, downloads, and resource requests. We do not intentionally send form field contents, names, email addresses, phone numbers, company names, message text, lead IDs, CAPTCHA tokens, or raw URLs containing query strings to analytics tools.

6. Why we collect and use information

• To respond to inquiries and schedule conversations
• To qualify requests, route work, deliver resources, and manage follow-up
• To send newsletters, updates, event information, or resource follow-up if you choose to receive them or where otherwise permitted by law
• To prevent spam, fraud, and abuse of our website and email channels
• To maintain records of inquiries, communications, consents, and business-development activity
• To understand aggregate website reach, traffic sources, page engagement, resource demand, and high-intent actions without trying to identify individual visitors
• To meet legal, accounting, security, and operational obligations

We do not sell personal information. We do not use information submitted through this website to train machine learning models.

7. Consent, choices, and withdrawal

By submitting information through a website form or business-development flow, you consent to NLG collecting and using the information for the purposes described at collection and in this policy. You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice, by emailing privacy@northlanterngroup.com. Withdrawing consent may affect our ability to respond, provide a requested resource, or continue a related business-development conversation.

You can block or delete cookies through your browser settings and may use browser privacy controls or extensions. If we add a dedicated consent preference tool in the future, we will update this policy and the website experience accordingly.

8. Marketing communications and CASL

If we offer newsletters, updates, gated resources, event registrations, or similar communications, we will use the contact information provided for the purpose described at collection. We will send commercial electronic messages only with consent or where otherwise permitted by law, identify NLG as the sender, and provide a practical unsubscribe method where required.

We do not bundle marketing consent into a required service request. Where marketing consent is requested, it is handled as a separate choice.

9. Service providers and tools we use or may use

We use a focused set of service providers to operate the website, handle inquiries, protect forms, validate submissions, schedule conversations, send email, manage records, and measure aggregate website performance. Depending on the feature, these providers may include hosting, security, spam prevention, validation, CRM or workflow systems, email delivery, calendar scheduling, analytics, and Google Workspace tools.

• Vercel Inc. hosts this website and generates server logs used for availability, security, and abuse prevention.
• Resend delivers website form submissions to NLG-controlled mailboxes where enabled.
• ZeroBounce validates email deliverability for form submissions where enabled.
• Google reCAPTCHA v3 scores form submissions for bot-like behaviour where enabled. Google may process request IP and browser signals. Use is governed by Google's privacy policy and terms of service.
• Google Workspace stores corporate email, restricted internal records, and website lead backups where enabled.
• Google Analytics may measure aggregate website visits and interaction events using first-party analytics identifiers where enabled. We use it for website performance and search/traffic reporting, not advertising, remarketing, or visitor identification. Use is governed by Google's privacy policy.

If we add a new provider that materially changes website data handling, we will update this policy before launch or as soon as practical for emergency security changes.

10. Where information is processed

Our service providers may store and process personal information on servers located in Canada, the United States, or other countries where they or their subprocessors operate. When information is processed outside Canada, it may be subject to the laws of those countries, including lawful access requests by foreign authorities. We select providers that commit to security and privacy standards consistent with Canadian expectations and engage them under contractual safeguards where appropriate.

11. Retention

We retain personal information only as long as needed for the purposes it was collected, or as required by law.

• Website inquiries and lead-flow submissions that do not lead to an engagement are generally retained for up to 24 months and then deleted or anonymized, unless a shorter retention period is set for a specific feature.
• Inquiries that become client engagements move into the client file and are governed by the engagement agreement and our standard business record retention practices.
• Consent, unsubscribe, and suppression records may be retained as long as needed to prove and honour communication choices.
• Spam, abuse, and security signals may be retained longer when needed to protect the website and NLG systems.
• Where Google Analytics is enabled, event-level analytics data is configured to be retained for up to 14 months where that setting is available. Aggregate standard reports may remain available after event-level retention expires.

12. Safeguards

We apply safeguards appropriate to the sensitivity of the information, including HTTPS transport encryption, access controls on internal mailboxes and lead records, least-privilege administrator access, multi-factor authentication on supporting accounts, signed server-to-server backup requests where used, and contracted obligations with service providers. No system is perfectly secure, and we do not promise absolute security.

13. Your rights

Subject to applicable law, you may ask us to:

• Confirm whether we hold personal information about you
• Provide access to that information
• Correct information that is inaccurate or incomplete
• Delete information we no longer need to retain
• Withdraw consent or unsubscribe from applicable future communications
• Receive an explanation of our privacy practices

Send requests to privacy@northlanterngroup.com. We will acknowledge the request within five business days where practical and respond substantively within thirty days unless more time is reasonably required. We may need to verify your identity before acting on a request.

14. Complaints

If you believe we have handled your personal information improperly, please contact the NLG Privacy Office first so we can try to resolve the issue directly. You may also have the right to contact the Office of the Privacy Commissioner of Canada at priv.gc.ca or your provincial privacy regulator.

15. Changes to this policy

We update this page when website data handling materially changes, including new categories of forms, lead flows, service providers, analytics, tracking, cookies, or marketing communications. The date at the top of this page reflects the most recent update. Material changes will be highlighted where practical.

16. Contact us

Privacy questions and requests: privacy@northlanterngroup.com
General inquiries: hello@northlanterngroup.com