Privacy Policy

Lanthor Advisory AB (559574-8202) is a boutique real assets and private markets advisory firm registered in Sweden. We operate the Lanthor platform at platform.lanthoradvisory.com and the public website at lanthoradvisory.com.

For the purposes of GDPR, Lanthor Advisory AB is the data controller for all personal data collected through our platform and website.

Contact: info@lanthoradvisory.com

We collect the following categories of data:

Account data: Name, work email address, job title, and organisation name, collected when you receive and accept a platform invitation.

Diagnostic inputs: Responses to the Governance Diagnostic questionnaire, including fund structure, governance arrangements, and liquidity management information. This data is associated with your account and organisation.

Usage data: Information about how you interact with the platform, including pages visited, tools accessed, and session timestamps. This is collected automatically.

Communication data: Any information you provide when contacting us via the website contact form or by email.

We process your data for the following purposes:

To deliver the platform: Providing access to the governance diagnostic, scoring, recommendations, and other tools you have been granted access to. Legal basis: Performance of contract.

To improve the framework: Aggregated and anonymised diagnostic data may be used to refine the Lanthor Governance Intelligence Framework and develop market intelligence. Individual fund data is never used in identifiable form. Legal basis: Legitimate interests.

To communicate with you: Responding to enquiries, sending platform updates, and communicating about your account. Legal basis: Legitimate interests or consent where required.

To comply with legal obligations: Retaining records as required under applicable Swedish and EU law. Legal basis: Legal obligation.

We understand that diagnostic inputs may include commercially sensitive fund governance information. We make the following specific commitments:

Your fund-level inputs are never disclosed to third parties, including other platform users, investors, regulators, or any other parties, without your explicit written consent.

Individual fund responses are never used in external benchmarking outputs in identifiable form.

Aggregated insights derived from multiple funds are anonymised such that no individual fund or manager can be identified.

Diagnostic outputs are for your internal use only. Lanthor does not share, publish, or report on individual fund results without explicit consent.

This platform is not connected to any regulatory reporting system. Inputs are not shared with the FCA, BaFin, Finansinspektionen, or any other national competent authority.

All platform data is stored and processed within the European Union using EU-based infrastructure (Stockholm region, Sweden). No fund-level data leaves the European Union. EU infrastructure is used for all storage, database operations, and authentication.

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted data transmission (TLS), access controls, multi-factor authentication requirements for platform users, and role-based data access restrictions.

We retain account data for as long as your account is active and for a reasonable period thereafter. Diagnostic data is retained for the duration of your platform subscription. You may request deletion at any time.

The platform uses AI-assisted analysis to generate insights and recommendations. AI processing is performed using secure external models operating under appropriate data processing agreements.

No fund-level data is stored by external AI providers. AI-generated outputs are derived from your inputs and are presented within the platform only.

As a data subject under GDPR, you have the following rights:

Right of access: Request a copy of the personal data we hold about you.

Right to rectification: Request correction of inaccurate personal data.

Right to erasure: Request deletion of your personal data, subject to legal retention obligations.

Right to restriction: Request that we restrict processing of your data in certain circumstances.

Right to data portability: Receive your personal data in a structured, machine-readable format.

Right to object: Object to processing based on legitimate interests.

To exercise any of these rights, contact us at info@lanthoradvisory.com. We will respond within 30 days.

The Lanthor platform uses strictly necessary cookies to maintain your authenticated session. We do not use advertising cookies, third-party tracking cookies, or behavioural analytics tools.

We use privacy-respecting analytics to understand aggregate platform usage. No personal identifiers are included in analytics data.

We work with the following categories of data processors, each subject to appropriate data processing agreements:

Cloud infrastructure: Supabase (database and authentication, EU North region) Email delivery: Resend (transactional email only) Hosting: Vercel (application hosting)

We do not sell personal data to any third party.

For any privacy-related questions or to exercise your rights, contact:

Lanthor Advisory AB info@lanthoradvisory.com

If you are not satisfied with our response, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se, or with the supervisory authority in your country of residence within the EU.