Skip to content

Breeze RMM — Privacy Policy

Effective Date: April 8, 2026
Last Updated: April 8, 2026

1. Who We Are

Breeze RMM is operated by Lantern Ops, LLC, a Colorado limited liability company.

For the purposes of the EU General Data Protection Regulation (GDPR), Lantern Ops, LLC is the data controller for the personal data described in Sections 3.1 and 3.2 of this policy (website visitor data and customer account data). For Customer Data collected through the Agent Software and Platform on behalf of our customers, Lantern Ops, LLC acts as a data processor. See Section 13 for details.

2. Scope of This Policy

This Privacy Policy explains how we collect, use, share, and protect personal information in connection with:

  • Our website at breezermm.com, including all subdomains and related marketing pages;
  • Customer accounts created to access the Breeze RMM platform; and
  • Service Data we generate through the operation of the platform (operational telemetry, performance metrics, and usage analytics).

This policy does not govern Customer Data collected by the Agent Software from Managed Devices on behalf of our customers. That processing is governed by our Data Processing Addendum and the customer’s own privacy policies. We address this distinction in Section 13.

3. Information We Collect

3.1 Website Visitor Data

When you visit breezermm.com, we may collect:

  • Log data: IP address, browser type and version, operating system, referring URL, pages visited, date and time of visit, and time spent on pages.
  • Cookie and tracking data: Information collected through cookies, pixels, and similar technologies as described in Section 11.
  • Contact form submissions: Name, email address, company name, phone number, and the content of any message you submit through a contact or demo request form.
  • Newsletter subscriptions: Email address and any preferences you provide when subscribing to our communications.

3.2 Customer Account Data

When you create a Breeze RMM account or enter into a subscription, we collect:

  • Account information: Name, email address, company or organization name, job title, and phone number.
  • Billing information: Payment method details, billing address, and transaction history. Payment processing is handled by third-party payment processors; we do not store full credit card numbers on our systems.
  • Authentication data: Hashed passwords, multi-factor authentication (MFA) configuration, and session tokens.
  • Preferences and settings: Platform configuration choices, notification preferences, and user interface settings.
  • Support interactions: Communications with our support team, including support tickets, chat logs, and related attachments.

3.3 Service Data

We automatically collect operational data about how the platform performs and how it is used:

  • Usage analytics: Feature usage patterns, session duration, and navigation paths within the platform (aggregated and not linked to Managed Device data).
  • Performance telemetry: API response times, error rates, queue depths, and infrastructure health metrics.
  • Security telemetry: Authentication events, rate-limiting triggers, and anomalous access patterns.

Service Data does not include Customer Data collected from Managed Devices. We may use anonymized and aggregated Service Data for product improvement and industry benchmarking, provided such data cannot be used to identify any individual customer, end user, or managed device.

4. How We Use Your Information

4.1 Providing and Operating the Platform

  • Creating and managing your account
  • Authenticating users and maintaining session security
  • Processing payments and managing billing
  • Delivering customer support
  • Sending transactional communications (account confirmations, security alerts, billing notices, and service updates)

4.2 Improving Our Services

  • Analyzing usage patterns to improve platform features and user experience
  • Monitoring platform performance and reliability
  • Identifying and resolving technical issues
  • Developing new features and services

4.3 Security and Fraud Prevention

  • Detecting and preventing unauthorized access, abuse, and fraud
  • Enforcing our Terms of Service and Acceptable Use Policy
  • Monitoring for anomalous usage patterns consistent with CISA guidance for remote access software
  • Rate-limiting authentication attempts and API calls to prevent brute-force attacks

4.4 Communications and Marketing

  • Sending marketing communications about our products and services (with your consent where required by law)
  • Responding to inquiries submitted through our website
  • Delivering newsletters you have subscribed to

You can opt out of marketing communications at any time by using the unsubscribe link in any marketing email or by contacting us at legal@lanternops.io.

4.5 Legal and Compliance

  • Complying with applicable laws, regulations, and legal processes
  • Responding to lawful requests from public authorities
  • Establishing, exercising, or defending legal claims
  • Enforcing our contractual rights

For individuals in the European Economic Area (EEA), the United Kingdom, and Switzerland, we rely on the following legal bases under GDPR Article 6:

PurposeLegal Basis
Providing the platform and managing your accountPerformance of a contract (Art. 6(1)(b))
Processing paymentsPerformance of a contract (Art. 6(1)(b))
Sending transactional communicationsPerformance of a contract (Art. 6(1)(b))
Platform security and fraud preventionLegitimate interest (Art. 6(1)(f))
Usage analytics and product improvementLegitimate interest (Art. 6(1)(f))
Marketing communicationsConsent (Art. 6(1)(a)), or legitimate interest where permitted
Legal complianceLegal obligation (Art. 6(1)(c)) or legitimate interest (Art. 6(1)(f))

Where we rely on legitimate interest, we have conducted balancing tests to ensure that our interests do not override your fundamental rights and freedoms. You may request details of these assessments by contacting our Data Protection Officer at dpo@lanternops.io.

6. Who We Share Information With

We do not sell, share, or disclose your personal information to third parties for advertising, marketing, or any commercial purpose unrelated to providing the Breeze RMM platform.

6.1 Sub-Processors and Service Providers

We engage a limited number of third-party service providers to help us operate the platform and our business. These providers process personal data only on our instructions and are contractually bound to protect your data. Our current sub-processors are listed at breezermm.com/legal/sub-processors and currently include:

  • DigitalOcean, LLC (US/Global) — cloud infrastructure
  • Cloudflare, Inc. (US/Global) — CDN, DDoS protection, DNS, and WAF
  • Anthropic, PBC (US) — AI model provider for platform AI features
  • GitHub, Inc. (US) — CI/CD and deployment infrastructure
  • Stripe, Inc. (US) — payment processing and subscription billing

We notify customers at least thirty (30) days before engaging a new sub-processor.

6.2 Payment Processors

We use third-party payment processors to handle billing and payment transactions. These processors receive only the payment and billing information necessary to process your transactions and are PCI-DSS compliant.

6.3 Professional Advisors

We may share information with our attorneys, accountants, auditors, and insurers where necessary for professional advice, compliance audits, or insurance purposes.

6.4 Legal Requirements and Safety

We may disclose personal information if required to do so by law, regulation, or court order, or where we believe in good faith that disclosure is necessary to:

  • Comply with a legal obligation
  • Protect the rights, property, or safety of Lantern Ops, LLC, our customers, or others
  • Detect, prevent, or address fraud, security issues, or technical problems
  • Respond to a lawful request from a public authority, including law enforcement

6.5 Business Transfers

In the event of a merger, acquisition, or sale of substantially all of our assets, personal information may be transferred to the successor entity, provided the successor assumes all obligations under this policy and our agreements.

7. International Data Transfers

Lantern Ops, LLC is based in the United States. If you are located outside the United States, your personal data may be transferred to, stored, and processed in the United States and other countries where we or our sub-processors maintain facilities.

7.1 Transfer Mechanisms

For transfers of personal data from the EEA, United Kingdom, or Switzerland to countries that have not received an adequacy decision, we rely on the Standard Contractual Clauses (SCCs) adopted by the European Commission (Implementing Decision (EU) 2021/914). For transfers from the UK, the International Data Transfer Addendum to the EU SCCs (issued by the UK ICO) applies. For transfers from Switzerland, the SCCs apply as modified by the Swiss Federal Data Protection and Information Commissioner.

7.2 Transfer Impact Assessment

We have conducted a transfer impact assessment evaluating the laws and practices of the United States and have implemented supplementary measures to ensure an adequate level of protection for personal data transferred internationally.

7.3 Alternative Mechanisms

If the applicable transfer mechanism is invalidated by a court or regulatory authority, we will promptly notify affected individuals and implement an alternative lawful transfer mechanism.

7.4 EU Data Residency (EU Region Tenant)

Breeze operates two independent regional tenants of the Platform:

  • US Region (us.2breeze.app) — primary Customer Data is stored in DigitalOcean datacenters in the United States.
  • EU Region (eu.2breeze.app) — primary Customer Data is stored in DigitalOcean’s Frankfurt, Germany datacenter (FRA1).

Customers may select the EU Region at account creation. For EU Region customers, all databases, caching layers, object storage, and application servers handling Customer Data are hosted in DigitalOcean’s Frankfurt (FRA1) datacenter. The two tenants are fully isolated at the infrastructure and data layers, and Customer Data is not replicated between them.

Some sub-processors continue to process limited categories of data outside the EU even for EU Region customers — specifically Anthropic (AI features, US), Stripe (payments, US), and Cloudflare (global edge network). These residual cross-border flows remain covered by the transfer mechanisms described above.

For more detail on international transfer mechanisms and regional hosting as they relate to Customer Data, see our Data Processing Addendum.

8. Data Retention

8.1 Website Visitor Data

  • Log data: Retained for up to 12 months, then deleted or anonymized.
  • Contact form submissions: Retained for as long as necessary to respond to your inquiry, and then for up to 24 months for follow-up and recordkeeping, unless you request earlier deletion.
  • Newsletter subscriptions: Retained until you unsubscribe.

8.2 Customer Account Data

  • Account information: Retained for the duration of your subscription and for 30 days following termination to allow for data retrieval, after which it is deleted from active systems within 30 days. Data may persist in encrypted backups for up to 90 days following deletion from active systems.
  • Billing and transaction records: Retained for the period required by applicable tax and financial reporting laws (generally 7 years).
  • Support interactions: Retained for the duration of your subscription and for 12 months following termination.

8.3 Service Data

Service Data is retained for up to 12 months. Anonymized, aggregated data derived from Service Data may be retained indefinitely.

8.4 Customer Data Retention

Retention of Customer Data collected from Managed Devices is governed by the Data Retention Schedule in Exhibit A of our Terms of Service. Many retention periods are customer-configurable. Following termination, Customer Data is handled in accordance with the data retrieval and deletion procedures described in our Terms of Service and Data Processing Addendum.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. We are committed to honoring these rights regardless of where you are located, to the extent reasonably practicable.

9.1 Rights Under the GDPR (EEA, UK, Switzerland)

If you are located in the EEA, United Kingdom, or Switzerland, you have the following rights:

  • Right of access (Art. 15) — Request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16) — Request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17) — Request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to restriction of processing (Art. 18) — Request that we restrict the processing of your personal data in certain circumstances.
  • Right to data portability (Art. 20) — Request your personal data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21) — Object to processing based on legitimate interest, including direct marketing.
  • Right to withdraw consent (Art. 7(3)) — Where processing is based on consent, withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right not to be subject to automated decision-making (Art. 22) — We do not engage in solely automated decision-making with respect to the personal data described in this policy.

To exercise any of these rights, contact our Data Protection Officer at dpo@lanternops.io. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection supervisory authority.

9.2 Rights Under the CCPA/CPRA (California)

If you are a California resident, you have the following rights:

  • Right to know — Request disclosure of the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom we share it.
  • Right to delete — Request deletion of your personal information, subject to certain exceptions.
  • Right to correct — Request correction of inaccurate personal information.
  • Right to opt-out of sale or sharing — We do not sell or share your personal information as defined by the CCPA/CPRA. No opt-out is necessary.
  • Right to non-discrimination — We will not discriminate against you for exercising your CCPA rights.

To exercise your CCPA rights, contact us at legal@lanternops.io or dpo@lanternops.io.

9.3 Rights Under the Colorado Privacy Act (CPA)

If you are a Colorado resident, you have the right to access, correct, delete, and port your personal data, and to opt out of targeted advertising, sale, or profiling with legal effects. We do not engage in any of these activities.

To exercise your CPA rights, contact us at legal@lanternops.io. If we decline your request, you may appeal by contacting us with the subject line “CPA Appeal.”

9.4 Verification

For all privacy rights requests, we may need to verify your identity before processing your request. We will not fulfill a request if we cannot verify your identity.

10. Children’s Privacy

Breeze RMM is a business-to-business platform designed for managed service providers, internal IT teams, and IT professionals. Our services are not directed at individuals under the age of 16, and we do not knowingly collect personal information from children under 16.

If you believe that we have inadvertently collected personal information from a child under 16, please contact us immediately at dpo@lanternops.io.

11. Cookies and Tracking Technologies

11.1 What We Use

TypePurposeDuration
Strictly necessary cookiesSession management, authentication, security (CSRF protection)Session or up to 24 hours
Functional cookiesRemembering your preferences and settingsUp to 12 months
Analytics cookiesUnderstanding how visitors use our websiteUp to 12 months

11.2 Third-Party Cookies

We may use third-party analytics services to help us understand website traffic and usage patterns. These services may set their own cookies on your device. We configure analytics tools to anonymize IP addresses where possible.

11.3 Your Cookie Choices

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified when a cookie is set. Disabling strictly necessary cookies may impair your ability to use certain features.

For visitors from the EEA, UK, or Switzerland, we obtain your consent before placing non-essential cookies on your device.

11.4 Do Not Track

Our website currently does not respond to “Do Not Track” browser signals. However, you can control tracking through cookie settings and the opt-out mechanisms described above.

12. Security

We implement and maintain technical and organizational security measures designed to protect your personal information, including:

  • Encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256)
  • Multi-factor authentication and role-based access controls
  • Ongoing security assessments; SOC 2 Type II certification and annual third-party penetration testing are on our roadmap as the Platform matures
  • Incident response procedures with defined notification timelines
  • Background checks and security training for personnel with access to personal data
  • Least-privilege access policies with regular reviews

For a detailed description of our security commitments, see Section 11 of our Terms of Service. For the technical and organizational measures applicable to Customer Data processing, see Annex II of our Data Processing Addendum.

While we take reasonable measures to protect your information, no method of transmission over the internet or method of electronic storage is completely secure.

13. Customer Data Processed on Behalf of Customers

13.1 Our Role as Data Processor

Breeze RMM collects data from Managed Devices through the Agent Software on behalf of our customers. With respect to this data:

  • Our customers are the data controllers (or “businesses” under the CCPA). They determine what data is collected, the purposes of processing, and the legal basis for collection.
  • Breeze is the data processor (or “service provider” under the CCPA). We process this data solely on our customers’ behalf, in accordance with their documented instructions and our contractual obligations.

13.2 What This Means for End Users

If you are an end user whose device is managed through Breeze RMM by a managed service provider, internal IT team, or IT consultant, the privacy policy and practices of that party govern the collection and use of your data. Questions about what data is collected should be directed to the organization that deployed the Agent Software on your device.

13.3 Governing Agreements

The processing of Customer Data is governed by:

13.4 AI Feature Data

Breeze RMM includes AI-powered features that use Anthropic (Claude) as a third-party AI model provider. When customers use AI features, prompts, device metadata, and diagnostic data may be processed by Anthropic in the United States. This data is processed in accordance with our Data Processing Addendum and is not used to train AI models.

13.5 No Sale of Customer Data

We do not sell, share, or disclose Customer Data to third parties for advertising, marketing, or any commercial purpose unrelated to providing the platform.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the “Last Updated” date at the top of this page.
  • For material changes, we will provide prominent notice on our website or by email at least thirty (30) days before the changes take effect.
  • For EU, UK, and Swiss individuals, material changes will not take effect until you have had a reasonable opportunity to review them.

15. Contact Us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about our data practices:

General legal inquiries:
legal@lanternops.io

Data protection and privacy rights requests:
Lantern Ops, LLC
Attn: Data Protection Officer
PO Box 83, Berthoud, CO 80513
dpo@lanternops.io

Complaints:

  • EEA: Your local data protection supervisory authority
  • United Kingdom: Information Commissioner’s Office (ICO)
  • Switzerland: Federal Data Protection and Information Commissioner
  • California: California Attorney General
  • Colorado: Colorado Attorney General

Lantern Ops, LLC | PO Box 83, Berthoud, CO 80513 | breezermm.com | legal@lanternops.io | dpo@lanternops.io