DIRECTORY ONLY. LanternPass is an adult practitioner and venue directory for Bangkok, Pattaya, and Phuket. We do not facilitate bookings, arrange meetings, or accept payment for services. You contact providers directly and arrange privately. Filter by body measurements including 34/27/36. 18+ only. Use at your own risk. Comply with local laws. No facilitation.

Privacy Notice

DIRECTORY ONLY • 18+ • PUBLISHED DATA GATED

Data Architecture (Dual D1)

PULL_DB (rovebook-pull, read-only): Immutable supply via lantern_adult_practitioners, lantern_adult_locations, lantern_adult_services VIEWS ONLY. These views already enforce published + adult + eggplant_level safety gates before any LanternPass code sees the rows.

APP_DB (lanternpass-owned): All mutable user data — self_listed_practitioners (with native bust_cm/waist_cm/hip_cm), self_listed_services, self_listed_photos (R2 keys), users, user_subscriptions (The Pass), practitioner_claims, sessions, moderation records.

Self-Listed Photos (R2)

Uploads go to the lanternpass-images R2 bucket via the IMAGES binding. Each photo record in APP_DB starts with moderationStatus: 'pending'. Only approved photos are referenced/displayed. Self-listers control their own images subject to removal.

Accounts, Auth & Sessions

Email + optional password (bcrypt hash stored). Session via httpOnly cookie (lantern_user_id) or future signed tokens + KV SESSIONS. No PII beyond what self-listers voluntarily publish. We never store plain-text passwords.

What We Do NOT Do

  • Never sell, share, or monetize PULL or APP practitioner data.
  • Never facilitate meetings, payments, or arrangements.
  • Never expose unpublished, unmoderated, or non-adult data.
  • Never bypass published gates from either data source.

Your Rights (Self-Listers & Users)

Self-listers own their profiles in APP_DB. You may request deletion or correction of your self-listing via the platform. For PULL data, contact originates from the upstream pipeline owner. Data subject requests handled case-by-case with audit.

Compliance Surface

AgeGate (persistent localStorage), prominent DIRECTORY ONLY disclaimers on every page (layout + banner), server-side published gates, moderation queue for self data, no direct booking language anywhere (only “intro request”).

Infrastructure

100% Cloudflare: OpenNext on Workers, dual D1, R2 IMAGES, KV SESSIONS. Short-lived requests. No server-side secrets in client bundles. All bindings injected at runtime.

Contact for privacy requests: use the platform contact or listed channels after login. We respond to lawful requests only. 18+ only.

See full Terms of Service — Directory only. All arrangements direct.