Privacy Policy

When you register or authenticate, we collect the information required to create and manage your account:

• Email address
• Display name and username
• Profile information you choose to provide (avatar URL, bio)
• Authentication identifiers from your authentication provider

To deliver Lensy's core services and improve system quality, we process information about how you use the platform:

• Queries, prompts, and inputs you submit to the platform
• Outputs and structured responses generated by the system
• Conversation history associated with your account
• Intelligence mode selections and product feature interactions
• Saved work items and documents

Where you use Lensy in local or incognito mode, queries are processed but not persistently stored to your account. See the Local and incognito mode section for details.

Standard technical data is collected automatically when you use the platform:

• Browser type, version, and operating system
• Device type and screen resolution
• IP address (used for security and fraud prevention; not associated with usage content)
• Session logs and request timestamps
• Error and diagnostic information

Subscription and payment processing is handled by a third-party provider (Stripe). Lensy does not store full payment card details. We retain:

• Subscription plan and billing cycle
• Payment status and renewal dates
• Provider customer and subscription identifiers

Stripe's handling of your payment data is governed by their own privacy policy. We recommend reviewing it at stripe.com/privacy.

We process your account data and usage data to authenticate you, maintain your session, deliver responses to your queries, and persist your preferences and saved work. This processing is necessary to perform the contract between us.

Your inputs are processed by Lensy's AI system to generate structured outputs. This processing is necessary to deliver the service you have requested. We do not use your specific query content for purposes unrelated to your session without your consent.

We may use aggregated, anonymised data to identify performance patterns, improve response quality, and reduce errors. Where data is genuinely anonymised such that no individual can be identified, data protection law does not apply to its use.

We process technical data and interaction logs to detect and prevent misuse, protect platform integrity, enforce our Terms of Service, and fulfil security obligations. This is based on our legitimate interests and, where applicable, legal obligations.

We process subscription and billing data to manage your plan, process renewals, and communicate payment-related information. This is necessary to perform our contract with you.

We may process personal data where required to comply with applicable laws, respond to lawful requests from authorities, or establish, exercise, or defend legal claims.

Your queries are transmitted to Lensy's processing infrastructure and may be routed through AI model providers to generate outputs. This occurs within the scope of delivering the service to you. Outputs — including structured summaries, research, and generated documents — are returned to you and, where you have an account, may be associated with your session.

Your query content and outputs are not used to train external public AI models without your explicit, informed consent. We will not share identifiable user content with third-party model providers for their training purposes.

Lensy may use anonymised or aggregated interaction data — data from which no individual can be reasonably identified — to evaluate and improve the system's accuracy, safety, and coverage. This does not involve sharing personal data.

Lensy does not make automated decisions about you that have legal or similarly significant effects without human review. The platform generates information and structured outputs; all consequential decisions remain yours to make.

You are reminded that Lensy outputs do not constitute legal or financial advice. See the Terms of Service for the full disclaimer.

Account, profile, settings, and subscription data is stored in Supabase, a managed database platform. Data at rest is encrypted, and all data in transit between your device and Lensy's servers is protected using TLS.

Lensy's primary infrastructure operates in the European Union and/or United Kingdom. Where data is processed outside these regions — for example, by AI model providers or third-party infrastructure services — we take reasonable steps to ensure appropriate safeguards are in place, consistent with UK GDPR requirements for international transfers.

Access to production systems and user data is restricted to authorised personnel on a need-to-know basis. Row-level security policies are enforced at the database level to prevent cross-user data access. Privileged operations require elevated credentials and are logged.

We share data with sub-processors who provide infrastructure, database hosting, AI model processing, and payment services. These providers process data on our behalf, under contractual obligations that restrict their use to the agreed purpose.

• Supabase — database and authentication infrastructure
• Stripe — payment processing and subscription management
• AI model providers — query processing to generate platform outputs

We may disclose personal data where required to do so by law, court order, or in response to a lawful request by a public authority. Where legally permissible, we will notify you of such a request.

If Lensy undergoes a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify users of any material change in data controller identity.

You may request a copy of the personal data we hold about you, together with information about how it is used and with whom it is shared.

If personal data we hold is inaccurate or incomplete, you may request that it be corrected. You can update most profile data directly in your account settings at lensy.uk/settings.

You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you withdraw consent, or where processing was unlawful. Certain data may be retained where we have a legal obligation to do so.

You may request that we restrict processing of your personal data in certain circumstances — for example, while a rectification request is assessed.

Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, and machine-readable format.

Where we rely on legitimate interests as a lawful basis, you may object to that processing. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.

To exercise any of these rights, contact us at legal@lensy.uk. We may need to verify your identity before processing a request. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data is being processed unlawfully.

We retain your profile, settings, and conversation history for as long as your account is active. If you delete your account, this data is permanently removed from our systems within 30 days, subject to any legal retention obligations.

Financial and billing records are retained for up to seven years in compliance with UK accounting and tax law, even after account deletion.

Server access and security logs are retained for up to 90 days unless extended for active security investigations or legal proceedings.

Aggregated and genuinely anonymised data may be retained indefinitely for analytical and system improvement purposes.

Session authentication cookies are required to keep you signed in and to maintain a secure session. These are set by Supabase via the SSR authentication layer. They are strictly necessary to provide the service and do not require consent under UK PECR.

Lensy stores certain preferences locally in your browser — including intelligence mode selections, UI state, and memory settings. This data exists only in your browser and is not transmitted to our servers unless you are signed in and have sync enabled.

We do not currently deploy third-party advertising trackers or behavioural analytics cookies. If this changes, this policy will be updated and, where required, consent will be obtained.

When you are signed in, your conversations, preferences, and saved work are persisted to your Lensy account in Supabase. This allows access across devices and enables features such as memory and saved documents. All data handling is as described in this policy.

When operating in incognito or local mode, your queries are processed to generate responses but conversation content is not stored to your account after the session ends. This mode is designed for users who want to ask sensitive questions without leaving a persistent record in their Lensy account.

Please note: even in local mode, queries must still be transmitted to Lensy's servers for processing. Technical logs (including IP address and request metadata) may still be generated as described in this policy. Local mode removes persistent account-level storage, not processing entirely.

Lensy's memory system, when enabled, stores contextual information from your sessions to personalise future responses. This can be disabled in your account preferences. Memory data is cleared when you delete your account or explicitly reset your memory from the settings.