Privacy Policy

Last updated: 15 July 2026

This Privacy Policy explains how Lens (“we”, “us”) processes personal data when you use our document intelligence platform. Lens is designed for confidential finance and legal work; data protection is a product requirement, not an afterthought.

Who we are

Lens is the data controller for account and billing data, and the data processor for the documents and content you upload. For processor terms, see our Data Processing Agreement.

What we collect

Account data: name, work email, organization, role, and authentication records. Billing data: plan, subscription status, and payment metadata (card details are handled by Stripe; we never store them). Content: the documents, analyses, chats, and theses you create. Usage data: product events and audit logs used for security and to operate the service.

Where your data lives

Application hosting, database, and document storage are located in the European Union. Data is encrypted in transit (TLS) and at rest.

AI processing

Analysis is powered by Anthropic’s Claude API under commercial terms that prohibit training on your data. Document content is sent for processing only when you run an analysis, and only the excerpts required to answer.

Your rights (GDPR)

You may access, export, correct, or delete your personal data. Workspace owners can export and delete organization data from Settings → Compliance. To exercise any right, email hello@lens.app. We respond to verified requests within the timeframes required by applicable law.

Retention

We retain content for the life of your account. On deletion, content is removed from production systems and ages out of backups on a fixed schedule.

Subprocessors

Core subprocessors: EU-region infrastructure providers (hosting, database, storage), Anthropic (AI processing), Stripe (payments), and our email delivery provider. A current list accompanies the DPA.

Contact

Privacy questions and data requests: hello@lens.app.