Privacy Policy
Last updated: 15 July 2026
This Privacy Policy explains how Lens (“we”, “us”) processes personal data when you use our document intelligence platform. Lens is designed for confidential finance and legal work; data protection is a product requirement, not an afterthought.
Who we are
Lens is the data controller for account and billing data, and the data processor for the documents and content you upload. For processor terms, see our Data Processing Agreement.
What we collect
Account data: name, work email, organization, role, and authentication records. Billing data: plan, subscription status, and payment metadata (card details are handled by Stripe; we never store them). Content: the documents, analyses, chats, and theses you create. Usage data: product events and audit logs used for security and to operate the service.
Where your data lives
Application hosting, database, and document storage are located in the European Union. Data is encrypted in transit (TLS) and at rest.
AI processing
Analysis is powered by Anthropic’s Claude API under commercial terms that prohibit training on your data. Document content is sent for processing only when you run an analysis, and only the excerpts required to answer.
Your rights (GDPR)
You may access, export, correct, or delete your personal data. Workspace owners can export and delete organization data from Settings → Compliance. To exercise any right, email hello@lens.app. We respond to verified requests within the timeframes required by applicable law.
Retention
We retain content for the life of your account. On deletion, content is removed from production systems and ages out of backups on a fixed schedule.
Subprocessors
Core subprocessors: EU-region infrastructure providers (hosting, database, storage), Anthropic (AI processing), Stripe (payments), and our email delivery provider. A current list accompanies the DPA.
Contact
Privacy questions and data requests: hello@lens.app.