Privacy Policy
Last updated: April 16, 2026
Privacy Policy
Effective Date: April 16, 2026
Last Updated: April 16, 2026
Lenz ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our platform and services (the "Service").
This policy applies to all users of the Service, regardless of location. We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy regulations.
1. Information We Collect
1.1 Information You Provide
| Data Category | Examples | Purpose |
|---|---|---|
| Account Information | Name, email address | Account creation, authentication, communication |
| Profile Information | Display name, bio, company, location, social links, avatar | Public profile (optional, user-controlled) |
| Payment Information | Processed by Stripe; we store only Stripe customer ID and subscription ID | Billing and subscription management |
| Uploaded Content | Images, PDF documents, support files | AI processing and SEO generation |
| Workspace Data | Industry, niche, company name, website URL | Tailoring AI outputs to your industry |
| User Instructions | Custom prompts, brand names, AI chat messages | Customizing AI processing |
1.2 Information Collected Automatically
| Data Category | Examples | Purpose |
|---|---|---|
| Usage Data | Pages visited, features used, timestamps | Service improvement and analytics |
| Device Information | Browser type, operating system, screen resolution | Compatibility and debugging |
| Log Data | IP address, access times, error logs | Security, fraud prevention, debugging |
| Cookies | Session cookies, preference cookies | Authentication, user preferences (see Cookie Policy) |
1.3 Information from Third Parties
We receive limited information from our authentication provider (Manus OAuth) when you sign in, including your name and email address.
2. How We Use Your Information
We use your information for the following purposes:
- Providing the Service: Processing your images and documents through AI to generate SEO content, managing your workspaces, and delivering features you request.
- Account Management: Creating and maintaining your account, processing payments, and communicating about your subscription.
- Service Improvement: Analyzing usage patterns to improve features, fix bugs, and optimize performance. We use aggregated, anonymized data for this purpose.
- Security: Detecting and preventing fraud, abuse, and unauthorized access.
- Legal Compliance: Fulfilling legal obligations, responding to lawful requests, and enforcing our Terms of Service.
- Communication: Sending service-related notifications (e.g., subscription changes, security alerts). We do not send marketing emails without your explicit consent.
We do NOT:
- Sell your personal information to third parties.
- Use your uploaded content to train AI models.
- Share your content with other users.
- Use your data for targeted advertising.
3. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:
| Legal Basis | Applicable Processing |
|---|---|
| Contract Performance | Account management, service delivery, payment processing |
| Legitimate Interest | Security, fraud prevention, service improvement (with balancing test) |
| Consent | Optional analytics cookies, marketing communications |
| Legal Obligation | Tax records, compliance with lawful requests |
4. Data Sharing and Third Parties
We share your information only with the following categories of service providers, and only to the extent necessary to provide the Service:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| AI Processing Provider | Image analysis and content generation | Uploaded images and documents (processed, not stored) |
| Stripe | Payment processing | Payment details (handled directly by Stripe) |
| Cloud Storage (S3) | File storage | Uploaded files and generated content |
| Database Provider | Data persistence | Account data, workspace data, generated metadata |
| Authentication Provider | User login | Name, email |
We require all service providers to maintain appropriate security measures and to process data only as instructed by us. We do not sell, rent, or trade your personal information.
5. Data Retention
We retain your data as follows:
| Data Type | Retention Period |
|---|---|
| Account Information | Until account deletion + 30 days |
| Uploaded Content | Until you delete it or delete your account |
| Generated SEO Output | Until you delete it or delete your account |
| Payment Records | 7 years (legal/tax requirement) |
| Usage Logs | 90 days |
| Deleted Account Data | Purged within 30 days of deletion request |
6. Your Rights
6.1 Rights for All Users
All users have the right to:
- Access your personal data held by us.
- Correct inaccurate personal data.
- Delete your account and all associated data.
- Export your data in a machine-readable format (JSON).
- Withdraw consent for optional data processing at any time.
6.2 Additional Rights (GDPR — EEA/UK/Switzerland)
If you are in the EEA, UK, or Switzerland, you also have the right to:
- Restrict processing of your personal data in certain circumstances.
- Object to processing based on legitimate interests.
- Data portability — receive your data in a structured, commonly used format.
- Lodge a complaint with your local data protection authority.
6.3 Additional Rights (CCPA — California)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, and disclose.
- Delete your personal information.
- Opt-out of the sale of personal information (we do not sell personal information).
- Non-discrimination for exercising your privacy rights.
6.4 Exercising Your Rights
You can exercise most rights directly through the Service:
- Data Export: Available in Account Settings.
- Account Deletion: Available in Account Settings.
- Profile Management: Edit or delete your profile information at any time.
For other requests, contact us at [email protected]. We will respond within 30 days (or sooner as required by applicable law).
7. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (TLS/HTTPS) for all data transmission.
- Secure authentication with session management and cookie security.
- Access controls limiting data access to authorized personnel and systems.
- Security headers (Content-Security-Policy, X-Frame-Options, HSTS) on all responses.
- Rate limiting on authentication and API endpoints.
- Regular security reviews and updates.
No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.
8. International Data Transfers
Your data may be processed in countries outside your country of residence, including the United States. When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where required by GDPR.
9. Children's Privacy
The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before they take effect. The "Last Updated" date at the top reflects the most recent revision.
11. Contact Us
For privacy-related questions or requests:
- Email: [email protected]
- Data Protection: For GDPR-related inquiries, contact our data protection point of contact at [email protected].
© 2026 Lenz Technologies. All rights reserved.