Legal

Privacy Policy

Effective date: 21 May 2026

1. Introduction

Lenselot (“Lenselot,” “we,” “us,” or “our”) is operated by Lenselot Ltd, a company registered in England and Wales under company number 17231871.

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our marketing website at lenselot.com (“Website”) and when you use our research coding platform at app.lenselot.com (“Service”). Please read this policy carefully. If you disagree with its terms, please discontinue use of our Website and Service.

2. Information We Collect

2.1 Account information

When you create an account or are invited to a workspace, we collect your email address and any profile information you choose to provide. We do not require a name, phone number, or payment card during Open Beta.

2.2 User content

The Service allows you to upload evidence files (CSV, XLSX, PDF, audio, video), create codebooks, and record coded labels and annotations. All content you upload or generate within the Service is referred to as “User Content.” We store User Content to provide and operate the Service; we do not use it for any other purpose without your permission.

2.3 Workspace and collaboration data

We collect information about the workspaces you belong to, including membership, assigned coding roles, adjudication records, and inter-rater reliability statistics generated during your projects.

2.4 Usage and analytics data

Our Website uses Vercel Analytics, a privacy-friendly analytics tool that collects aggregated, anonymised information about page views, referrers, and device/browser type. Vercel Analytics does not use cookies and does not track individuals across sites. Our Service may also collect server-side logs (e.g. timestamps, HTTP status codes, IP addresses) for security and operational purposes only; these are not used for marketing profiling.

2.5 Support communications

If you contact us at support@lenselot.com, we retain the contents of your messages and your email address to respond to and resolve your inquiry.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account and workspaces;
  • Provide, maintain, and improve the Service;
  • Process and display your User Content within your projects;
  • Generate AI-assisted code suggestions and codebook drafts using your uploaded evidence (see Section 7);
  • Send transactional communications, such as workspace invitation emails;
  • Respond to support requests;
  • Detect and prevent fraud, abuse, or security incidents;
  • Comply with applicable legal obligations;
  • Notify you of material changes to the Service or this Privacy Policy.

We do not sell your personal information or User Content. We do not use your User Content for advertising purposes.

4. How We Share Your Information

4.1 Within your workspace

Your User Content, coding activity, and workspace membership are visible to other members of your workspace. You control who is invited to your workspace.

4.2 Service providers (sub-processors)

We share information with third-party vendors who process data on our behalf, subject to contractual data processing obligations:

VendorPurposeData location
VercelWebsite & application hosting, analyticsEU / USA (SCCs)
SupabaseDatabase (PostgreSQL), file storageEU
AI model providersAI-assisted code suggestions and codebook generationUSA (SCCs)
Transactional email providersWorkspace invitations and account notificationsUSA (SCCs)

4.3 Legal requirements

We may disclose information where required to do so by law, court order, or governmental authority, or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Lenselot, our users, or others.

4.4 Business transfers

If Lenselot is involved in a merger, acquisition, asset sale, or insolvency proceeding, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service before your information becomes subject to a materially different privacy policy.

5. Data Storage and Security

Your data is stored on servers located in the European Union, operated by Vercel and Supabase. Where data is transferred outside the EU/EEA (for example, to AI processing vendors), we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms under Chapter V of the GDPR.

We implement reasonable technical and organisational security measures, including encryption in transit (TLS) and at rest, access controls, and audit logging. However, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security and accept no liability for unauthorised access or loss that falls outside our reasonable control.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay where required by applicable law.

6. Data Retention

We retain your account information and User Content for as long as your account is active or as needed to provide the Service. When you delete your account, we will delete or anonymise your personal information within a reasonable period, except where retention is required by law or legitimate business purposes (such as resolving disputes or fraud prevention).

If you cancel a paid plan (when introduced), your data will remain accessible until the end of your billing period and thereafter be subject to free-tier storage limits, as described in our FAQ. We will not immediately delete your data upon cancellation of a paid plan.

Aggregated, non-identifiable analytics data may be retained indefinitely.

7. AI Features

The Service includes AI-assisted features, including code suggestions and codebook generation. These features process your User Content—including uploaded evidence files, existing coded rows, and any literature you provide—to generate suggestions. Key principles governing AI use:

  • AI suggestions are never automatically applied. You must explicitly accept, modify, or reject each suggestion.
  • All AI interactions are logged in an audit trail within your project, indicating which outputs were AI-assisted.
  • We use third-party AI model providers (listed in Section 4.2) to power these features. Your User Content may be sent to these providers solely to generate the response. We do not permit providers to use your User Content to train their general models unless you explicitly consent.
  • We make no representation that AI-generated suggestions are accurate, complete, or fit for any particular research purpose. All suggestions require human review.

8. Staff Access to Your Data

Lenselot staff do not access your project data in the normal course of operations. We may access your User Content only in the following limited circumstances:

  • To investigate and resolve a technical issue you have reported, and only with your explicit permission;
  • To comply with a valid legal obligation;
  • To prevent imminent harm, fraud, or abuse of the Service.

Any such access is logged and limited to the minimum necessary to address the specific issue.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information.
  • Erasure: Request deletion of your personal information, subject to our legal obligations and retention policy.
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction / Objection: Request that we restrict or cease certain processing of your information.
  • Withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at support@lenselot.com. We will respond within 30 days (or as otherwise required by applicable law). We may ask you to verify your identity before fulfilling your request.

If you believe we have processed your data unlawfully, you have the right to lodge a complaint with your applicable data protection authority (e.g. the ICO in the UK, or a relevant EU supervisory authority).

10. Cookies

Our Website does not use tracking or advertising cookies. Vercel Analytics operates without cookies. Our Service may use strictly necessary session cookies or tokens to keep you authenticated. We do not use third-party advertising cookies or cross-site tracking technologies.

11. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us at support@lenselot.com and we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (to the address associated with your account) and/or by posting a prominent notice on the Service prior to the change taking effect. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

We encourage you to review this policy periodically. The “Effective date” at the top of this page indicates when it was last revised.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us at:

Lenselot Ltd

Registered in England and Wales · Company no. 17231871

Email: support@lenselot.com