Back to Home

Privacy Policy

Last updated: November 1, 2025

1. Introduction

LenzAI ("we," "us," or "our") is a UK sole trader business operating www.lenzai.co.uk (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI visibility tracking and optimization service.

By using the Service, you agree to the collection and use of information in accordance with this policy. As we transition to a limited company, this policy will be updated accordingly.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Name and email address (for account creation)
  • Company name and website URL (for service provision)
  • Payment information (processed securely through Stripe)
  • Communication preferences

2.2 Business Information

To provide our services, we collect:

  • Your company's website content (for analysis during onboarding)
  • Industry and target market information
  • Search terms and keywords you want to monitor
  • AI platform visibility data and mentions
  • Citation and source attribution data

2.3 Usage Data

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information and operating system
  • Usage patterns and feature interactions
  • Performance and error data

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our Service
  • Analyze your website during onboarding to generate relevant monitoring terms
  • Monitor your brand visibility across AI platforms (ChatGPT, Perplexity, Gemini)
  • Track citations and source attributions in Google AI Overviews
  • Generate insights and AI-powered optimization recommendations
  • Process payments and manage subscriptions
  • Send service-related communications (monitoring reports, account updates)
  • Respond to customer support requests
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We share data only with the following trusted third-party service providers necessary to operate our Service:

4.1 Essential Service Providers

  • Supabase: Database hosting and user authentication (subject to Supabase's privacy policy)
  • Railway: Application hosting and infrastructure (subject to Railway's privacy policy)
  • Stripe: Payment processing and subscription management (subject to Stripe's privacy policy)

4.2 AI Platform Monitoring Services

To monitor your brand visibility across AI platforms, we use the following APIs:

  • OpenAI (ChatGPT): For website analysis during onboarding and monitoring ChatGPT responses for brand mentions
  • Perplexity AI: For monitoring Perplexity AI responses for brand mentions and citations
  • Google AI (Gemini): For monitoring Google Gemini responses for brand mentions
  • SerpAPI: For extracting and analyzing Google AI Overview citations and search results

Note: Your search terms are sent to these platforms to check for brand mentions. Your company name and website content are analyzed but not permanently stored by these third-party AI services.

4.3 Email Service

  • Resend: Transactional email delivery for account notifications and monitoring reports (when implemented)

4.4 Legal Requirements

We may disclose your information if required by law, legal process, court order, or government request, or to protect our rights, property, or safety, or that of others.

4.5 Business Transfers

If LenzAI is involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy. This includes our transition from a sole trader to a limited company.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption in transit using HTTPS/TLS for all connections
  • Encryption at rest for sensitive data in our database
  • Secure API key storage and rotation practices
  • Access controls and authentication via Supabase
  • Regular security audits and updates
  • Secure payment processing exclusively through Stripe (PCI-compliant)
  • Row-level security policies in our database

However, no method of transmission over the internet is 100% secure. While we strive to protect your information using industry-standard practices, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations (e.g., UK tax records for 6 years)
  • Resolve disputes and enforce agreements
  • Maintain historical monitoring data for trend analysis

When you delete your account, we delete or anonymize your personal information within 30 days, except where required by UK law to retain it longer (such as accounting records).

7. Your Rights Under UK GDPR

As a UK-based service, we comply with the UK General Data Protection Regulation (UK GDPR). You have the following rights:

  • Right to Access: Request a copy of your personal data we hold
  • Right to Rectification: Correct inaccurate or incomplete information
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at: privacy@lenzai.co.uk

We will respond to your request within one month as required by UK GDPR.

8. Cookies and Tracking

We use essential cookies and similar tracking technologies to:

  • Maintain your login session (authentication cookies)
  • Remember your preferences
  • Ensure security and prevent fraud
  • Analyze usage patterns to improve our Service

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of the Service, particularly authentication and personalization.

9. Children's Privacy

Our Service is intended for business use and is not directed at children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@lenzai.co.uk and we will delete it promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries outside the United Kingdom, including the United States (where some of our service providers are based).

When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office
  • Data Processing Agreements with all third-party providers
  • Adequacy decisions where applicable

Our service providers (Supabase, Railway, OpenAI, Anthropic, Google, Perplexity, SerpAPI, Stripe, Resend) have appropriate data protection measures in place.

11. Third-Party Links

Our Service may contain links to third-party websites, including AI platforms we monitor. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including when we transition from a sole trader to a limited company. We will notify you of significant changes by:

  • Email to your registered email address
  • Prominent notice on our Service
  • Updating the "Last updated" date at the top of this policy

Continued use of the Service after changes constitutes acceptance of the updated policy. We recommend reviewing this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

Email: support@lenzai.co.uk

Data Protection: privacy@lenzai.co.uk

Business Type: UK Sole Trader (transitioning to Ltd)

Business address will be updated when we complete our transition to a limited company.

14. UK Supervisory Authority

If you have concerns about our data processing practices and are not satisfied with our response, you have the right to lodge a complaint with the UK's data protection authority:

Information Commissioner's Office (ICO)

Website: www.ico.org.uk

Telephone: 0303 123 1113

Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

15. Legal Basis for Processing (UK GDPR)

Under UK GDPR, we process your personal data based on the following legal grounds:

  • Contract: Processing necessary to provide our Service to you
  • Legitimate Interests: Improving our Service, fraud prevention, security
  • Consent: Marketing communications (where you've opted in)
  • Legal Obligation: Compliance with UK tax and accounting laws
Return to Home