Privacy Policy

At Lensmor, we value clarity and privacy. We build intelligence tools to help you track competitors and events, not to track you. By using our Services (Web Dashboard, API, and MCP Servers), you accept the practices outlined below.

1. Our Roles & Data Scope (Crucial Distinction)

To provide our Service, Lensmor operates under two distinct roles depending on the data type:

Public Professional Profiles (We act as Controller): We aggregate publicly available business information (e.g., LinkedIn URLs, Job Titles, Company Names) indexed by search engines or provided by event organizers. We process this data based on our Legitimate Interest to provide B2B market intelligence.

Customer Enriched Data (We act as Processor): When you use our "Enrichment" features to reveal contact details (e.g., email addresses) via our third-party data partners, Lensmor acts solely as a Data Processor. This data is your private business asset. We store it encrypted on your behalf, and we do not share it with other Lensmor customers.

2. Information We Collect

A. Information You Provide (User Data)

Account Info: Name, work email, and hashed password.

Workspace Data: Organization details and team member invites.

Private Tracking Logic: The specific competitors or keywords you configure. We treat your monitoring strategy as confidential business logic.

B. Public Business Data (The Lensmor Directory)

We use Open Source Intelligence (OSINT) techniques to index:

Exhibitor & Attendee Signals: Publicly listed exhibitor names, booth numbers, and publicly associated professional profiles (Names, Titles, Public Social URLs) found via search engine indexes (e.g., Google, Bing).

Source: We strictly collect data from Publicly Available Sources. We do not intrude into private accounts or breach "walled garden" terms of service.

C. Enriched Contact Data (Your Asset)

If you choose to use credits to "Reveal" or "Enrich" a profile, we retrieve contact information (such as business emails) from compliant third-party data providers (e.g., People Data Labs, Proxycurl).

Storage Policy: This data is stored in your private workspace database. It is encrypted at rest and isolated from other tenants.

D. Usage & API Logs

We log API requests (timestamp, endpoint, status) for debugging and security. Note: Sensitive PII in logs is masked or redacted to ensure our engineering team does not access raw private data.

3. How We Use Your Data

We do not sell your User Data (your account info) to third parties. We use data to:

Deliver Intelligence: Analyze the public data to surface "Must-Win" accounts and event signals.

Execute Your Instructions: Fetch and store Enriched Data upon your specific request.

Security: Detect abuse (e.g., DDoS, credential stuffing) and enforce rate limits.

AI Analysis: We may send anonymized snippets of public competitor content (e.g., a press release text) to LLM providers (like OpenAI) to generate summaries. We do not send your Enriched Contact Data (Emails/Phones) to public LLMs.

4. Data Sharing & Sub-processors

We share data strictly with the trusted infrastructure providers required to operate the service:

Cloud Infrastructure: AWS (USA/Europe Regions) – Provider of encrypted storage and computing power.

Data Enrichment: Licensed Third-party Vendors – Data is shared only when you explicitly trigger an "Enrich" or "Unlock" request.

AI Models: OpenAI / Anthropic – We transmit anonymized context solely for generating insights. We have opted out of data retention for model training where available.

Payment & Invoicing: Airwallex – We use Airwallex for payment processing. We do not store your full credit card numbers or sensitive financial credentials on our servers.

Analytics: Google Analytics / PostHog – For analyzing aggregated platform usage patterns.

No Contributory Network (Your Data Privacy Guarantee): Unlike many other data platforms, Lensmor does not access your CRM, email inbox, or calendar to harvest your contacts for a shared public database. Your proprietary data remains strictly yours and is never sold to other customers.

5. Data Security & Infrastructure

We treat your Enriched Data as your private asset. To protect it, we employ a "Defense in Depth" security architecture:

Infrastructure & DPA: Our Services are hosted on Amazon Web Services (AWS). We have executed a strict Data Processing Addendum (DPA) with AWS to ensure that the underlying infrastructure complies with GDPR and ISO 27001 standards.

Encryption at Rest (RDS): All user databases are protected using AWS RDS Enforced Encryption (AES-256). The raw data files on the disk are unreadable without the specific decryption key.

Key Management (KMS): We utilize AWS Key Management Service (KMS) to manage cryptographic keys.
No Direct Access:
does not

Encryption in Transit: All data moving between you and Lensmor is encrypted via TLS 1.2/1.3.

6. Your Rights (GDPR, CCPA & Global)

For Our Users (Customers)

Access & Export: You can export your data via API at any time.

Deletion: If you delete your account, your Private Enriched Data is permanently removed from our active databases.

For Professionals Listed in Our Directory (Data Subjects)

If you find your professional profile in our Public Directory and wish to be removed:

Opt-Out / Removal: Please visit our [Claim or Remove Profile] page (Link to your removal form).

We respect your Right to be Forgotten. Upon request, we will block your profile from appearing in future search results.

7. Changes to this Policy

We may update this policy as our product evolves. If we make material changes (e.g., changing how we handle your private data), we will notify you via email or dashboard alert.

8. Contact Us

For privacy inquiries or DPA (Data Processing Agreement) requests: VIRTUALGEN CO., LIMITED Email: [hello@lensmor.com] (Add HK Address if available, strictly optional for Privacy Policy but good for trust)

‍