Legal

Privacy Policy

Last updated: January 2025

SkyLens respects your privacy. This policy explains what personal information we collect, how we use it, and the choices you have.

1. Information we collect

2. How we use it

We use personal information to provide the Service, authenticate users, send operational email (e.g. invites, password resets, invoice receipts), prevent abuse, and improve product features. We do not sell personal information.

3. Cookies

We use strictly-necessary cookies for authentication (httpOnly session tokens) and CSRF protection. Analytics cookies, if any, are disclosed separately and are opt-in in regions that require consent.

4. Sharing

We share data only with processors who help us operate the Service (payments, email delivery, infrastructure hosting, error tracking). A current list is available on request. We do not share customer data with advertisers.

5. International transfers

Our primary hosting region is the United States. For customers in the EU/UK we rely on Standard Contractual Clauses where applicable. Enterprise customers may request regional data residency.

6. Security

We encrypt data in transit (TLS) and at rest. Passwords are hashed with bcrypt. Tenant data is isolated by row-level scoping enforced at the ORM layer. See /trust for our full security posture.

7. Retention

We retain personal data for as long as your account is active. On termination we delete Customer Data within 30 days, except where retention is required by law. You can export your data at any time.

8. Your rights

Depending on your jurisdiction you may have the right to access, correct, delete, or port your data. Submit requests via /contact. We respond within 30 days.

9. Children

SkyLens is not intended for individuals under 16. We do not knowingly collect data from children.

10. Contact

Data protection officer: contact us. Enterprise DPA available at /legal/dpa.