PurLens

Privacy Policy

Last updated: June 15, 2026

1. Information We Collect

We collect information you provide directly, including:

  • Account data: Name, email address, password hash
  • Usage data: API requests, feature usage, error logs
  • Technical data: IP addresses, browser/device information, session tokens
  • Integration data: Microsoft Purview credentials (encrypted at rest)

2. How We Use Your Information

We use collected information to:

  • Provide and improve the Service
  • Authenticate users and maintain security
  • Send transactional emails (account confirmations, invitations)
  • Comply with legal obligations
  • Detect and prevent fraud and abuse

3. Data Storage and Security

Your data is stored on servers located in the European Union and United States. We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Access controls and audit logging
  • Regular security assessments
  • SOC 2 Type II compliance (in progress)

4. Data Sharing

We do not sell your personal data. We may share data with:

  • Service providers: Supabase (database), Stripe (billing), Sentry (error monitoring)
  • Legal requirements: When required by law or legal process
  • Business transfers: In connection with a merger or acquisition

5. Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights:

  • Access: Request a copy of your data via GET /api/account/export
  • Rectification: Update your account information in Settings
  • Erasure: Delete your account via DELETE /api/account
  • Portability: Download your data in JSON format
  • Objection: Contact us to restrict processing

To exercise these rights, contact: privacy@purlens.io

6. Data Retention

We retain personal data for as long as your account is active or as needed to provide services.

  • Session data: 30 days after expiry
  • Audit logs: 365 days (configurable per organization)
  • Login attempts: 90 days
  • Account data: Until account deletion + 30 days

7. Cookies

We use a single essential cookie (purlens_session) for authentication. This cookie is HttpOnly, Secure, and SameSite=Lax. No analytics or advertising cookies are used.

8. Contact

For privacy inquiries or data subject requests, contact our Data Protection Officer:

Email: privacy@purlens.io
Subject line:“Data Subject Request”

© 2026 PurLens. All rights reserved.

TermsPrivacyContact