Privacy Policy
Last updated: June 15, 2026
1. Information We Collect
We collect information you provide directly, including:
- Account data: Name, email address, password hash
- Usage data: API requests, feature usage, error logs
- Technical data: IP addresses, browser/device information, session tokens
- Integration data: Microsoft Purview credentials (encrypted at rest)
2. How We Use Your Information
We use collected information to:
- Provide and improve the Service
- Authenticate users and maintain security
- Send transactional emails (account confirmations, invitations)
- Comply with legal obligations
- Detect and prevent fraud and abuse
3. Data Storage and Security
Your data is stored on servers located in the European Union and United States. We implement industry-standard security measures including:
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- Access controls and audit logging
- Regular security assessments
- SOC 2 Type II compliance (in progress)
4. Data Sharing
We do not sell your personal data. We may share data with:
- Service providers: Supabase (database), Stripe (billing), Sentry (error monitoring)
- Legal requirements: When required by law or legal process
- Business transfers: In connection with a merger or acquisition
5. Your Rights (GDPR)
If you are in the European Economic Area, you have the following rights:
- Access: Request a copy of your data via
GET /api/account/export - Rectification: Update your account information in Settings
- Erasure: Delete your account via
DELETE /api/account - Portability: Download your data in JSON format
- Objection: Contact us to restrict processing
To exercise these rights, contact: privacy@purlens.io
6. Data Retention
We retain personal data for as long as your account is active or as needed to provide services.
- Session data: 30 days after expiry
- Audit logs: 365 days (configurable per organization)
- Login attempts: 90 days
- Account data: Until account deletion + 30 days
7. Cookies
We use a single essential cookie (purlens_session) for authentication. This cookie is HttpOnly, Secure, and SameSite=Lax. No analytics or advertising cookies are used.
8. Contact
For privacy inquiries or data subject requests, contact our Data Protection Officer:
Email: privacy@purlens.io
Subject line:“Data Subject Request”