Privacy Policy

Last updated: January 3, 2026

1. Introduction

Lenza ("we," "our," or "us") operates the Lenza product intelligence platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and ensuring transparency in how we handle your data. By accessing or using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information

When you register for an account or use our Service, we may collect the following personal information:

  • Account Information: Name, email address, and profile picture obtained through GitHub OAuth authentication
  • Organization Information: Organization or company name, team member details, and role assignments
  • Payment Information: Billing address and payment method details (processed securely through our payment processor)
  • Communication Data: Any correspondence you send to us, including support requests

2.2 Code and Repository Data

When you connect a GitHub repository to Lenza, we access and process the following:

  • Source Code: The contents of files in your connected repositories, including code, documentation, and configuration files
  • Repository Metadata: Repository name, description, file structure, and commit history
  • Extracted Symbols: Function names, class definitions, interfaces, and other code structures extracted during analysis
  • Embeddings: Vector representations of code and documentation for semantic search purposes

2.3 Usage Data

We automatically collect certain information when you use our Service:

  • Chat History: Questions you ask and conversations you have with our AI assistant
  • Knowledge Base Content: Capabilities, questions, and answers you save to your knowledge base
  • Device Information: Browser type, operating system, device identifiers, and IP address
  • Log Data: Access times, pages viewed, and actions taken within the Service
  • Analytics Data: Feature usage patterns, performance metrics, and error reports

2.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Maintain your session and authentication state
  • Remember your preferences and settings
  • Analyze usage patterns to improve our Service
  • Provide security features

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

  • To provide, operate, and maintain our product intelligence platform
  • To analyze your codebase and generate answers to your questions
  • To create and maintain your knowledge base and capability tracking
  • To process and manage your subscription and payments
  • To authenticate your identity and manage your account

3.2 AI Processing

Important: Lenza uses artificial intelligence to analyze your code and generate responses. When you ask a question:

  • Relevant portions of your code are retrieved from our database
  • This code context, along with your question, is sent to our AI provider (OpenAI) for processing
  • The AI generates a response based on your actual source code
  • Enterprise customers using Bring Your Own Key (BYOK) send data directly to their own OpenAI account

3.3 Service Improvement

  • To understand how users interact with our Service
  • To develop new features and functionality
  • To identify and fix bugs and performance issues
  • To optimize our algorithms and search capabilities

3.4 Communication

  • To send you service-related notifications and updates
  • To respond to your inquiries and support requests
  • To send marketing communications (with your consent)
  • To notify you of changes to our policies or Service

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Third-Party Service Providers

We share information with third-party vendors who provide services on our behalf:

  • OpenAI: We send code context and questions to OpenAI's API to generate AI-powered responses. OpenAI processes this data according to their privacy policy and API data usage policy. Note: OpenAI does not use API data to train their models.
  • GitHub: We integrate with GitHub to access your repositories and authenticate your account, subject to GitHub's Privacy Statement
  • Payment Processors: We use secure third-party payment processors to handle billing transactions
  • Cloud Infrastructure: We use cloud service providers to host and deliver our Service
  • Analytics Providers: We use analytics services to understand usage patterns

4.2 Team Members

Information within your organization's account is accessible to team members you invite, based on their assigned roles and permissions.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), including to:

  • Comply with a legal obligation
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of users of the Service or the public
  • Protect against legal liability

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your information.

5. Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest
  • Access Controls: Strict role-based access controls and authentication mechanisms
  • Secure Infrastructure: We use reputable cloud providers with industry-standard security certifications
  • Regular Audits: We conduct regular security assessments and vulnerability testing
  • Employee Training: Our team is trained on data protection and security best practices
  • Incident Response: We maintain procedures for detecting, reporting, and investigating security incidents

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as your account is active, or as needed to provide you services. Specifically:

  • Account Data: Retained while your account is active and for a reasonable period afterward
  • Code and Repository Data: Retained while repositories are connected; deleted when repositories are disconnected or upon account deletion
  • Chat History: Retained according to your plan and can be deleted by you at any time
  • Knowledge Base: Retained until you delete it or close your account
  • Logs and Analytics: Retained for up to 12 months for operational purposes
  • Billing Records: Retained as required by law (typically 7 years for tax purposes)

Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law or for legitimate business purposes.

7. Your Rights and Choices

7.1 General Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request a machine-readable copy of your data
  • Objection: Object to processing of your personal information
  • Restriction: Request restriction of processing in certain circumstances
  • Withdrawal of Consent: Withdraw consent where processing is based on consent

7.2 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@lenza.app. We will respond to your request within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing your request.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page with an updated "Last updated" date
  • Sending you an email notification for material changes (if you have an account)
  • Displaying a notice within our Service

We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after any changes constitutes your acceptance of the new Privacy Policy.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@lenza.app

General Inquiries: hello@lenza.app

We aim to respond to all privacy-related inquiries within 30 days.