Privacy

Privacy Policy

Updated March 2026

Official Lensart document

This policy explains what data Lensart collects, why it is processed, how AI-generation providers are involved, and how we handle retention, deletion, and LGPD rights.

Section 01

1. Data We Collect

We collect the following information when you use Lensart:

  • Account data: full name, email address, and password, stored as a secure hash through Supabase Auth.
  • Biometric images: photos submitted for training your personalized AI model. These images are treated as sensitive data under the LGPD.
  • Payment data: processed by Stripe. Lensart does not store credit card data.
  • Usage data: image generation logs, selected style, and generated portrait history.
  • Cookies and sessions: used for authentication and browsing preferences.

Section 02

2. Why We Process Data

We process personal data only as needed to operate, secure, and improve Lensart.

  • Account and login data: to create your account, authenticate you, communicate about the service, and provide support. Legal bases may include contract performance, legitimate interests, and compliance with legal obligations.
  • Uploaded photos and generated portraits: to process your requests, generate portraits, store results in your account, and respond to deletion or support requests. Legal bases may include your consent and contract performance.
  • Payment and transaction data: to process purchases, prevent fraud, issue invoices or receipts, and comply with tax and accounting obligations. Legal bases may include contract performance and legal obligations.
  • Usage and technical data: to monitor reliability, prevent abuse, investigate failures, and improve service operations. Legal bases may include legitimate interests and legal obligations.

Section 03

3. Images and AI Processing

The photos you submit are used to provide the portrait generation service linked to your account.

  • Uploaded reference images are stored in our infrastructure so we can validate inputs, generate portraits, and support your account experience.
  • Generated portraits are stored so you can access them in your account until they are deleted under our retention practices or at your request, when applicable.
  • To deliver the service, we may send your images and prompts to third-party processors, including Replicate, that help us run AI generation.
  • Lensart does not use customer images to train its own foundation models.
  • Third-party processors may handle data under their own terms, privacy policies, and retention practices.

Section 04

4. Sharing and International Transfers

We share personal data only with service providers that help us operate Lensart.

  • Supabase: authentication and database infrastructure
  • Cloudflare R2 or equivalent storage providers: secure file storage for uploaded and generated images
  • Replicate: AI processing for image generation
  • Stripe: payment processing
  • Resend: transactional email delivery

Some of these providers may process data outside Brazil. When international transfers occur, we take measures intended to support compliance with applicable data protection law, including contractual and operational safeguards where appropriate.

Section 05

5. Storage and Security

Your data is stored using providers selected to support security and service reliability.

  • We use encryption in transit (TLS/HTTPS) for communications with our services.
  • Access to personal data is limited to authorized personnel and systems that need it to operate the service.
  • We apply access controls and infrastructure protections designed to reduce unauthorized access, misuse, or disclosure.
  • No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Section 06

6. Cookies

We use strictly necessary cookies and similar session technologies for authentication, security, and core product functionality. We do not use third-party advertising cookies to track you across other websites.

Section 07

7. Your Rights (LGPD)

Under Brazil's General Data Protection Law, Law No. 13.709/2018 (LGPD), you have the right to:

  • Confirmation: know whether we process your personal data
  • Access: obtain a copy of your data
  • Correction: correct incomplete, inaccurate, or outdated data
  • Anonymization, blocking, or deletion: of unnecessary or excessive data
  • Portability: receive your data in a structured format
  • Deletion: request deletion of data processed with your consent
  • Withdrawal of consent: withdraw consent for data processing

To exercise your rights, contact us at: privacidade@lensart.ai

Section 08

8. Data Retention and Deletion

We keep personal data only for as long as needed for the purposes described in this policy, subject to legal and operational requirements.

  • Account profile data is generally retained while your account remains active and may be removed within up to 30 days after a verified deletion request.
  • Uploaded reference images and generated portraits are generally retained while needed to operate your account and may be removed within up to 7 days after account deletion or a validated deletion request, except where retention is required for legal, security, or dispute-resolution reasons.
  • Transaction logs, including purchases, may be kept for up to 5 years to comply with tax obligations.

Section 09

9. Minors

Lensart is intended for users aged 18 or older. We do not intentionally collect data from minors.

Section 10

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by email or in-app notice of significant changes. Continued use of the service after changes take effect constitutes acceptance of the revised policy.

Section 11

11. Contact and DPO

For privacy questions or to exercise your rights, contact us:

Email: privacidade@lensart.ai

Data Protection Officer (DPO): available via the email above

Last updated: March 2026