← Back to home

Privacy Policy

Last updated: June 2026  ·  CompromiseLens Ltd

1. Who we are

CompromiseLens ("we", "us", "our") provides endpoint security assessment software and services. Our registered address and contact details are available at privacy@compromiselens.com.

2. What data we collect

When you use CompromiseLens, we collect:

• Account data — email address, organisation name, and password (hashed)
• Scan findings — metadata about suspicious artefacts detected on endpoints (file paths, registry keys, process names, network connections). We do not collect file contents or personal user data from endpoints.
• Device information — hostname, IP address, OS version, and agent version of enrolled endpoints
• Usage data — pages visited, features used, and actions taken within the dashboard
• Payment data — handled by Stripe. We do not store card numbers.

3. How we use your data

• To provide and improve the CompromiseLens service
• To send security alerts and notifications you have requested
• To process payments and manage your subscription
• To respond to support requests
• To comply with legal obligations

4. Data retention

Scan findings are retained for the duration of your active subscription plus 30 days after cancellation. Account data is retained for 7 years for legal and accounting purposes. You may request deletion of your data at any time by contacting privacy@compromiselens.com.

5. Data sharing

We do not sell your data. We share data only with:

• Stripe — payment processing
• Anthropic — AI analysis features (zero data retention policy applies)
• Resend — transactional email delivery
• Law enforcement when legally required

6. AI features and zero data retention

When you use AI-powered features (Technical Guidance, CL Triage, Executive Report narratives), your data is sent to Anthropic's API under a zero data retention agreement — meaning Anthropic does not store or train on your data.

7. Security

We use industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, multi-factor authentication, and regular security audits. All data is stored in isolated tenant databases.

8. Your rights (GDPR)

If you are in the EU/EEA, you have the right to access, correct, delete, and export your personal data. Contact privacy@compromiselens.com to exercise these rights.

9. Cookies

We use only essential session cookies required for authentication. We do not use advertising or tracking cookies.

10. Contact

For privacy questions: privacy@compromiselens.com