Legal
Privacy Policy
1. Who we are
Lenscore is operated by Outkast Printwears LLP, a limited liability partnership registered in India (LLPIN ACN-7933, GSTIN 33AAJFO5819N1ZS). We provide an AI-visibility audit service for brands at lenscore.app. References to “we”, “our”, or “us” mean Outkast Printwears LLP. References to “you” mean you, the user or customer.
This policy explains what personal data we collect, how we use it, and your rights under the Digital Personal Data Protection Act 2023 (DPDPA 2023) and other applicable Indian law.
2. What we collect
We collect only what is necessary to deliver the audit service:
| Data | When collected | Why |
|---|---|---|
| Brand website URL | When you start a scan | To run the AI-visibility probe against your brand |
| Founder / business email address | When you create an account or unlock a paid report | Authentication, report delivery, and transactional emails |
| Scan results and audit data | Automatically during each scan | To generate and display your AI-visibility report |
| Payment information (card, UPI, wallet details) | At checkout | To process payments — handled entirely by Razorpay or Dodo Payments; we never store raw card or UPI credentials |
| Usage and analytics data (pages visited, click events, session metadata) | Automatically on each page load | Product analytics to understand and improve the service |
| Cookies and similar identifiers | Automatically on each visit | Session management, authentication, and analytics |
We do not collect sensitive personal data as defined under DPDPA 2023 (financial credentials, health data, biometrics, etc.) beyond what payment processors handle on our behalf under their own compliant infrastructure.
3. How we use your data
We use your data for the following purposes:
- Service delivery: running AI-visibility scans, generating audit reports, and delivering them to you.
- Account management: authenticating you, maintaining your dashboard, and providing access to reports you have purchased.
- Payment processing: facilitating secure checkout via Razorpay (INR) or Dodo Payments (global) and sending payment receipts.
- Transactional communications: sending your scan results, payment confirmations, and service-related notices via email (Resend).
- Product improvement: analysing usage patterns through PostHog to improve the product experience. Analytics data is not sold or shared with advertisers.
- Legal and compliance obligations: retaining records as required by Indian tax law, RBI guidelines, and DPDPA 2023.
We do not sell your personal data to third parties. We do not use your data for advertising purposes or profiling unrelated to delivering the audit service.
4. Third-party processors
We share data only with the processors listed below, each engaged to deliver a specific function of the service. All processors are required to handle your data securely and only as instructed.
| Processor | Purpose | Data shared |
|---|---|---|
| Supabase | Database, authentication, and file storage | Email address, scan results, account data |
| Razorpay | Payment processing (India, INR) | Email address, order amount; card/UPI data processed directly by Razorpay |
| Dodo Payments | Payment processing (global, USD) | Email address, order amount; card data processed directly by Dodo Payments |
| Resend | Transactional email delivery | Email address, name (if provided), email content |
| PostHog | Product analytics | Pseudonymous usage events (page views, clicks, session metadata); no raw email addresses sent to PostHog |
These processors may transfer or store data outside India. Where applicable, we ensure appropriate safeguards are in place in accordance with DPDPA 2023 and any cross-border data transfer requirements notified by the Indian government.
5. Data retention
- Scan results and audit reports: retained for 90 days from the date of the scan. After 90 days, scan data is automatically deleted from our active systems. Purchased reports remain accessible in your dashboard for 90 days from the scan date.
- Payment records: retained for the period required by applicable Indian tax law (currently 8 years from the end of the relevant financial year) and RBI guidelines for payment-related records.
- Account data (email): retained while your account is active. Upon account deletion request, your email and associated data are removed from active systems within 30 days, except where retention is required by law.
- Analytics data: retained for up to 12 months in PostHog in pseudonymous form.
6. Your rights under DPDPA 2023
Under the Digital Personal Data Protection Act 2023, you have the following rights with respect to your personal data:
- Right of access: you may request a summary of the personal data we hold about you and how it has been processed.
- Right to correction: you may request correction of inaccurate or incomplete personal data.
- Right to erasure: you may request deletion of your personal data. We will action this within 30 days, subject to legal retention obligations.
- Right to grievance redressal: you may raise a complaint or grievance with us using the contact details in Section 9.
- Right to nominate: you may nominate another individual to exercise your rights in the event of your death or incapacity.
To exercise any of these rights, email us at privacy@lenscore.appwith the subject line “Data Rights Request”. We will respond within 30 days. We may ask you to verify your identity before processing a request.
7. Cookies
Lenscore uses cookies and similar browser storage mechanisms for the following purposes:
- Session cookies: to keep you logged in during a browsing session. These are deleted when you close your browser.
- Authentication cookies: to maintain your login state across sessions. These persist until you sign out or the token expires (typically 7 days).
- Analytics cookies: set by PostHog to track pseudonymous usage events. These help us understand how the product is used.
We do not use cookies for advertising or cross-site tracking. You can clear cookies at any time through your browser settings; doing so will sign you out and may affect certain features.
8. Security
We take reasonable technical and organisational measures to protect your personal data from unauthorised access, loss, or disclosure. These include encrypted connections (HTTPS/TLS), access controls, and using reputable infrastructure providers (Supabase) that maintain their own security certifications. No system is perfectly secure; if you believe your data has been compromised, please contact us immediately at privacy@lenscore.app.
9. Contact and grievance officer
For any privacy-related questions, data rights requests, or grievances, contact us at:
Outkast Printwears LLPLLPIN ACN-7933 · GSTIN 33AAJFO5819N1ZS
Governing jurisdiction: Karnataka, India
Privacy contact: privacy@lenscore.app
General enquiries: hello@lenscore.app
We aim to acknowledge all privacy requests within 72 hours and resolve them within 30 days.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify you by email or a notice on the platform. Your continued use of Lenscore after the effective date constitutes acceptance of the updated policy.