Privacy policy

Last updated: May 21, 2026. Plain language. No legalese.

The short version

Your profile lives on your device. Nothing about you leaves it unless you turn on cross-device sync.
Page content we send to the AI is the visible article only. No URL, no cookies, no form values, no referrers.
We don't log or keep page content. Each request is processed and discarded.
We don't sell or share anything. No ads. Ever. Architectural choice, not a current pricing tactic.
No analytics tied to your profile. Aggregate usage only, never associated with your accessibility attributes.

What Lens stores on your device

Your accessibility profile, your Anthropic API key (in the prototype build), your sensitive-domain list, your day-by-day usage count, and your subscription plan. All in chrome.storage.local. None of this is sent to Lens servers unless you opt into encrypted cross-device sync (Phase 2+).

What Lens sends to our backend

When you click "Adapt this page," your browser sends to api.lens.app:

The article text extracted from the current page (Readability output).
Your profile JSON (reading level, font, contrast, tags, your free-text description).
An anonymous device ID generated on first install. Cannot be tied back to your identity.
The extension version.

It does not send: the URL you're on, query parameters, cookies, form values, search history, referrer headers, your IP (beyond what your browser must send to make any web request), or any identifier tied to a real-world person.

What our backend does with that

It forwards the article text and profile-derived prompt to Anthropic's Claude API to generate the adapted version, streams the response back to your browser, and counts the request for free-tier rate limiting. We don't write the article body to any database, log file, or storage. The only record we keep is a daily counter per device ID for the rate limit.

What Anthropic sees

Anthropic receives the article text and the system prompt derived from your profile. Anthropic's data policies apply to that processing. As of this writing, Anthropic does not train models on data submitted through their API. Read Anthropic's policy: anthropic.com/privacy.

Payments (Pro tier)

If you upgrade to Pro, Stripe handles your card and billing. We receive only your anonymous device ID, a Stripe customer ID, and subscription status — no card details. We do not link your subscription to any profile data.

Cross-device sync (opt-in, Phase 2)

If you opt in, your profile is end-to-end encrypted on your device using a key only you hold, then stored in our backend as opaque bytes. We cannot read it. Your other devices decrypt it locally.

Your rights

You can delete all Lens data at any time by removing the extension (which wipes chrome.storage.local) and emailing ilanlentsner@gmail.com to revoke server-side data (your device's rate-limit counters and any sync blob). We will process the request within 7 days.

Children

Lens is not directed at children under 13. We do not knowingly collect data from anyone under 13.

Special-category data (GDPR Art. 9)

Your accessibility profile may reveal information about disability or health, which is special-category personal data under GDPR. The lawful basis for processing it is your explicit consent, which you give by completing onboarding and clicking "Adapt this page." You may withdraw consent at any time by uninstalling Lens or deleting your profile in Options.

Independent audit

An independent third-party privacy audit will be commissioned before our Phase 2 launch (~Month 4) and annually thereafter. Results will be published in full at /audits.

Changes to this policy

Material changes will be announced in the extension itself before they take effect. The current version date is at the top of this page.

Contact

Privacy questions: ilanlentsner@gmail.com. Security disclosures: ilanlentsner@gmail.com (PGP key on request).