Los resúmenes, navegación y metadatos de políticas están localizados. El cuerpo legal completo usa como respaldo el texto canónico en inglés salvo cuando ya mantenemos una traducción específica de jurisdicción.
01Scope
This policy describes how LENS Corporation ("LENS", "we", "us") processes personal data. It applies to: (a) visitors to lenscorp.ai and its locale variants; (b) prospects and customers who contact us; (c) end-users of LENS-operated demos and free tools; and (d) data subjects whose data is processed by LENS products under contract with our customers, where LENS acts as a processor.
Where LENS is a processor — for example, when a city operates ICCC on its own infrastructure with LENS software — the controller is the customer and their privacy notice governs the substantive processing. This policy still describes the security, sub-processor and assistance commitments we extend.
02Who we are
The "controller" is the legal entity that decides why and how your personal data is processed. LENS Corporation is a brand name covering five operating entities; the controller in any given context is the entity that holds your relationship with us:
- India · primary entity
- LENSCORP AI Private Limited — 5152, 5th Floor, DLF Forum, DLF Cyber City, DLF Phase 3, Sector 24, Gurugram, Haryana 122002. Operations also in Noida.
- India · Delhi entity
- LENSCORP Private Limited — Delhi, India.
- India · XR research
- HyperFuse XR Private Limited — Pune, India.
- United States
- LENS, Inc. — 4288 Indian Glen Drive, Okemos, MI 48864.
- Saudi Arabia
- LENS AI LLC — Riyadh, Saudi Arabia.
- Data Protection Officer
- dpo@lenscorp.ai
For most public-website interactions, LENSCORP AI Private Limited acts as the controller. Where the relationship is with a regional entity (a US contract, a Saudi deployment), that entity is the controller and joint-controller responsibilities are addressed in the relevant agreement.
03Data we process
Identifiers & contact
Name, work email, work phone, company, role, country. Collected when you fill a contact form, subscribe to the field journal, or request a demo.
Usage & technical
IP address, approximate city / region / country (derived from IP), browser, OS, referrer, pages viewed, timestamps. Collected automatically when you visit our website. We do not use third-party advertising trackers.
Sensor & biometric data (in deployments only)
When LENS products are deployed by a customer, the system may process video, audio, IR, thermal, LIDAR or RADAR feeds — and biometric templates derived from them (face, gait, voice, iris, fingerprint). LENS is a processor for this data. We never aggregate or reuse customer-deployment data for our own purposes, and we never train shared models on customer data without a separate written agreement.
LENS does not operate a consumer biometric database. Biometric processing happens exclusively under contract with named customers (governments, enterprises) on infrastructure they control or LENS dedicated tenancy.
04Purposes & legal bases
| Purpose | Data | Legal basis (GDPR) |
|---|---|---|
| Respond to enquiries | Identifiers, contact | Art. 6(1)(b) — pre-contract |
| Send the Field journal | Email, name | Art. 6(1)(a) — consent |
| Operate & secure the website | IP, technical | Art. 6(1)(f) — legitimate interest |
| Comply with legal obligations | As required | Art. 6(1)(c) |
| Provide LENS products to a customer | Sensor / biometric | Processor under Art. 28 DPA |
06Retention
- Sales enquiries — 24 months from last contact, then deleted or anonymised.
- Newsletter subscribers — until unsubscribe; we re-confirm dormant subscriptions every 18 months.
- Web logs — 90 days.
- Customer-deployment data — per the customer's contract; LENS does not set retention for processor data.
07Security
LENS operates an ISO 27001-certified information security programme and is assessed against SOC 2 Type II annually. Controls include: encryption in transit (TLS 1.2+) and at rest (AES-256), least-privilege access, hardware MFA for production, quarterly access reviews, and an incident response runbook with a 72-hour breach notification commitment. Detailed controls live in the security disclosures.
08Your rights
Subject to applicable law, you may exercise the following rights over your personal data. We respond within 30 days (extendable to 60 for complex requests, with notice).
| Right | What it means |
|---|---|
| Access | Get a copy of the personal data we hold about you. |
| Rectification | Correct data that is inaccurate or incomplete. |
| Erasure | Delete your data, where processing is no longer necessary. |
| Restriction | Pause processing while a dispute is resolved. |
| Portability | Receive your data in a machine-readable format. |
| Objection | Object to processing based on legitimate interest. |
| Withdraw consent | Where processing relies on consent (e.g. newsletter). |
| Lodge a complaint | With your local supervisory authority. |
Region-specific notices: India / DPDPA · EU & UK / GDPR · US health / HIPAA · California / CCPA · Brazil / LGPD.
09International transfers
LENS operates from India through LENSCORP AI Private Limited (Gurugram), with regional entities in the US (LENS, Inc., Okemos, MI) and Saudi Arabia (LENS AI LLC, Riyadh). Where personal data crosses borders, we rely on:
- EU/UK → India — Standard Contractual Clauses (2021 EU SCCs + UK addendum) plus a transfer impact assessment.
- US health (PHI) — Business Associate Agreements per HIPAA; data residency in US-East regions.
- Brazil → outside — LGPD Art. 33 contracts, with prior data-subject information.
10Children
Our website and products are not directed to children under 16. We do not knowingly collect personal data from children. Where a customer deployment may incidentally process children's data (e.g. school-safety contexts), the customer is responsible for parental consent and we provide configuration to support it.
11Changes to this policy
Material changes are announced 30 days in advance via the field journal and a banner on this page. The version history is maintained at github.com/lens-corp/policies.
12Contact & DPO
For privacy questions, rights requests, or complaints:
- Data Protection Officer · dpo@lenscorp.ai
- EU / UK data subjects · An Article 27 representative is in the process of being appointed. Until then, contact the DPO directly.
- India · grievance · Mr. Aishvary Pratap Singh — grievance@lenscorp.ai · see DPDPA notice
- US health · HIPAA · LENS, Inc., Okemos, MI — hipaa@lenscorp.ai
- Postal · DPO, LENSCORP AI Private Limited, 5152, 5th Floor, DLF Forum, DLF Cyber City, DLF Phase 3, Sector 24, Gurugram, Haryana 122002, India
Need a region-specific notice?
We publish supplemental notices for India, EU/UK, US health, California and Brazil.
¿Necesita un aviso regional?
Publicamos avisos complementarios para India, UE/Reino Unido, salud en EE. UU., California y Brasil.