stratLens

Privacy Policy

Last updated: February 2, 2026

1. Introduction

Welcome to stratLens ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered strategic analysis platform.

This policy is designed to comply with the Singapore Personal Data Protection Act 2012 (PDPA) and other applicable data protection laws. By creating an account and using stratLens, you consent to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Profile picture (if using social login)
  • Authentication data managed by our authentication provider (Clerk)

2.2 User-Provided Data

When you use our services, we collect:

  • Companies you search for and analyze
  • Strategic analyses you generate
  • Edits and modifications you make to analyses
  • Export preferences and sharing settings

2.3 API Keys

If you choose to use your own API key (Bring Your Own Key feature):

  • Your API key is encrypted using AES-256-GCM encryption before storage
  • We never store, log, or transmit your API key in plain text
  • Your API key is only decrypted when making requests to the AI provider on your behalf
  • You can delete your API key at any time from your settings

2.4 Automatically Collected Information

We automatically collect certain information when you access our platform:

  • IP address
  • Browser type and version
  • Device information
  • Usage patterns and feature interactions
  • Timestamps of activities

3. How We Use Your Information

We use the collected information for the following purposes:

  • To provide and maintain our services
  • To process your analysis requests
  • To save and display your analysis history
  • To authenticate your identity and secure your account
  • To communicate with you about your account or our services
  • To improve our platform and develop new features
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We work with third-party service providers who assist us in operating our platform:

  • Clerk - Authentication and user management
  • Prisma/Database Provider - Data storage
  • AI Providers (OpenAI, Anthropic, Google) - Analysis generation (only when you initiate an analysis)
  • Vercel - Hosting and infrastructure

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government request.

4.3 Shared Analyses

If you choose to share an analysis via a public link, the analysis content will be accessible to anyone with the link. You can revoke access at any time by disabling sharing.

5. Data Security

We implement industry-standard security measures to protect your data:

  • All data is transmitted over HTTPS/TLS encryption
  • API keys are encrypted using AES-256-GCM before storage
  • Database access is restricted and monitored
  • Regular security audits and updates
  • Secure authentication through Clerk

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

5.1 Data Breach Notification

In the event of a data breach that is likely to result in significant harm to you, we will:

  • Notify the Personal Data Protection Commission (PDPC) of Singapore within 3 calendar days of assessing that the breach is notifiable
  • Notify affected individuals as soon as practicable, either directly or via public notice
  • Provide information about the nature of the breach and steps you can take to protect yourself
  • Take immediate steps to contain the breach and prevent further unauthorized access

6. Data Retention

We retain your data as follows:

  • Account data: Retained until you delete your account
  • Analyses: Retained until you delete them or your account
  • API keys: Retained until you remove them or delete your account
  • Usage logs: Retained for up to 90 days for security and debugging purposes

When you delete your account, all your data is permanently deleted from our systems. This action cannot be undone.

7. Your Rights Under PDPA

Under the Singapore PDPA, you have the following rights regarding your personal data:

  • Right of Access: Request access to your personal data that we hold. You can view most data through your account dashboard.
  • Right of Correction: Request correction of any inaccurate or incomplete personal data.
  • Right of Deletion: Delete individual analyses or your entire account through Settings.
  • Right to Data Portability: Export your analyses as PDF or PowerPoint files.
  • Right to Withdraw Consent: Withdraw your consent for data processing at any time (see below).

7.1 Withdrawing Consent

You may withdraw your consent for us to collect, use, or disclose your personal data at any time by:

  • Deleting your account through Settings > Danger Zone
  • Contacting us at minglenn@outlook.com

Consequences of withdrawal: If you withdraw consent, we will stop collecting and processing your data. However, this means we will no longer be able to provide you with our services, and your account will be deleted. Withdrawal does not affect the lawfulness of processing conducted before withdrawal.

To exercise any of these rights, access your account settings or contact us at minglenn@outlook.com. We will respond to your request within 30 days.

8. Cookies and Tracking

We use essential cookies for:

  • Authentication and session management
  • Security and fraud prevention
  • Remembering your preferences

We do not use third-party advertising or tracking cookies.

9. Children's Privacy

stratLens is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than Singapore, including the United States, where our service providers operate. These countries may have different data protection laws than Singapore.

In accordance with the PDPA, we ensure that any overseas recipient provides a standard of protection comparable to the PDPA through:

  • Contractual agreements with service providers requiring them to protect your data
  • Using service providers in jurisdictions with comparable data protection laws
  • Implementing technical safeguards such as encryption during transfer and at rest

Our primary service providers and their locations:

  • Clerk (USA) - Authentication
  • Vercel (USA) - Hosting
  • AI Providers (USA) - OpenAI, Anthropic, Google

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of stratLens after any changes constitutes acceptance of the new policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: minglenn@outlook.com