Iteros Lens

Privacy Policy

Last updated: 13 June 2026 · Applies to users in the UK and European Union

Your footage and study data never leave your device. All video analysis is processed entirely in your browser. This policy covers only the account and usage information that does pass through our systems.

1. Who we are

Iteros Lens is operated by [YOUR COMPANY NAME], registered at [YOUR REGISTERED ADDRESS] ([COMPANY NUMBER IF LIMITED CO.]). We are the data controller for the personal data described in this policy.

2. What personal data we collect

Account data (via Clerk)

When you create an account we collect:

Your email address
Your display name (if provided)
Which sign-in method you used (email/code, Google, Microsoft, etc.)
Your account tier (Free, Pro, or Studio) and subscription status
Authentication session tokens and device identifiers managed by Clerk

Usage and technical data (via Vercel hosting)

Our hosting infrastructure automatically records standard server logs, which may include:

Your IP address
Browser type and operating system
Pages or API endpoints requested, and the time of each request
HTTP status codes and response sizes

Feedback data (optional, if you choose to submit it)

If you use the in-app feedback form we collect:

Your feedback message and category
Your email address (only if you choose to provide it)
Your browser's user-agent string

Payment data (when billing is active)

Subscription payments are processed by Stripe. We receive confirmation of your subscription status and billing cycle, but we never store your card number, bank account, or full payment details — these are held solely by Stripe under their own privacy policy.

What we do NOT collect

Video footage — your videos are opened and processed entirely within your browser and are never uploaded to our servers.
Study and analysis data — element timings, ratings, cycle counts, and all derived data remain on your device and in any files you choose to export.

3. Our legal basis for processing

Purpose	Data involved	Legal basis (UK/EU GDPR)
Creating and managing your account; providing the service	Account data, tier metadata	Performance of a contract (Art. 6(1)(b))
Processing subscription payments and preventing fraud	Subscription status, Stripe data	Performance of a contract (Art. 6(1)(b))
Keeping the service secure and diagnosing problems	Server logs, IP address, browser data	Legitimate interests (Art. 6(1)(f)) — ensuring service availability and security
Responding to feedback you submit	Feedback message and optional email	Consent (Art. 6(1)(a)) — you initiate and control what you share
Complying with legal obligations	Any data required by law	Legal obligation (Art. 6(1)(c))

4. Who we share your data with

We use the following sub-processors who handle personal data on our behalf:

Processor	Role	Location	Privacy policy
Clerk, Inc.	Authentication, identity, session management	USA	clerk.com/privacy
Vercel, Inc.	Website hosting and content delivery	USA (global CDN)	vercel.com/legal/privacy-policy
Stripe, Inc.	Subscription billing and payment processing	USA	stripe.com/gb/privacy

We do not sell your personal data to third parties, and we do not share it for advertising purposes.

We may disclose data if required by law, court order, or to protect the rights, safety, or property of our users or the public.

5. International transfers

Clerk, Vercel, and Stripe are based in the United States. Transfers of personal data from the UK to the US are made under the UK International Data Transfer Agreement (IDTA) or the UK addendum to the EU Standard Contractual Clauses, as applicable. Transfers from the EU are made under the European Commission's Standard Contractual Clauses (SCCs). Each processor maintains appropriate safeguards under their own certification or contractual commitments.

6. How long we keep your data

Data type	Retention period
Account and tier data	While your account is active, plus 30 days after you delete your account to allow recovery
Server logs	Up to 90 days, then automatically deleted
Feedback submissions	Up to 2 years, or until you request deletion
Billing records	7 years (required for UK/EU tax and accounting obligations)

7. Your rights

Under UK GDPR and EU GDPR you have the right to:

Access — request a copy of the personal data we hold about you
Rectification — ask us to correct inaccurate data
Erasure — ask us to delete your data (the "right to be forgotten"), subject to legal retention requirements
Restriction — ask us to limit how we use your data while a dispute is resolved
Portability — receive your data in a structured, machine-readable format
Objection — object to processing based on legitimate interests
Withdraw consent — where processing is based on consent (e.g. feedback), you can withdraw at any time without affecting the lawfulness of prior processing

To exercise any of these rights, email [YOUR PRIVACY EMAIL]. We will respond within one month. If you are unsatisfied with our response:

UK users — you may complain to the Information Commissioner's Office (ICO) at ico.org.uk
EU users — you may complain to the supervisory authority in your EU member state

8. Cookies and local storage

We use strictly necessary cookies and browser local storage to keep you signed in and maintain your session. These are set and managed by Clerk and are essential for the service to function — they do not require your consent under the UK Privacy and Electronic Communications Regulations (PECR) or the EU ePrivacy Directive.

We do not use advertising cookies, tracking pixels, or third-party analytics that place cookies on your device.

9. Children's privacy

Iteros Lens is designed for professional and business use. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by updating the "Last updated" date above and, where appropriate, by sending a notice to the email address associated with your account. Your continued use of the service after the effective date of any change constitutes acceptance of the updated policy.

11. Contact

For any questions about this policy or about how we handle your personal data, please contact us at:

[YOUR COMPANY NAME]
[YOUR REGISTERED ADDRESS]
[YOUR PRIVACY EMAIL]