The short version: Lens processes your log metadata (counts, byte sizes, pipeline decisions) on our servers to power the dashboard. The raw content of your log events is processed inside the Lens agent running on your own infrastructure — it never leaves your environment unless you configure a destination to forward it. We do not sell your data.
Table of Contents
1. Who We Are
Infranexis, Inc. ("Infranexis," "we," "us," or "our") operates Lens, a log routing and cost optimization platform. We are the data controller for personal data collected when you use the Lens dashboard and associated services. For data your agents route to third-party destinations, you are the data controller and we act as a data processor.
Contact: privacy@infranexis.com
2. What Data We Collect
Account and Organization Data
When you sign up, we collect:
- Email address and hashed password
- Company or organization name
- Billing name and address (collected and stored by Stripe)
- Payment method details (tokenized by Stripe — we never see raw card numbers)
Agent and Pipeline Configuration
To provide the service, we store:
- Pipeline names, rule definitions, and output configurations you create
- Agent names, keys, IP addresses, hostname, and OS version (sent by the agent on registration)
- Destination connection parameters (endpoint URLs, API keys stored encrypted at rest)
Telemetry Metrics
The Lens agent sends aggregate metrics to our API every 60 seconds:
- Log counts routed, archived, and dropped per pipeline
- Byte volumes processed
- Agent version, WAL depth, and status
- Estimated cost savings (computed from volume × plan pricing)
Raw log content is never sent to our servers. The agent applies your pipeline rules locally and reports only counts.
Usage and Technical Data
We automatically collect:
- Dashboard activity logs (actions taken, pages visited) for audit and security purposes
- Browser type, IP address, and timezone (from dashboard sessions)
- Error logs and crash reports for debugging
3. How We Use Your Data
| Purpose | Data used | Legal basis |
|---|---|---|
| Providing and operating the Service | Account data, agent metrics, configuration | Contract performance |
| Authentication and security | Email, IP address, audit logs | Legitimate interests |
| Billing and payment processing | Email, billing info (via Stripe) | Contract performance |
| Sending transactional emails | Email address | Contract performance |
| Sending product updates and announcements | Email address | Legitimate interests (opt-out available) |
| Improving the Service | Aggregate usage patterns | Legitimate interests |
| Legal compliance | As required by law | Legal obligation |
We do not sell your data to third parties. We do not use your data for advertising purposes.
4. Data Sharing and Disclosure
We share data only in the following circumstances:
- Service providers. We use sub-processors to operate the Service (cloud hosting, email delivery, payment processing). All sub-processors are under data processing agreements that restrict their use of your data.
- Your configured destinations. When the agent routes log events to a third-party destination (e.g., Datadog, Splunk), those events are transmitted to that service per your configuration. Their privacy policies govern that data.
- Legal requirements. We may disclose data if required by law, court order, or to protect the safety of our users or the public.
- Business transfers. In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.
Key Sub-processors
| Provider | Purpose | Location |
|---|---|---|
| Amazon Web Services | Cloud infrastructure (servers, database) | United States |
| Stripe | Payment processing | United States |
| SMTP provider | Transactional email delivery | United States |
5. Data Retention
- Account data: Retained for the duration of your subscription, plus 30 days after termination (to allow account recovery), then deleted or anonymized.
- Aggregate metrics: 90 days for paid plans; 30 days for the free plan.
- Audit logs: 90 days for paid plans.
- Billing records: 7 years (required for tax and accounting compliance).
You may request earlier deletion of your data by contacting privacy@infranexis.com. Billing records are subject to mandatory legal retention periods and cannot be deleted early.
6. Security
We use industry-standard measures to protect your data:
- All data in transit is encrypted using TLS 1.2 or higher
- Database and stored credentials are encrypted at rest
- Passwords are stored as bcrypt hashes (never in plaintext)
- API keys and destination credentials are stored encrypted
- Access to production systems is restricted to authorized personnel with multi-factor authentication
- We conduct periodic security reviews
If you discover a security vulnerability, please report it responsibly to security@infranexis.com. Please do not disclose it publicly until we have had a reasonable opportunity to address it.
7. Cookies and Tracking
The Lens dashboard uses:
- localStorage — to store your authentication token and user preferences (e.g., dark mode). This data stays on your device and is not sent to third parties.
- Session cookies — for authentication state. These are secure, HTTP-only, and expire when you close your browser.
We do not use third-party tracking cookies, advertising pixels, or analytics scripts on the dashboard. The public landing page may use first-party analytics to understand page performance; no personal information is shared with third-party analytics providers.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access. Request a copy of the personal data we hold about you.
- Correction. Request correction of inaccurate data.
- Deletion. Request deletion of your data (subject to legal retention requirements).
- Portability. Receive your data in a machine-readable format.
- Restriction. Request that we restrict processing of your data in certain circumstances.
- Objection. Object to processing based on legitimate interests.
- Opt-out of marketing. Unsubscribe from non-transactional emails at any time using the link in the email or by contacting us.
To exercise any of these rights, contact us at privacy@infranexis.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.
CCPA (California): California residents may have additional rights under the California Consumer Privacy Act. We do not sell personal information. To submit a California rights request, use the contact above.
GDPR (EEA/UK): If you are located in the European Economic Area or United Kingdom, you may lodge a complaint with your local supervisory authority if you believe we have not handled your data in accordance with applicable law.
9. International Transfers
We are based in the United States. By using the Service, you acknowledge that your data may be transferred to and processed in the United States and other countries where our infrastructure and sub-processors operate. We ensure such transfers comply with applicable data protection laws, including through Standard Contractual Clauses where required.
10. Children's Privacy
The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and post the updated policy with a new effective date. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
12. Contact Us
For any privacy-related questions, requests, or concerns:
- Email: privacy@infranexis.com
- Security issues: security@infranexis.com
Infranexis, Inc.
Delaware, United States