Privacy Policy

Last updated: 8 July 2026

KoreLens (“we”, “us”) is an AI-readiness auditing service operated from the United Kingdom. This policy explains what personal data we collect, why, and the choices you have. Questions or requests: the contact form or hello@korelens.com.

What we collect

How we use it

AI processing

Some features send publicly available content from audited websites (for example, a page’s visible text and structured data) to AI model providers (OpenAI, Anthropic) to summarise what an AI system can understand about the business. We do not send your account details or payment data to these providers, and we label AI-generated output as such. Audit results report what was actually checked — we do not fabricate AI answers or guarantee AI visibility outcomes.

Auditing websites you don’t own

Audits fetch publicly accessible pages, as a search engine would. If a page contains personal data (for example, a named business owner), it may appear in the audit result shown to the person who requested it. We process this under legitimate interest, we only reproduce what the page itself publishes, and site owners can contact us to have cached audit data removed.

Who we share data with

We use these processors to run the service: Supabase (database and authentication), Stripe (payments), Vercel (hosting), PostHog EU (analytics), Sentry (error monitoring), Resend (email delivery), Upstash (rate limiting), Cloudflare (Turnstile human verification), and OpenAI/Anthropic (AI processing as described above). Where you explicitly connect an integration (for example Google Search Console), we access only the scopes you grant, store tokens encrypted, and you can disconnect at any time. We do not sell personal data.

Cookies

We use essential cookies for sign-in sessions and security. Our analytics (PostHog) runs cookieless: it stores nothing on your device, and anonymous visitors are not tracked across visits. Payment pages use Stripe’s cookies for fraud prevention. Because we set no non-essential cookies, there is no cookie banner.

Retention

Account and workspace data is kept while your account is active and deleted on verified request. Free audit results may be cached briefly to serve repeat checks. Payment records are retained as required by tax law. Analytics is retained per PostHog’s standard retention.

Your rights

Under UK GDPR you can request access to, correction of, or deletion of your personal data, object to processing, and request portability. Email hello@korelens.com and we will respond within one month. You can also complain to the ICO (ico.org.uk).

Changes

We will post any material changes to this policy here and update the date above. If a change significantly affects how we use your data, we will email account holders first.