Privacy Policy
Last updated: 8 July 2026
KoreLens (“we”, “us”) is an AI-readiness auditing service operated from the United Kingdom. This policy explains what personal data we collect, why, and the choices you have. Questions or requests: the contact form or hello@korelens.com.
What we collect
- Account data. Your email address, and your name and avatar if you sign in with Google. We use Google sign-in for identity only; we do not request access to your Google data at sign-up.
- Audit data. The website URLs you submit and the publicly available content of those pages (HTML, structured data, robots rules). Audits read what any visitor or search crawler could read; they do not access private systems.
- Business records you save. Business facts, product data, client details, and imports you or your agency add to your workspace.
- Contact messages. If you use the contact form we store your message, your email address, and your name if you give it, so we can reply and keep track of bug reports and feature requests. We use your email only to respond.
- Payment data. Payments are processed by Stripe. We never see or store your full card details; we store your subscription status and Stripe customer reference.
- Usage analytics. Pages visited, features used, and audit events, via PostHog (hosted in the EU). We use this to understand which parts of the product work and which don’t.
- Technical logs. Errors and diagnostics via Sentry, and standard server logs via our hosting provider.
How we use it
- To run audits, generate fixes and reports, and operate your account (contract).
- To secure the service, prevent abuse, and enforce rate limits (legitimate interest).
- To improve the product using aggregated usage data (legitimate interest).
- To email you service messages about your account, audits, and reports. You can opt out of non-essential email at any time via the link in each message.
AI processing
Some features send publicly available content from audited websites (for example, a page’s visible text and structured data) to AI model providers (OpenAI, Anthropic) to summarise what an AI system can understand about the business. We do not send your account details or payment data to these providers, and we label AI-generated output as such. Audit results report what was actually checked — we do not fabricate AI answers or guarantee AI visibility outcomes.
Auditing websites you don’t own
Audits fetch publicly accessible pages, as a search engine would. If a page contains personal data (for example, a named business owner), it may appear in the audit result shown to the person who requested it. We process this under legitimate interest, we only reproduce what the page itself publishes, and site owners can contact us to have cached audit data removed.
Who we share data with
We use these processors to run the service: Supabase (database and authentication), Stripe (payments), Vercel (hosting), PostHog EU (analytics), Sentry (error monitoring), Resend (email delivery), Upstash (rate limiting), Cloudflare (Turnstile human verification), and OpenAI/Anthropic (AI processing as described above). Where you explicitly connect an integration (for example Google Search Console), we access only the scopes you grant, store tokens encrypted, and you can disconnect at any time. We do not sell personal data.
Cookies
We use essential cookies for sign-in sessions and security. Our analytics (PostHog) runs cookieless: it stores nothing on your device, and anonymous visitors are not tracked across visits. Payment pages use Stripe’s cookies for fraud prevention. Because we set no non-essential cookies, there is no cookie banner.
Retention
Account and workspace data is kept while your account is active and deleted on verified request. Free audit results may be cached briefly to serve repeat checks. Payment records are retained as required by tax law. Analytics is retained per PostHog’s standard retention.
Your rights
Under UK GDPR you can request access to, correction of, or deletion of your personal data, object to processing, and request portability. Email hello@korelens.com and we will respond within one month. You can also complain to the ICO (ico.org.uk).
Changes
We will post any material changes to this policy here and update the date above. If a change significantly affects how we use your data, we will email account holders first.