Skip to main content

Draft — pending attorney review. This document is provided for transparency only and is not yet legally in effect. Do not rely on it as a binding agreement.

Privacy Policy

Effective date: July 10, 2026 · Service: culturallens-app.vercel.app

CulturalLens (“we”, “our”, “us”) operates the cultural compliance analysis platform available at culturallens-app.vercel.app. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding it. Please read it carefully. By using CulturalLens you accept the practices described here.

1. Information We Collect

1.1 Account information

When you register, we collect your name, email address, company name, and a hashed password. If you accept a team invitation, we also collect your role within the company.

1.2 Uploaded content

To perform our service you upload creative assets — images (JPG, PNG, GIF, WebP, SVG), documents (PDF, DOCX, PPTX, PPT, XLS, XLSX), video (MP4, MOV, WEBM), and audio (MP3, WAV, AAC, M4A). We also store any brand or legal reference documents you add to your company library. All uploads are stored in private, encrypted storage and are never publicly accessible.

1.3 Usage and log data

We log which analyses you run, reports you view, features you use, and approximate session timestamps. Server logs include IP addresses, browser user-agent strings, and HTTP request metadata. These are used for security monitoring and service improvement, and are not linked to your identity for advertising purposes.

1.4 Payment information

Payment processing is handled entirely by Stripe. We store only a Stripe customer ID and subscription status — we never see or store raw card numbers, CVV codes, or full bank account details.

1.5 Communications

If you contact us by email or through our contact form, we retain a record of the correspondence to help resolve your issue and improve our support.

1.6 Analytics

We use PostHog for product analytics. PostHog is configured to anonymise IP addresses and not to set third-party advertising cookies. Aggregated usage patterns help us understand which features are most useful; they are never sold to advertisers.

2. How We Use Your Information

We use the information we collect to:

  • Provide cultural compliance analysis of your uploaded assets
  • Generate compliance reports and deliver them to your team and authorised clients via secure token links
  • Route uploaded content through AI analysis agents and cultural compliance specialists to produce a verified report
  • Process payments, manage your subscription, and issue credit transactions
  • Send transactional emails: account confirmation, report-ready notifications, billing receipts, and password-reset links
  • Send optional onboarding email sequences (you may opt out at any time)
  • Detect and prevent fraud, abuse, and security incidents
  • Improve the reliability and accuracy of our service using anonymised, aggregated performance metrics — never your uploaded content
  • Comply with applicable law

We do not sell your personal information to any third party.

3. Your Content

3.1 You own your content. You retain all intellectual property rights in any content you upload to CulturalLens. Our access to your content is strictly limited to performing the service you have requested.

3.2 Limited licence to process. By uploading content you grant CulturalLens a limited, non-exclusive, non-transferable licence to store, transmit, and process that content solely for the purpose of providing cultural compliance analysis. This licence ends when the content is deleted from our systems.

3.3 Your uploads are never used to train AI models. Content you upload to CulturalLens — including images, video, audio, documents, and any associated metadata — is never used to train, fine-tune, or otherwise improve any artificial intelligence or machine learning model, by CulturalLens or any of our subprocessors. This applies to all uploaded content without exception.

3.4 Content retention. Uploaded assets are retained for the duration of your subscription plus 30 days after cancellation or account deletion, after which they are permanently and irreversibly deleted from our systems and backups. Compliance reports are retained for 12 months after generation. You may request deletion of your data at any time by contacting privacy@culturallens.ai or by deleting your account from Settings.

3.5 Human review. As part of our service, cultural compliance specialists at CulturalLens access your uploaded content and AI-generated analysis to verify compliance reports before they are released to your team. Specialists are bound by confidentiality obligations.

4. Data Sharing and Subprocessors

We share data only as needed to provide the service. The following third-party processors handle personal data or uploaded content on our behalf. Each is bound by a data processing agreement requiring them to protect the data and use it only as instructed.

SubprocessorPurposeRegion
SupabaseDatabase and file storageUnited States / EU
AnthropicAI cultural analysis (Claude)United States
OpenAIAudio transcription and image generation (GPT Image 2)United States
VercelApplication hosting and edge deliveryUnited States
StripePayment processing and subscription managementUnited States
InngestBackground job processing (video/audio pipelines)United States
ACRCloudMusic and audio recognitionUnited States
PostHogProduct analytics (anonymised, no advertising)United States / EU
ResendTransactional email deliveryUnited States
RunwayMLAI video editing for approved fix suggestionsUnited States

We do not share your data with any other third parties except (a) where required by law or valid legal process, (b) to protect the rights, property, or safety of CulturalLens or others, or (c) in connection with a merger, acquisition, or sale of all or substantially all of our assets, in which case we will notify you before your data is transferred and becomes subject to a different privacy policy.

5. Data Security

We implement industry-standard security measures appropriate to the sensitivity of the data:

  • Encryption in transit — all data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
  • Encryption at rest — uploaded files are stored in private Supabase Storage buckets with server-side encryption.
  • Private storage — files are never publicly accessible. Access is granted only via short-lived signed URLs (expiring within 1 hour for analysis, 5 minutes for client delivery).
  • Row-level security — database access policies ensure that each company can read only its own data. No cross-tenant data access is possible.
  • Payment isolation — payment details are handled entirely by Stripe and never touch our servers.
  • Access controls — production database and storage access is restricted to authorised personnel on a need-to-know basis.

No method of transmission or electronic storage is 100% secure. In the event of a personal data breach, we will notify affected users and relevant supervisory authorities as required by applicable law.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your personal data. Deleting your account removes all associated personal data within 24 hours; uploaded assets are purged within 30 days as described in §3.4.
  • Data portability — receive your data in a structured, machine-readable format.
  • Objection / restriction — object to, or request restriction of, certain processing activities.
  • Withdraw consent — where we rely on consent (e.g., marketing emails), you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@culturallens.ai. We will respond within 30 days. If you are located in the EEA and believe we have not addressed your concern, you have the right to lodge a complaint with your local data protection supervisory authority.

7. Cookies

We use the following categories of cookies:

  • Strictly necessary — session cookies that keep you signed in (Supabase auth tokens). These are required for the service to function and cannot be disabled.
  • Analytics — PostHog sets a first-party cookie to count unique sessions and track feature usage. IP addresses are anonymised; no advertising profiles are built.

We do not set third-party advertising cookies. You can control or delete cookies through your browser settings; note that disabling session cookies will prevent you from signing in.

8. Data Retention

CategoryRetention period
Uploaded assets (images, video, audio, documents)Subscription duration + 30 days after cancellation, then permanently deleted
Compliance reports12 months after generation
Account and billing recordsAs required by applicable tax and accounting law (typically 7 years)
Server and access logs90 days
Support correspondence3 years after resolution

9. International Data Transfers

CulturalLens is operated from the United States. If you access the service from the European Economic Area (EEA), United Kingdom, or Switzerland, your personal data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) adopted by the European Commission and equivalent transfer mechanisms for such transfers.

10. Children's Privacy

CulturalLens is a business-to-business service not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected personal data from a child, please contact us immediately at privacy@culturallens.ai and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Effective date” at the top of this page and, where required by law, notify you by email or by a prominent in-app notice at least 14 days before the change takes effect. Continued use of CulturalLens after the effective date constitutes your acceptance of the revised policy.

12. Contact Us

For privacy questions, data subject access requests, or any concern about how we handle your data:

CulturalLens

Email: privacy@culturallens.ai

Website: culturallens-app.vercel.app