VoidLens Privacy Policy · v0.2 · last updated 2026-06-22 · draft

Privacy Policy

Draft — pending counsel review. This draft reflects the privacy posture of the customer-hosted, BYOK architecture and is GDPR/CCPA-aligned in structure. It is published for transparency and is under outside-counsel review before any paid customer signs; it is not yet a final legal instrument.

The short version: VoidLens is customer-hosted and bring-your-own-keys by design, so there is very little of your data for us to hold. Your operational data, the actions your AI agents take, and your audit log all live on your infrastructure — they never reach us. The only personal data we hold is what you give us to open an account and pay. We don't sell it, we don't share it for advertising, and we never use it to train AI models.

1. Who we are (data controller)

VoidLens is operated by VoidLens, Inc., a Delaware corporation, Bloomington, Illinois, USA. For personal data we hold about account holders and site visitors, we act as the data controller. For any personal data inside your own systems that your VoidLens deployment touches, you are the controller and we are not a processor of it, because it never reaches us. To reach us about privacy, contact us.

2. What we collect

3. What we do NOT collect

Your operational data (inboxes, CRM, code, documents), the inputs and outputs of your AI agents, and your audit log — none of it leaves your systems. Because the model is BYOK, your prompts and completions go directly between your infrastructure and your chosen model provider under your contract with them. VoidLens is not in that path and does not receive that data.

4. Legal basis for processing (GDPR)

Where the GDPR applies, we process the limited personal data above on these bases: performance of a contract (to provide and bill the Service and send account/transactional messages); legitimate interests (to secure our systems, prevent abuse, and understand aggregate site usage, balanced against your rights); consent (for optional product updates and any non-essential analytics, which you can withdraw at any time); and legal obligation (tax and accounting records).

5. How we use what we collect

To provide and bill the Service, to send you transactional and account messages, to provide support, and to send product updates you can opt out of. We do not use your data for automated decisions that produce legal or similarly significant effects about you.

6. We do not train AI on your data

We do not use your registration data, billing data, support correspondence, or any Customer Data to train, fine-tune, or improve AI models — ours or anyone's. Because the product is BYOK, your prompts and outputs never reach us in the first place; whether your model provider may use them is governed by your agreement with that provider, which you control.

7. Sub-processors we use

We rely on a short list of vendors to run the business, each bound by its own data-processing terms:

We do not share your data with advertisers or data brokers. If we add or change a material sub-processor, we will update this list; account holders can ask to be notified of changes.

8. International data transfers

We operate from the United States. If you are in the EEA, the UK, or another region with transfer rules, the limited personal data we hold may be processed in the US. Where required, transfers rely on appropriate safeguards such as the EU Standard Contractual Clauses (and the UK Addendum), and we keep the data minimal by design.

9. Retention

We keep registration and billing records for as long as your account is active and as required for tax and legal obligations after closure. You can request deletion of your registration data at any time, subject to those obligations. This policy is reviewed at least every 12 months.

10. Your rights (GDPR and similar laws)

Depending on where you live, you may have the right to access, correct, delete, restrict, or port your personal data, to object to processing based on legitimate interests, and to withdraw consent. To exercise any of these, contact us; we will verify your request and respond within the time your jurisdiction requires. You may also lodge a complaint with your local supervisory authority.

11. California privacy rights (CCPA / CPRA)

If you are a California resident: you have the right to know what personal information we collect and how we use it, to access and delete it, to correct it, and to limit the use of sensitive information. We do not "sell" or "share" your personal information as those terms are defined under the CCPA/CPRA, and we have not done so in the preceding 12 months. We will not discriminate against you for exercising these rights. To make a request, contact us.

12. Security

Registration and billing data are encrypted in transit and at rest, access is least-privilege, and the same audit-first discipline that governs the product governs our own systems. No system is perfectly secure, but the architecture is deliberately small — there is little to breach because there is little we hold.

13. Data-breach notification

If a breach affecting your personal data occurs, we will notify affected account holders and any required authorities without undue delay and consistent with applicable law (for GDPR, generally within 72 hours of becoming aware), describing what happened and the steps we are taking.

14. Children

VoidLens is a business product not directed to children. We do not knowingly collect personal data from anyone under 18; if you believe a minor has provided us data, contact us and we will delete it.

15. Cookies

The marketing site uses essential cookies for basic function and a privacy-respecting analytics cookie. No advertising or cross-site tracking cookies are set.

16. Data Processing Addendum (DPA)

For customers who require one for their own compliance program, a Data Processing Addendum is available on request, reflecting the customer-hosted, data-minimal architecture described here.

17. Changes

When this policy changes materially, we will update the date above and, for account holders, notify you by email and a cockpit banner.

18. Contact

Privacy questions or requests: contact us (a dedicated privacy address will be published with the counsel-reviewed final). VoidLens · Bloomington, Illinois, USA · voidlens.io.

← Back to VoidLens · Terms · AI disclosure