Privacy Policy

Last updated: 22 September 2025

We keep this simple. This page explains what we collect, why, and how you control it.

Who we are

TechLens (www.techlens.app)

Data controller: Jean-Romain Krupa

Address: 9 impasse des Hibiscus, 38460 Chamagnieu, France

Email: jeanro@techlens.app

What TechLens does

We detect the technologies companies use by looking at public websites and related signals (subdomains, headers, CT logs). You can use this via our API, web app, and (soon) a Chrome extension.

The data we collect

1) When you browse our site

  • Technical data: IP (we hash IPs on the free playground to prevent abuse), user-agent, pages viewed, timestamps.
  • Cookies & storage: session/authentication cookies, and cookies from our analytics/feedback tools (see "Tools we use").
  • Analytics: Google Analytics (GA4) in privacy-aware mode; high-level usage only.
  • Feedback & UX: Hotjar (with consent) for heatmaps and optional session recordings.

Why: security, reliability, product decisions, and to improve the UX.

Legal basis: legitimate interest (Art. 6(1)(f)) and necessary for service (session cookies). For Hotjar and non-essential GA cookies, we rely on consent.

2) When you create an account or buy

  • Account: email, password (hashed), name (optional), workspace/company (optional).
  • Billing: handled by Stripe. We don't store full card details. We keep invoice metadata (country, VAT/billing info) when required for tax.

Why: create and secure your account, process payments, issue invoices, and send essential service emails.

Legal basis: contract (Art. 6(1)(b)) and legal obligation for tax (Art. 6(1)(c)).

3) When you use the API / playground / extension

  • Request logs: timestamp, (hashed) IP on the free playground, API key, endpoint, input domains, status, latency, usage counts.
  • Error reports: minimal payload snippets to debug failures (we try to redact).
  • Extension telemetry (if enabled): version, errors, rate-limit events. We don't store page content beyond what's needed to detect stack signals.

Why: operate the service, prevent abuse, improve detection quality, and support you.

Legal basis: contract and legitimate interest.

4) Emails

  • Transactional: login links, receipts, usage alerts (via Postmark).
  • Product updates (optional): only if you opt-in; unsubscribe anytime.

Legal basis: contract (transactional) and consent (marketing).

What we don't do

  • No ad networks or sale of personal data.
  • No cross-site tracking.
  • No unnecessary data collection.

Tools we use (processors)

We use a few trusted providers to run TechLens. They process data only to provide their service to us.

  • Hosting: Heroku (EU region). Heroku is owned by a US company; limited transfers can occur. We use Standard Contractual Clauses (SCCs) where needed.
  • Database & encryption: application data is encrypted at rest and sent over HTTPS in transit.
  • Payments: Stripe (billing, invoices, taxes).
  • Email (transactional): Postmark.
  • Analytics: Google Analytics (GA4), configured to minimise data and respect consent.
  • Product feedback/UX: Hotjar (enabled only with consent).
  • API docs hosting: bump.sh. We link our OpenAPI docs there; they may collect standard web logs. Check their policy for details.

On request, we can share current sub-processors and DPAs.

Where data is stored / transferred

  • We aim to host in the EU (Heroku EU region).
  • Some providers are outside the EEA. When data leaves the EEA, we use appropriate safeguards such as SCCs and apply data minimisation.

How long we keep data

  • Account & billing: for your account's lifetime, then up to 7 years if required for tax/audit.
  • API & access logs: typically 90 days for ops/security; we may keep aggregated, anonymised stats longer.
  • Support tickets: up to 24 months for follow-ups.

We delete earlier when feasible and keep longer only if the law requires it or for an active dispute.

Your rights (GDPR)

You can access, correct, delete, export (portability), object or restrict certain processing, and withdraw consent (for marketing).

To exercise your rights, email jeanro@techlens.app.

You can also complain to a data protection authority (in France: CNIL).

Security

  • HTTPS everywhere; passwords hashed; least-privilege keys; audit logs; regular updates.
  • Database encryption at rest.
  • IPs on the free playground are hashed to limit abuse tracking without keeping raw IPs.

No system is perfect, but we work to prevent, detect, and respond to incidents.

Cookies (plain words)

  • Required: auth/session (to keep you logged in), CSRF/security.
  • Optional (with consent): GA4 analytics, Hotjar UX insights.

You can control cookies in your browser and via our consent banner. Blocking required cookies may break sign-in.

Using TechLens on other people's data

If you upload or query data/domains on behalf of your company, you're responsible for having a lawful basis to process any personal data involved. Don't use TechLens to target individuals in ways that violate privacy laws or website terms.

Children

TechLens is for businesses and adults. We don't knowingly collect data from children under 16.

Changes

If we make material changes, we'll update the date at the top and, when appropriate, notify you by email or in-app.

Contact

Questions or requests? jeanro@techlens.app