Privacy Policy | Lenzi AI by SpikeLens

Effective: April 2026 · Last updated: April 2026

Your privacy matters to us. This policy explains what data Spike Lens, Inc. ("we," "us," "our") — the operator of SpikeLens — collects, why we collect it, and how we use it. We keep this plain and specific — no vague language. For privacy inquiries, contact us at support@spikelensai.com.

Data Controller

Spike Lens, Inc.

Delaware corporation, United States
For a copy of our registered business address or to exercise any right described below, email support@spikelensai.com.

1. What We Collect

When you use SpikeLens, we collect:

Email address and name (provided at signup)
Your chat conversations with Lenzi
Chart interactions — symbols you view, indicators you apply, timeframes you use
Usage analytics — page views and session duration
Account preferences and settings

2. How We Use It

We use your data to:

Provide and operate the SpikeLens service
Improve AI responses and analysis quality
Communicate with you about the product — updates, issues, and feedback requests
Detect and prevent abuse, ensuring security for all users

AI system improvement — what this means in practice.

We may use anonymized conversation data to improve and tune our systems — including AI response quality, chart-analysis accuracy, and product performance. We do not use your data to build or release publicly shared AI models, and we do not sell your conversation data. Identifiers such as your name, email, and account ID are stripped before data is used for improvement work.

3. Legal Basis for Processing

We process your data based on the following legal grounds:

Contract performance — to provide the SpikeLens service you signed up for
Consent — for marketing emails (only if you opted in)
Legitimate interest — to improve the product, prevent abuse, and ensure security

You can withdraw consent for marketing emails at any time. Withdrawing consent does not affect the lawfulness of processing prior to withdrawal.

4. Third-Party Services

We share data with these services only as needed to operate SpikeLens:

Anthropic

Your conversations are sent to Anthropic's Claude API for AI processing. See Anthropic's privacy policy for how they handle this data.

Polygon.io

We use Polygon.io to fetch market data (prices, candles, volume). Market data requests are made on your behalf, but no personal data is shared with Polygon.

Supabase

Your account data, conversations, and preferences are stored on Supabase's cloud database infrastructure. Supabase also handles authentication.

Google

If you sign in with Google, we receive your email address and name from Google OAuth. We do not access any other Google account data. We also use Google Analytics to collect anonymous usage statistics (page views, session duration, traffic patterns). No personally identifiable information is sent to Google Analytics.

Resend

We use Resend to deliver transactional and marketing emails (welcome emails, blog notifications). Resend processes your email address to deliver messages on our behalf. See Resend's privacy policy for details.

Stripe

We use Stripe to process payments and manage subscriptions. When you subscribe, Stripe receives your payment information (card details, billing address). We never store your full card number — Stripe handles this securely. See Stripe's privacy policy for details.

We do not sell personal data to third parties. We only share data with the processors listed above, only to the extent needed to operate the service.

We may update our service providers from time to time as the product evolves. Material changes to our processor list will be reflected here and, where required, communicated via email.

5. International Data Transfers

Your data may be transferred to and processed in countries outside your own, including the United States. Our third-party providers (Anthropic, Supabase, Stripe, Resend, Google) operate infrastructure in the US and other regions. By using SpikeLens, you consent to these transfers. We ensure that any such transfers comply with applicable data protection laws and that appropriate safeguards are in place.

6. Data Storage

Your data is stored on Supabase cloud infrastructure. Conversations may be logged for quality improvement and debugging purposes. These logs are accessed only by authorized members of the SpikeLens team.

7. Cookies & Local Storage

We use browser localStorage to store your authentication token so you stay logged in between sessions. We do not load advertising cookies or use any ad-tracking services.

We use Google Analytics to collect anonymous usage statistics such as page views, session duration, and general traffic patterns. Google Analytics uses cookies to distinguish unique visitors. No personally identifiable information is sent to Google Analytics.

For more information on how Google processes this data, see Google's Privacy Policy.

8. Marketing Emails

We only send marketing or promotional emails if you explicitly opt in during signup. You can unsubscribe at any time by clicking the unsubscribe link in any email, or by emailing us at support@spikelensai.com.

9. Your Rights

You have the right to:

Access the personal data we hold about you
Correct inaccurate information in your account
Delete your account and all associated data
Request a copy of your personal data in a portable, machine-readable format (data portability)
Opt out of marketing emails at any time
Lodge a complaint with your local data protection supervisory authority (for EU/EEA residents)

To exercise any of these rights, email us at support@spikelensai.com. We respond to verified requests within 30 days.

California residents (CCPA / CPRA).

In addition to the rights above, if you are a California resident you have the right to know what personal information we collect, the right to delete it, the right to correct it, the right to opt out of any sale or sharing of it, and the right to not be discriminated against for exercising these rights. We do not sell personal information and we do not share it for cross-context behavioral advertising. To submit a CCPA request, email us at support@spikelensai.com.

10. Data Retention

Conversations and analysis data are retained for as long as your account is active. When you delete your account, all associated personal data is permanently deleted within 30 days (the short delay lets us complete any final processing, replication cleanup, and backup expiration). Diagnostic logs may be retained for up to 90 days, after which they are purged. Anonymized analytics that no longer identify you may be retained beyond these windows for aggregate product analysis.

11. Security

We take security seriously:

All data is encrypted in transit using HTTPS/TLS
Authentication is handled by Supabase with industry-standard security practices
Passwords are never stored in plain text — they are hashed before storage
Access to user data is restricted to authorized SpikeLens personnel only

12. Data Breach Notification

In the event of a data breach that affects your personal data, we will notify affected users by email within 72 hours of becoming aware of the breach. We will also notify relevant supervisory authorities where required by law. Our notification will include: what happened, what data was affected, what we're doing about it, and what steps you can take.

13. Children

SpikeLens is not intended for users under 18 years of age. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, please contact us and we will remove it promptly.

14. Changes

We may update this policy as the product evolves. For material changes — anything that meaningfully affects your rights or how your data is used — we'll notify you via email. Continued use of SpikeLens AI after changes are posted constitutes your acceptance.

15. Contact

Questions about your privacy? We're happy to talk. Email us at support@spikelensai.com.