RetentionLens

Encryption · GDPR · Least-Privilege Access

Security & Data Protection

Your customer and billing data is encrypted in transit and at rest, isolated per organization with row-level security, and reachable only under least-privilege access. Payments run on Stripe — we never see or store card details.

Security at the Core

Built so that your data stays yours — protected at every layer.

Data Encryption

AES-256 at rest and TLS in transit for all data.

Data Isolation

Row-level security keeps every organization's data separate.

GDPR Aligned

Built around European data-protection principles.

Least-Privilege Access

Role-based controls with complete audit logging.

How We Handle Your Data

Practical, honest specifics — not certifications we haven't earned.

Infrastructure

RetentionLens runs on managed cloud infrastructure (Vercel and Supabase) with encryption, automated backups, and isolated environments.

• Encrypted, automatically backed-up database
• Row-level security per organization
• Audit logging of administrative actions

Payments

Billing and card processing are handled entirely by Stripe. RetentionLens never sees or stores your customers' card details.

• PCI handled by Stripe
• Read-only access to connected Stripe data
• Tokens stored encrypted, never in plain text

GDPR & Your Rights

Built around the GDPR principles of data minimization, access, rectification, erasure, and portability.

• Data minimization
• Right to erasure
• Data export & portability

How We Protect Your Data

Concrete controls at every layer — and we keep testing them.

Infrastructure Security

We build on enterprise-grade cloud platforms (Vercel and Supabase) so encryption, backups, and environment isolation are handled by hardened, audited providers.

• Encrypted, automatically backed-up data
• Isolated production environment
• Periodic penetration testing
• Ongoing security reviews

Authenticated Access

Every request is authenticated and authorized before it can reach any data, with role-based, least-privilege controls.

Row-Level Data Isolation

Database row-level security ensures one organization can never read another's data, enforced at the data layer itself.

Data Protection

Your data is encrypted at rest and in transit, with strict access controls and audit logging for administrative access.

• AES-256 encryption at rest
• TLS encryption in transit
• Role-based access controls
• Audit trails for admin actions

Our Privacy Commitment

We believe privacy is a fundamental right. We never sell your data, and we're transparent about how we collect, use, and protect your information.

Data Minimization

We only collect data necessary to provide our services.

Transparent Practices

Clear privacy policies with no hidden data collection.

Your Control

Full control over your data with easy export and deletion.