Privacy Policy

This page lays out what data I keep, what I use it for, and how to delete every trace if you want. No legalese, no "competent authorities", just what I do and what I don't.

1 · What We Collect

• Account data: Your email (for sign-in).
• Portfolio data: Assets you enter (type, symbol, quantity, unit). Stored only in Supabase.
• Source data: YouTube/Twitter/news sources you add.
• Profile text: The free-form "about me" from onboarding.
• Technical logs: IP address, user agent, browser type (security + debug, deleted after 30 days).

2 · How We Use It

• To provide the service (portfolio-specific Lens commentary)
• To protect your account (spam, abuse detection)
• To improve the product (anonymous usage statistics)

Never: we don't sell to third parties, don't use for ads, don't leak as AI training data.

3 · Third-Party Services

• Supabase: database + auth (US/EU servers, encrypted)
• Vercel: hosting
• Google Gemini AI: portfolio parsing + source analysis (portfolio content sent; identifying info NEVER sent)
• Yahoo Finance + CoinGecko + TEFAS: only price symbols go; your quantities stay local
• Resend: transactional email

4 · Your Rights

• Access: See all your data from the Profile page.
• Edit: Update anything from Profile, Portfolio, and Sources pages.
• Delete: "Delete account" button → wipes everything, instantly, irreversible.
• Export: Request a JSON export; we send it within 7 business days.

5 · Cookies

We use only essential (auth session) cookies. No advertising, analytics, or tracking cookies. That's why we don't have a cookie banner; we don't use any optional cookies.

6 · Data Retention

Portfolio, sources, profile: until you delete. Technical logs: 30 days. Analysis history: 12 months (then silently purged).

7 · Security

Your data travels over TLS and sits encrypted at rest on Supabase. Row-level security makes it impossible for someone else to read your data.

8 · Children

lens. is not for people under 18. If we learn an underage account exists, we delete it immediately.

9 · Changes

For material changes, we'll email you. The date above updates.

10 · KVKK (Turkey) & GDPR (EU)

lens. complies with Turkey's KVKK and EU's GDPR. In case of a data breach, we notify relevant authorities within 72 hours. See Section 4 to exercise data subject rights.

11 · Contact

For privacy questions: reply to your signup email, or use the contact link in the footer.