Lns← Back to home
Legal

Privacy Policy

Last updated: 22 April 2026

This Privacy Policy explains how Aerele Technologies Private Limited (“Aerele”, “we”) collects, uses, and protects information when you use Lens (“the Service”). We keep this policy short, plain, and aligned with what the product actually does.

1. Who we are

Aerele Technologies Pvt Ltd (“Aerele”) is the data controller for information processed by Lens. We are a Frappe and ERPNext engineering team based in Tiruppur, Tamil Nadu, India, working with product companies, Frappe partners, and enterprises across banking, e-commerce, manufacturing, and logistics. We maintain open-source projects and have contributed hundreds of pull requests to Frappe, ERPNext, and related frameworks. Lens is the analysis tooling that came out of that practice.

Contact
Email: hello@aerele.in
Phone: +91 77908 44832
Website: aerele.in

2. What we collect

Account information

  • GitHub sign-in: your public GitHub profile (name, avatar, primary email) and a short-lived access token for cloning repositories you explicitly connect. Scope is read-only.
  • Email sign-up: your email address, a hashed password (we never store plaintext passwords), and optionally a display name.

Repositories and scans

  • For each scan we clone your repository (or accept a zip upload) into an ephemeral worker directory, analyse it, and delete the working copy once the scan completes.
  • The report PDF and HTML, plus the list of findings, are retained in your account so you can download and revisit them.
  • We store metadata about the scan (repo URL, branch, commit hash, file and line counts, pricing tier, status).

Billing

  • Payments are processed by Razorpay. We receive a payment reference, amount, currency, and status. We do not see or store your card or bank details.
  • Invoices, receipts, and the credits you purchased are retained in your account.

Operational data

  • Basic request logs (IP address, user agent, timestamp, endpoint) for security and debugging. Retained up to 90 days.
  • Error traces, scrubbed of secrets where possible.

3. How we use your information

  • To run the audits and compatibility scans you request.
  • To deliver reports, invoices, and transactional notifications by email.
  • To process payments and track credit balances.
  • To monitor service health, prevent abuse, debug failures, and improve our analysis rules.
  • To respond to support requests.

We do not use your source code to train machine-learning models. We do not sell your personal data. We do not share findings or scan results with third parties except the processors listed below, who act on our instructions.

4. Data processors we use

  • GitHub: OAuth sign-in and repository cloning.
  • Razorpay: payment processing.
  • Third-party model provider: our analysis pipeline includes a verification step that sends code snippets to a third-party model provider. Inputs are transient and are not retained by the provider for training (in line with their API data policy).
  • Resend: transactional email delivery (receipts, scan completion notices).
  • Cloud hosting: database, object storage, and compute in managed cloud regions.

5. How long we keep data

  • Cloned source code: deleted as soon as the scan finishes or fails (within minutes).
  • Reports and findings: kept for the life of your account, or until you delete them.
  • Billing records: retained for 8 years as required by Indian tax law.
  • Account data: retained while your account is active. Deleted within 30 days of account closure, except for records we must keep for legal, accounting, or fraud-prevention reasons.

6. Security

  • All traffic is served over HTTPS.
  • Passwords are hashed with bcrypt. Session tokens (JWTs) are stored in your browser's local storage and sent as Bearer tokens.
  • Scans run in isolated workers; cloned code is never persisted to long-term storage.
  • Webhooks from Razorpay are signature-verified; invalid signatures are rejected and logged.
  • Access to production systems is limited to named Aerele personnel.

7. Your rights

You can, at any time:

  • Access the personal data on your account (your profile and scan history).
  • Request correction of inaccurate data or deletion of your account and associated reports.
  • Export your reports as PDF or HTML from the dashboard.
  • Withdraw consent (note that this may mean we can no longer provide the Service to you).

To exercise any of these rights, email hello@aerele.in. We respond within 30 days.

8. Cookies and local storage

We do not use third-party advertising cookies. We use Google Analytics to understand how visitors use the Service, which sets first-party analytics cookies; you can opt out via the Google Analytics opt-out browser add-on. We also store a JSON Web Token in your browser's local storage to keep you signed in, and a small number of first-party preferences (like your light/dark theme). You can clear these at any time from your browser.

9. Children

The Service is not intended for anyone under 18. If we learn we have collected data from someone under 18, we will delete it.

10. International transfers

We are based in India. Some of our processors operate in other countries, including the United States and the European Union. Where data is transferred, we rely on the processor's standard contractual protections.

11. Changes to this policy

We may update this policy as the Service evolves. Material changes will be communicated by email and reflected in the “Last updated” date.

12. Contact

Aerele Technologies Pvt Ltd, Tiruppur, Tamil Nadu, India.
Email: hello@aerele.in
Phone: +91 77908 44832

Questions? Email hello@aerele.in.