Privacy Policy

How we handle your data.

Last updated: January 2026

Overview

Meristem Lens ("Lens", "we", "us") is a SaaS platform for running AI copilots with human-in-the-loop approvals. This policy describes what data we collect, how we use it, and your rights regarding that data.

Data we collect

  • Account information: email address, name, and organization name provided during registration.
  • Usage metadata: event counts, job completion timestamps, device activation records, and billing period aggregations.
  • Device metadata: operating system, platform type, and a device fingerprint for lease management.
  • Billing data: Stripe customer ID and subscription status. Payment card details are handled entirely by Stripe and never touch our servers.
  • Server logs: IP addresses, request timestamps, and HTTP method/path for security monitoring. Retained for 30 days.

Data we do NOT collect

  • Source code: We do not access, store, or analyze your source code repositories.
  • Secrets and credentials: API keys, tokens, and passwords are never transmitted to or stored on our servers.
  • Payment card numbers: All payment processing is handled by Stripe. We never see or store card details.
  • File contents: The Lens client operates locally. File contents are not sent to our servers.
  • Personal communications: We do not access emails, messages, or other private communications.

How we use your data

  • To provide and maintain the Lens service, including authentication, billing, and device management.
  • To enforce plan limits and usage quotas as described in your subscription.
  • To detect and prevent security threats, abuse, and unauthorized access.
  • To improve service reliability and performance using aggregated, anonymized usage metrics.
  • To comply with applicable legal obligations.

Data sharing

We do not sell your data. We share data only with: Stripe (payment processing), infrastructure providers (hosting), and as required by law. All third-party providers are bound by data processing agreements.

Data retention

Account data is retained while your account is active. Usage events are retained according to your plan (Free: 7 days, Pro: 90 days, Team: unlimited, Enterprise: configurable). Server logs are retained for 30 days. You may request deletion of your account and associated data at any time.

Your rights

  • Access: Request a copy of your personal data.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and associated data.
  • Export: Request your data in a portable format.
  • Objection: Object to processing of your data for specific purposes.

Contact

For privacy-related inquiries, contact us at privacy@meristem.dev. We respond within 30 business days.

privacy@meristem.dev