Privacy Policy

1Information We Collect

We collect information in three broad categories: information you provide directly, information we collect automatically, and information we receive from third parties.

1.1 Information You Provide to Us

• Account information: name, email address, and any other details you include when you register an account, join the waitlist, or correspond with us.
• Preferences: topics you follow, sources you favor, saved stories, read/unread status, notification settings, and similar personalization signals.
• Communications: messages you send to us (for example, support requests, feedback, or emails to legal@worldlens.io), including content and attachments.
• Payment information: if you subscribe to a paid plan, our payment processor collects billing details on our behalf. We do not store full payment card numbers on our systems.

1.2 Information We Collect Automatically

• Device & connection data: IP address, approximate location (derived from IP), device type and model, operating system, browser type and version, language preferences, and unique device identifiers.
• Usage data: pages and stories viewed, time spent, clicks, scroll depth, search queries within the Service, features used, referring URLs, and timestamps.
• Log data: access logs, error reports, and performance telemetry generated by our systems.
• Cookies & similar technologies: see Section 4.

1.3 AI & Personalization Data

To generate and refine intelligence briefs, summaries, and personalized feeds, we process signals derived from your use of the Service — including inferred topic interests, reading patterns, categories you engage with most, and stories you save or share. Where appropriate, this data is aggregated or de-identified before being used to improve our models.

1.4 Information from Third Parties

We may receive information from publishers, data partners, analytics providers, identity verification services, and — if you choose to connect them — third-party accounts you link. We use this data consistent with this Policy and any additional restrictions imposed by the source.

2How We Use Information

We use the information we collect for the purposes set out below. Where required by law, we rely on a specific legal basis; Section 11 describes the bases applicable to users in the EU and UK.

2.1 To Provide and Operate the Service

• Authenticate users, deliver features, and maintain account continuity across devices.
• Generate personalized feeds, intelligence briefs, summaries, and recommendations.
• Process subscriptions, payments, and related billing operations.
• Provide customer support and respond to your requests.

2.2 To Improve and Develop the Service

• Analyze how the Service is used, diagnose problems, and monitor performance.
• Train, tune, and evaluate AI models used for summarization, classification, and ranking, using aggregated or de-identified data where feasible.
• Test new features and measure their effectiveness.

2.3 To Communicate with You

• Send transactional messages (account confirmations, security alerts, billing notices) that are necessary to the Service and that you cannot opt out of while using it.
• Send product updates, newsletters, and marketing emails where you have opted in. You can unsubscribe at any time from the footer of those emails.

2.4 To Protect the Service and Comply with Law

• Detect, investigate, and prevent fraud, abuse, scraping, and security incidents.
• Enforce our Terms of Use and other policies.
• Comply with legal obligations, valid legal process, and lawful requests from public authorities.

3How We Share Information

We share information only in the following limited circumstances:

3.1 Service Providers and Processors

We share information with vendors who perform services on our behalf — for example, cloud infrastructure, database hosting, email delivery, analytics, customer support tooling, payment processing, and fraud prevention. These providers are contractually obligated to process the information only for the purposes we specify and to protect it with appropriate safeguards.

3.2 Legal and Regulatory Requirements

We may disclose information where we believe, in good faith, that disclosure is required by applicable law, regulation, legal process (such as a subpoena, court order, or warrant), or a lawful request from a government or regulatory authority. Where permitted, we will attempt to notify you before disclosure.

3.3 Protection of Rights and Safety

We may disclose information where we reasonably believe it is necessary to protect the rights, property, or safety of WorldLens, our users, or the public — including to investigate and prevent fraud, security threats, or violations of our Terms.

3.4 Business Transfers

If we are involved in a merger, acquisition, reorganization, financing, sale of assets, or bankruptcy, information may be transferred to the successor or affiliated entity as part of that transaction. We will use reasonable efforts to ensure the receiving party honors the commitments described in this Policy or notify you of material changes.

3.5 With Your Direction or Consent

We may share information with other third parties when you direct us to do so or otherwise consent to the sharing.

3.6 Aggregated or De-Identified Data

We may create and share aggregated, de-identified, or anonymized information that cannot reasonably be used to identify you — for example, to publish industry insights or demonstrate Service usage to partners.

4Cookies & Tracking Technologies

We and our service providers use cookies, local storage, pixels, and similar technologies to operate the Service and understand how it is used. We generally use these in four categories:

• Strictly necessary: required for core functionality such as authentication, session management, and security. These cannot be disabled through our preference controls.
• Performance and analytics: help us understand usage patterns, diagnose errors, and measure feature performance.
• Functionality: remember your preferences (for example, theme, language, topics you follow).
• Targeting: only used where you have opted in; we do not currently use third-party advertising cookies.

Most browsers allow you to refuse or delete cookies through their settings. Doing so may limit your ability to use certain parts of the Service. We honor Global Privacy Control (GPC) browser signals where applicable.

5Third-Party Services

We rely on a small number of carefully selected third-party processors to operate the Service. Each is bound by a data processing agreement and processes information only on our instructions. Categories include:

Database & auth

Supabase — stores account data, preferences, and operational records.

Hosting & delivery

Netlify and associated content-delivery networks — serve the website and related assets.

Email delivery

Resend — sends transactional and marketing email.

Analytics

Privacy-respecting analytics providers to measure aggregate usage and performance.

Payments

A PCI-compliant payment processor handles subscription billing. We do not store full card numbers.

AI infrastructure

Model providers that run summarization, classification, and other AI tasks on our behalf. We do not permit these providers to use your data to train their general-purpose models.

The current list may change as we evolve the Service. Material changes affecting how your personal information is processed will be reflected in future versions of this Policy.

6Data Retention & Deletion

We retain personal information for as long as necessary to provide the Service and fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law (for example, for tax, accounting, fraud prevention, or dispute resolution).

• Account data is retained for the life of your account plus a limited period to handle account recovery, disputes, and legal obligations.
• Usage and log data are typically retained for up to 24 months, after which they are deleted or fully anonymized.
• Derived AI signals (topic preferences, engagement patterns) may be retained in aggregated or de-identified form beyond account deletion.
• Backups are retained for a limited period on a rolling basis and purged on a defined cycle.

You may request deletion of your account at any time by contacting legal@worldlens.io. We will honor qualifying requests within the timelines required by applicable law and will notify you when deletion is complete, subject to any information we are required or permitted to retain.

7Security

We implement administrative, technical, and physical safeguards designed to protect information from unauthorized access, disclosure, alteration, and destruction. These include:

• Transport Layer Security (TLS) for data in transit.
• Encryption at rest for databases and backups.
• Role-based access controls and least-privilege principles for employees and contractors.
• Monitoring, logging, and alerting on our production systems.
• Regular review of our vendors and their security practices.

No method of transmission or storage is completely secure. While we work hard to protect your information, we cannot guarantee absolute security. If you believe your account or any information has been compromised, please contact us immediately at legal@worldlens.io.

8International Data Transfers

WorldLens is operated from the United States. If you access the Service from outside the United States, information we collect may be transferred to, stored, and processed in the United States or other jurisdictions where we or our service providers operate.

When personal information is transferred out of the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards — for example, Standard Contractual Clauses approved by the European Commission or the UK International Data Transfer Addendum — to ensure your information receives a level of protection consistent with applicable law.

9Your Privacy Rights

Depending on where you live, you may have some or all of the following rights in respect of your personal information:

• Access: request a copy of the personal information we hold about you.
• Correction: ask us to correct inaccurate or incomplete information.
• Deletion: ask us to delete your personal information, subject to legal exceptions.
• Portability: receive a copy of certain information in a structured, commonly used, machine-readable format.
• Objection & restriction: object to, or request that we restrict, certain processing.
• Withdraw consent: where processing is based on consent, withdraw it at any time (without affecting prior lawful processing).
• Marketing opt-out: unsubscribe from marketing emails at any time using the link in each message.
• Appeal: in some jurisdictions, appeal our decision on a rights request.

To exercise any of these rights, email legal@worldlens.io from the address associated with your account, or use in-product controls where available. We may need to verify your identity before responding. We will not discriminate against you for exercising these rights.

10California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, the “CCPA”), provides additional rights regarding your personal information.

10.1 Categories of Personal Information

In the preceding 12 months, we have collected the categories of personal information described in Section 1, including identifiers, internet or network activity, commercial information, inferences, and — in limited cases — sensitive personal information such as account log-in credentials. The sources, purposes, and recipients of this information are described in Sections 1 through 5.

10.2 Sale and Sharing of Personal Information

We do not sell personal information for monetary consideration, and we do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA.

10.3 Your California Rights

• Right to know what personal information we have collected, used, disclosed, and shared.
• Right to delete personal information we have collected, subject to legal exceptions.
• Right to correct inaccurate personal information.
• Right to limit use and disclosure of sensitive personal information.
• Right to opt out of the sale or sharing of personal information (not currently applicable, as we do not engage in either).
• Right to non-discrimination for exercising any of these rights.

To submit a request, email legal@worldlens.io. Authorized agents may submit requests on your behalf with written proof of authority and verification of your identity.

11EU & UK Residents (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the following additional information applies.

11.1 Data Controller

WorldLens LLC is the controller responsible for your personal information.

11.2 Legal Bases for Processing

• Performance of a contract — to provide the Service you have requested.
• Legitimate interests — for example, to secure the Service, prevent fraud, improve our product, and communicate with you about operational matters, where those interests are not overridden by your rights.
• Consent — for optional cookies, marketing communications, and certain personalization features.
• Legal obligation — to comply with applicable law.

11.3 Your GDPR Rights

In addition to the rights described in Section 9, you have the right to lodge a complaint with your local supervisory authority. A list of EU authorities is available at edpb.europa.eu/about-edpb/about-edpb/members. UK residents may contact the Information Commissioner’s Office at ico.org.uk.

11.4 Data Protection Contact

Questions about data protection, or requests to exercise your rights, may be sent to legal@worldlens.io with the subject line “GDPR Request.”

12Children’s Privacy

The Service is not directed to children under 13 years of age (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from children under that age. Consistent with the U.S. Children’s Online Privacy Protection Act (COPPA) and similar laws, if we learn that we have collected personal information from a child under the applicable age without parental consent, we will delete it promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact legal@worldlens.io and we will take appropriate steps to address the issue.

13Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we do, we will post the revised version on this page and update the “Last Updated” date above.

If changes are material — for example, if we begin processing personal information in a way that requires notice or consent — we will provide more prominent notice, such as an email to the address associated with your account or an in-product notification, before the changes take effect.

14Contact Us

If you have any questions about this Privacy Policy or our data practices, or would like to exercise your rights, please contact us: