Privacy Policy

This Privacy Policy ("Policy") explains how Lenera AI Inc. ("we," "us," "our") collects, uses, shares, and protects personal data when you visit our website at www.lenera.ai ("Website"), use our AI video creation platform ("Service"), or otherwise interact with us. By using our Website or Service, you agree to the practices described in this Policy.

For enterprise customers who require a Data Processing Agreement (DPA) under GDPR or CCPA, please contact us at support@lenera.ai.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly, including:

  • Account information: name, email address, company name, job title, billing address, payment details (processed by Stripe — we do not store full card numbers)
  • Profile and settings: profile photo, preferences, notification settings, workspace settings
  • Customer Content: scripts, documents, images, audio, and other materials you upload to create videos
  • Communications: messages sent to our support team, feedback, and survey responses
  • Event registrations: information provided when registering for webinars or events

1.2 Information Collected Automatically

When you use the Service or Website, we automatically collect:

  • Usage data: features used, videos created, actions taken, session duration, errors encountered
  • Device and browser data: IP address, browser type, operating system, screen resolution, referring URL
  • Log data: server logs, access times, API calls, error logs
  • Cookies and tracking: see Section 7 (Cookies)

1.3 Information from Third Parties

  • Single Sign-On (SSO) providers (e.g., Google, Microsoft, Okta): authentication information when you use SSO to sign in
  • Payment processors: transaction confirmation data (not full card details)
  • Analytics partners: aggregated usage information
  • Publicly available sources: company information for account enrichment (e.g., LinkedIn, Clearbit)

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Create and manage your account
  • Process payments and send invoices
  • Render AI Output from your Customer Content
  • Send transactional communications (receipts, service updates, security alerts)
  • Send marketing communications (with your consent where required by law)
  • Provide customer support and respond to inquiries
  • Analyse usage patterns to improve platform performance and features
  • Detect, prevent, and respond to fraud, security incidents, and abuse
  • Comply with applicable laws and legal obligations
  • Conduct research and analytics in aggregated, anonymized form

We do not use your Customer Content to train general-purpose AI models that are shared with other customers. We will not sell your personal data.

3. How We Share Your Information

We share personal data only as described below:

3.1 Service Providers (Sub-processors)

We share data with third-party service providers who process data on our behalf, including:

  • Cloud infrastructure: AWS
  • AI API providers: DeepSeek / Google TTS
  • Payment processing: Stripe, Inc.
  • Customer support: Pylon
  • Analytics: Contentsquare / Google Analytics 4
  • Email communications: ActiveCampaign

Our full Sub-processor list is available at lenera.ai/legal/subprocessors.

3.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will provide notice before your personal data is subject to a different privacy policy.

3.3 Legal Requirements

We may disclose personal data to comply with applicable law, legal process, or government request; to enforce our Terms; to protect our rights, property, or safety; or to protect the rights, property, or safety of others.

3.4 With Your Consent

We may share personal data with third parties with your prior consent.

3.5 What We Do NOT Do

We do NOT: sell personal data to third parties; share personal data with advertisers for ad targeting; or use personal data for cross-context behavioural advertising.

4. Data Retention

We retain personal data for as long as necessary to provide the Service and fulfil the purposes described in this Policy, subject to the following:

  • Account data: retained for the duration of your account, plus 90 days after account deletion to allow for recovery
  • Customer Content: retained during your subscription; deleted 30 days after account termination (downloadable during this window)
  • Billing records: retained for 7 years as required by tax and accounting laws
  • Security logs: retained for 12 months
  • Marketing opt-outs: retained indefinitely to honour your preference

You may request earlier deletion of your personal data as described in Section 6.

5. Data Security

We implement industry-standard technical and organizational security measures to protect your personal data, including:

  • AES-256 encryption at rest
  • TLS 1.2+ encryption in transit
  • Multi-factor authentication for all staff with production access
  • Role-based access controls with least privilege
  • Annual third-party penetration testing

Despite these measures, no system is completely secure. If you believe your account has been compromised, please contact us immediately at support@lenera.ai.

6. Your Privacy Rights

6.1 All Users

Regardless of location, you have the right to:

  • Access: request a copy of the personal data we hold about you
  • Correction: request correction of inaccurate or incomplete data
  • Deletion: request deletion of your personal data (subject to legal retention requirements)
  • Portability: receive your data in a machine-readable format
  • Opt-out of marketing: unsubscribe from marketing emails at any time via the unsubscribe link or by contacting us

6.2 EEA / UK Users (GDPR / UK GDPR)

If you are in the EEA or UK, you additionally have the right to:

  • Object to Processing based on legitimate interests
  • Restrict Processing in certain circumstances
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with your local Supervisory Authority

Our legal bases for processing are: (a) contract performance (to provide the Service); (b) legitimate interests (security, fraud prevention, product improvement); (c) legal obligation; and (d) consent (marketing communications).

6.3 California Users (CCPA / CPRA)

California residents have the right to:

  • Know what personal information we collect, use, disclose, or sell
  • Delete personal information (with certain exceptions)
  • Correct inaccurate personal information
  • Opt-out of the sale or sharing of personal information (we do not sell or share)
  • Limit use of sensitive personal information
  • Non-discrimination for exercising privacy rights

To exercise your rights, contact us at support@lenera.ai. We will respond within 30 days (45 days if extended with notice). We may require identity verification before processing your request.

7. Cookies and Tracking

We use cookies and similar tracking technologies on our Website and Service. Categories of cookies we use:

  • Strictly necessary: required for the Service to function (e.g., authentication sessions, security)
  • Functional: remember your preferences and settings
  • Analytics: help us understand how you use the Service (e.g., Contentsquare / Google Analytics 4)
  • Marketing (Website only): used on our marketing website to measure campaign effectiveness — not used in the Service application

You can manage cookie preferences via our cookie consent banner or browser settings.

8. International Data Transfers

We are based in the United States. If you are located outside the U.S., your personal data will be transferred to and processed in the U.S. (and potentially other countries where our Sub-processors operate). We use the following mechanisms for international transfers:

  • Standard Contractual Clauses (SCCs) — EU Commission approved, for transfers from the EEA
  • UK Addendum to SCCs — for transfers from the UK
  • Swiss-U.S. Data Privacy Framework — for transfers from Switzerland

For questions about international transfers, contact support@lenera.ai.

9. Children's Privacy

The Service is intended for business use by adults aged 18 and over. We do not knowingly collect personal data from children under 13 (or under 16 in the EEA). If we learn we have collected personal data from a child, we will delete it promptly. If you believe we have such data, please contact us.

10. Third-Party Links and Integrations

The Service may integrate with or link to third-party products and services (e.g., Slack, LMS platforms). This Policy does not cover third-party practices. We encourage you to review the privacy policies of third parties before using their services.

11. AI and Automated Decision-Making

Our Service uses AI to generate video content from your inputs. We do not use automated decision-making to make legally significant decisions about you as an individual. The AI processes your content to render outputs; the resulting videos are for you to review and use at your discretion.

12. Changes to This Policy

We may update this Policy from time to time. We will notify you of material changes by email or prominent in-app notice at least thirty (30) days before the change takes effect. The "Last Revised" date at the top of this Policy indicates when it was last updated. Continued use of the Service after the effective date constitutes your acceptance of the updated Policy.

13. Contact Us

If you have questions, requests, or concerns about this Policy or our privacy practices, please contact us at support@lenera.ai.

Last updated: June 2026