Lens Order AI logoLens Order AI← Back to site

Privacy Policy

Last updated: June 28, 2026

This Privacy Policy explains how MindX Global (“we”, “us”), operator of Lens Order AI (the “Service”), collects, uses, and protects personal data. We are based in the European Union and act as a data controller for account data and as a data processor for the prescription content you upload. Questions: privacy@lensorderai.com.

1. Data we collect

  • Account data — your email address and a securely hashed password.
  • Uploaded content — the prescription/order images, scans or PDFs you submit, and the structured data our AI extracts from them. These files may contain personal data of your patients/customers, including health-related information.
  • Billing data — your plan, subscription status, and credit purchases. Card details are handled directly by Stripe; we never see or store your full card number.
  • Usage data — logs, device/browser information, and how you use the Service, used to operate and improve it.
  • Cookies & analytics — see Section 7.

2. Health & special-category data

Prescriptions may contain special-category (health) data of your end customers. You are responsible for ensuring you have a valid legal basis to upload and process that data, and for informing your customers as required. We process this content solely on your instructions to provide the Service, as your processor.

3. How we use data

  • To provide the Service — store your files and run AI extraction.
  • To process payments, manage subscriptions and credits.
  • To provide support and send service-related communications.
  • To secure, maintain, and improve the Service.
  • To comply with legal obligations.

4. AI processing & sub-processors

To extract data, your uploaded images are sent to a third-party AI model provider. We also rely on a small set of trusted sub-processors to run the Service:

  • OpenRouter / Google (Gemini) — AI vision extraction.
  • Stripe — payment processing.
  • Vercel — application hosting and analytics.
  • Object storage — encrypted storage of your uploaded files.
  • Google (Gmail / Google Ads) — email delivery and advertising measurement.

Some of these providers may process data outside the European Economic Area; where they do, appropriate safeguards (such as Standard Contractual Clauses) apply.

5. Retention

We retain your account and uploaded content for as long as your account is active. You can delete extractions at any time, and we delete your workspace data when you close your account or on request, subject to limited retention required by law (e.g. invoicing).

6. Sharing

We do not sell your personal data. We share data only with the sub-processors above, when required by law, or to protect our rights and users.

7. Cookies, analytics & advertising

We use strictly necessary cookies for authentication, and analytics/advertising technologies (Vercel Analytics and Google's gtag for conversion measurement). If you are in the EEA, we will ask for consent before setting non-essential cookies.

8. Your rights

Under the GDPR you have the right to access, correct, delete, restrict, or port your data, to object to processing, and to withdraw consent. You may also lodge a complaint with your local supervisory authority. To exercise any right, contact privacy@lensorderai.com.

9. Security

We protect data with encryption in transit, access controls, and reputable infrastructure providers. No method of transmission or storage is completely secure, but we work to protect your data using industry-standard measures.

10. Children

The Service is intended for businesses and is not directed to individuals under 18.

11. Changes

We may update this policy from time to time; material changes will be reflected by the “Last updated” date above. Continued use of the Service after changes constitutes acceptance.

12. Contact

MindX Global — privacy@lensorderai.com.