PLENS

Privacy Policy

Effective date: February 10, 2026

1. Introduction

PLENS ("we", "us", "our") is a product-knowledge tool that reads your codebase and translates every change into plain language. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

2. Information We Collect

  • Google account data — name, email address, and profile picture, collected when you sign in with Google.
  • GitHub repository data — repository metadata, pull request titles, diffs, and file contents from public repositories you connect to PLENS.
  • Anthropic API key — if you bring your own key, it is encrypted at rest using AES-256-GCM before being stored. We never store or log your key in plaintext.
  • Usage data — token consumption and analysis metadata to operate the service.

3. How We Use Your Information

  • Authenticate you and manage your session.
  • Fetch and analyze pull requests from your connected repositories.
  • Generate plain-language feature descriptions and change summaries.
  • Display your projects, features, and change history.
  • Respond to support inquiries.

4. Data Storage & Security

Your data is stored in a Vercel Postgres database. API keys are encrypted with AES-256-GCM using a server-side encryption key and are never exposed to the client. All traffic is served over HTTPS.

While we take reasonable measures to protect your data, no method of electronic storage is 100% secure.

5. Third-Party Services

PLENS integrates with the following third-party services, each governed by their own privacy policies:

  • Google — OAuth authentication.
  • GitHub — repository data access via the GitHub REST API.
  • Anthropic — AI analysis of code changes via the Claude API.
  • Vercel — hosting, serverless functions, and database.

6. Data Retention & Deletion

We retain your data for as long as your account is active. When you delete a project, all associated features, changes, and analysis data are permanently removed. Deleting your account removes all your data, including projects, API keys, and personal information.

7. Cookies

PLENS uses session cookies managed by NextAuth.js to keep you signed in. These cookies contain a JSON Web Token (JWT) with your session information. We do not use tracking or advertising cookies.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request deletion of your account and all associated data.
  • Withdraw consent at any time by disconnecting your account.

To exercise any of these rights, contact us at the address below.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date.

10. Contact

If you have any questions about this Privacy Policy, please contact us at hello@plens.io.