Privacy Policy
At CritLens (operated by anovalabs), we are committed to protecting your privacy and being transparent about how we collect, use, and protect your personal information.
Table of Contents
1. Information We Collect
1.1 Information You Provide
- Email Address: When you join our waitlist or create an account
- Communication Data: When you contact us for support or feedback
- Account Information: Username, preferences, and profile data (when available)
1.2 Automatically Collected Information
- Usage Data: Pages visited, features used, time spent, click patterns
- Device Information: Browser type, operating system, device identifiers
- Technical Data: IP address, referrer URLs, access times
- Analytics Data: User interactions, session recordings (when consented)
1.3 Third-Party Data
- Analytics Services: PostHog analytics and user behavior data
- Infrastructure Providers: Vercel hosting and Supabase database logs
- Public Data: Publicly available social media content for competitive analysis
2. How We Use Your Information
2.1 Service Provision
- Provide and maintain the CritLens platform
- Process waitlist registrations and account creation
- Deliver competitive intelligence insights and reports
- Authenticate users and prevent unauthorized access
2.2 Communication
- Send service updates, feature announcements, and product news
- Respond to support requests and customer inquiries
- Notify about account changes or security issues
- Share early access invitations and beta testing opportunities
2.3 Improvement and Analytics
- Analyze usage patterns to improve our service
- Conduct A/B testing for feature optimization
- Monitor system performance and troubleshoot issues
- Develop new features based on user behavior insights
2.4 Legal and Security
- Comply with legal obligations and regulatory requirements
- Protect against fraud, abuse, and security threats
- Enforce our Terms of Service and other policies
- Respond to legal requests and court orders
3. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share your data only in the following circumstances:
3.1 Service Providers
- Hosting: Vercel (infrastructure and deployment)
- Database: Supabase (data storage and management)
- Analytics: PostHog (user behavior and product analytics)
- Email: Email service providers for transactional communications
3.2 Legal Requirements
- When required by law, regulation, or court order
- To protect our rights, property, or safety
- To investigate potential violations of our terms
- In response to valid legal process
3.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change in ownership or control.
4. Data Retention
4.1 Retention Periods
- Waitlist Data: Until service launch + 1 year, or until you request deletion
- Account Data: For the duration of your account + 3 years after closure
- Usage Analytics: Aggregated data retained for 2 years
- Support Communications: 3 years from last interaction
- Legal/Security Logs: 7 years or as required by law
4.2 Deletion Criteria
We automatically delete data when retention periods expire, unless:
- Legal obligations require longer retention
- Ongoing legal proceedings necessitate preservation
- Data is needed for legitimate business purposes
- You have specifically consented to longer retention
5. Your Rights and Choices
5.1 Data Subject Rights (GDPR/CCPA)
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your personal data
- Portability: Receive your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Revoke consent for data processing
5.2 How to Exercise Your Rights
To exercise any of these rights, contact us at:
We will respond to your request within 30 days (or as required by applicable law).
5.3 Marketing Communications
You can opt out of marketing emails by clicking the unsubscribe link in any email or contacting us directly. Note that you may still receive transactional emails related to your account.
6. Security Measures
6.1 Technical Safeguards
- Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Role-based access with principle of least privilege
- Authentication: Multi-factor authentication for administrative access
- Monitoring: 24/7 security monitoring and incident response
- Infrastructure: SOC 2 compliant hosting providers
6.2 Organizational Measures
- Regular security training for all team members
- Data processing agreements with all vendors
- Regular security audits and penetration testing
- Incident response plan and breach notification procedures
- Privacy by design principles in product development
6.3 Data Breach Response
In the unlikely event of a data breach, we will notify affected users and relevant authorities within 72 hours as required by law, and provide clear information about the incident and steps being taken.
8. Third-Party Services
We integrate with the following third-party services. Each has their own privacy policy:
Social Media APIs
Reddit, Twitter/X, Product Hunt for data analysis
We only access publicly available data
9. International Data Transfers
Your data may be processed in countries other than your own, including the United States. We ensure adequate protection through:
- Adequacy Decisions: Transfers to countries with adequate data protection
- Standard Contractual Clauses: EU-approved contracts for data transfers
- Certification Programs: Partners with Privacy Shield or similar certifications
- Binding Corporate Rules: Internal policies ensuring consistent protection
10. Children's Privacy
CritLens is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected].
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:
- We will update the "Last Updated" date at the top of this policy
- For material changes, we will notify you via email or prominent notice on our website
- We will provide at least 30 days' notice before material changes take effect
- Your continued use of our service after changes become effective constitutes acceptance
12. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Data Protection Officer
General Contact
Response Time
We aim to respond to all privacy-related inquiries within 30 days (or as required by applicable law).