Security

Your data.
Handled seriously.

We built LendLens on a simple principle: your financial statement is sensitive. We analyse it, anonymise it, and discard it — nothing traceable to you is ever retained.

The most important thing

Your statement is never stored

When you upload your credit card statement, it is sent to our analysis engine, the relevant figures are extracted, and the document is immediately discarded. We do not save your PDF. We do not retain the extracted text. We do not keep any record of your balance, APR, or transaction detail.

Before any analysis is performed, your statement data is anonymised — stripped of personally identifiable information so that the financial signals can be read without the content being traceable back to you as an individual.

The only data we store is your email address, your consent timestamp, and a record of when you ran an analysis — not what it contained. That is it.

Statement deleted after analysisData anonymised before processingNot traceable to individual usersEmail stored only with consent

How we protect you

Security measures in place

🔒

Encrypted in transit

All data transferred between your browser and our servers is encrypted using TLS 1.3. Your statement never travels unprotected.

🈟

Anonymised before analysis

Statement content is stripped of identifying information before it reaches our analysis engine. The financial signals are read; your identity is not.

🗑

Immediate deletion

Your PDF and extracted text are deleted from our servers immediately after analysis completes. There is no backup, no log, no retained copy.

🏗

Infrastructure security

LendLens is hosted on enterprise-grade infrastructure with SOC 2 Type II compliance and robust security standards at every layer.

👤

Minimal data collection

We follow data minimisation principles. We collect only what is necessary to provide the service — your email, consent record, and analysis timestamps.

🔐

Authenticated accounts

Your LendLens account is protected by password authentication. Passwords are hashed and never stored in plain text. We never see your password.

🆕

Row-level security

Our database enforces row-level security — your account data can only be accessed by you, not by other users or unauthenticated requests.

Analysis & third parties

How your statement is processed

To deliver the analysis, your statement text is anonymised and sent to a secure AI analysis service, which reads the financial signals and returns the structured insights you see on screen. This service operates under strict data handling standards and does not retain the content it processes.

Payments for additional card analyses are handled by Stripe, a PCI DSS-compliant payment processor. We never see or store your card details — Stripe handles all payment data entirely on their side.

No other third party receives your statement data. We do not share your email with advertisers. We do not sell your data. We do not earn referral fees from lenders based on your profile.

💳

Stripe — payments

Payment processing for the £2.99 additional card feature. PCI DSS compliant. We never see your card details.

Regulatory

FCA approved & GDPR compliant

LendLens operates under BucksTrybe Ltd, which holds FCA PSD Agent approval. We are registered with the Information Commissioner’s Office (ICO) and operate in full compliance with UK GDPR.

You have the right to access, correct, or delete your data at any time. To exercise your rights, contact us at hello@lendlens.ai.

Report an issue

Responsible disclosure

If you discover a security vulnerability in LendLens, please report it to us privately before disclosing publicly. We take all reports seriously and will respond within 48 hours.