Privacy Policy

Last updated: April 17, 2026

1. Who We Are

BurnLens is operated by Sairin Technology (sairintechnology.com). This policy explains what data we collect, how we use it, and your rights.

2. Data We Do NOT Collect

We are designed to be privacy-first. We never collect or store:

  • Your LLM prompts or completions
  • Your application code or business logic
  • Your AI provider API keys (these pass through the local proxy and are never sent to our servers)
  • Any personally identifiable information from your end users

3. Local Proxy Data (Your Machine Only)

The open-source BurnLens proxy stores the following data locally in SQLite at ~/.burnlens/burnlens.db. This data never leaves your machine unless you explicitly enable cloud sync:

  • Model name, provider, timestamp
  • Token counts (input, output, cached)
  • Calculated cost in USD
  • SHA-256 hash of system prompt (for duplicate detection — hash only, not content)
  • Custom tags you add via X-BurnLens-Tag-* headers

4. Cloud Sync Data (Sent to Our Servers)

When cloud sync is enabled, BurnLens sends anonymised batches every 60 seconds to our Railway backend at api.burnlens.app. Each record contains:

  • Workspace API key (for routing to your org — no personal identity)
  • Provider, model, timestamp
  • Token counts and cost in USD
  • Tag keys/values you provided
  • System prompt hash (SHA-256, not reversible)

Prompt content, completion content, and raw request/response bodies are never synced.

5. Account Data

When you create a cloud account at burnlens.app, we store:

  • Email address
  • Hashed password (bcrypt)
  • Workspace name and API key
  • Paddle customer ID (for billing)
  • Plan and subscription status

6. Payment Data

Payments are processed by Stripe. We do not store credit card numbers or full payment details. Stripe shares only a customer ID and subscription status with us. Sairin Technology (sairintechnology.com) appears as the merchant on your statement.

7. Cookies & Tracking

The cloud dashboard uses session cookies for authentication only. We do not use third-party advertising trackers, analytics pixels, or fingerprinting.

8. Data Retention

  • Free plan: 7 days of cloud sync history
  • Cloud plan: 90 days
  • Teams plan: 365 days
  • Enterprise: Up to 10 years

On account deletion, all cloud data is purged within 30 days.

9. Your Rights

You may at any time:

  • Request a copy of your stored data
  • Request deletion of your account and associated data
  • Disable cloud sync (your local data is unaffected)
  • Export your data from the dashboard

10. Contact

Privacy questions: contact@sairintechnology.com.