Privacy Policy
Last updated: April 17, 2026
1. Who We Are
BurnLens is operated by Sairin Technology (sairintechnology.com). This policy explains what data we collect, how we use it, and your rights.
2. Data We Do NOT Collect
We are designed to be privacy-first. We never collect or store:
- Your LLM prompts or completions
- Your application code or business logic
- Your AI provider API keys (these pass through the local proxy and are never sent to our servers)
- PII from request or response bodies
3. Local Proxy Data (Your Machine Only)
The open-source BurnLens proxy stores the following data locally in SQLite at ~/.burnlens/burnlens.db. This data never leaves your machine unless you explicitly enable cloud sync:
- Model name, provider, timestamp
- Token counts (input, output, cached)
- Calculated cost in USD
- SHA-256 hash of system prompt (for duplicate detection — hash only, not content)
- Custom tags you add via
X-BurnLens-Tag-*headers
4. Cloud Sync Data (Sent to Our Servers)
When cloud sync is enabled, BurnLens sends pseudonymous metadata batches every 60 seconds to our Railway backend at api.burnlens.app. Each record contains:
- Workspace API key in the authenticated request header (for routing to your workspace)
- Provider, model, timestamp
- Token counts and cost in USD
- Tag values you provided for feature, team, customer, and key label
- Workspace-keyed HMAC-SHA256 prompt fingerprint
Prompt content, completion content, and raw request/response bodies are never synced.
5. Account Data
When you create a cloud account at burnlens.app, we store:
- Email address
- Hashed password (bcrypt)
- Workspace name, API-key hashes, and key suffixes used for identification
- Paddle customer ID (for billing)
- Plan and subscription status
6. Payment Data
Payments are processed by Paddle. We do not store credit card numbers or full payment details. Paddle shares billing identifiers, transaction details, and subscription status with us. Sairin Technology (sairintechnology.com) appears as the merchant on your statement.
7. Cookies & Tracking
The cloud dashboard uses session cookies for authentication and Plausible for privacy-focused product analytics. We do not use third-party advertising trackers or fingerprinting.
8. Service Providers
We use Vercel for the website, Railway for hosted application infrastructure, Paddle for billing, SendGrid for transactional email, and Plausible for product analytics. These providers process only the data required to deliver their service.
9. Data Retention
- Free plan: 7 days of cloud sync history
- Cloud plan: 90 days
- Teams plan: 365 days
- Enterprise: Up to 10 years
On account deletion, all cloud data is purged within 30 days.
10. Your Rights
You may at any time:
- Request a copy of your stored data
- Request deletion of your account and associated data
- Disable cloud sync (your local data is unaffected)
- Export your data from the dashboard
11. Contact
Privacy questions: contact@sairintechnology.com.