Privacy Policy

Last updated: January 19, 2026

1. Data Controller

AgoraLens is operated by:

AgoraLens Oy

Business ID (Y-tunnus): 2263258-6

Nietostie 7 a 1

90630 Oulu

Finland

Phone: +358 50 482 1685

Email: contact@agoralens.com

2. Data Protection Officer (DPO)

We have appointed a Data Protection Officer.

Data Protection Officer:

Email: contact@agoralens.com

The DPO can be contacted regarding all matters related to personal data processing.

3. Personal Data We Collect

3.1 Information you provide directly

  • Name
  • Email address
  • Authentication credentials (managed by our authentication provider)
  • Organization and role information
  • Support communications

3.2 Usage and technical data

  • Pages visited and features used
  • Session duration and timestamps
  • Device and browser information
  • IP address (stored in server logs)

4. Purposes and Legal Bases of Processing

PurposeLegal Basis (GDPR Art. 6)
Account creation and access managementPerformance of a contract
Providing and maintaining the servicePerformance of a contract
Customer support and communicationsLegitimate interest
Service security and abuse preventionLegitimate interest
Analytics and service improvementLegitimate interest
Billing and payment processingLegal obligation / contract
Compliance with legal requirementsLegal obligation

5. Processing of Public Social Media Data

5.1 Data Sources

The platform processes publicly available content from social media platforms where the content was made publicly accessible at the time of collection.

  • No private messages
  • No restricted or non-public content
  • No circumvention of access controls

5.2 Public Figures & Retention

Content authored by public figures in a public context may be retained for analytical and archival purposes, even if later removed from the source platform, subject to applicable law.

Key clarifications:

  • Retention is not indefinite by default
  • Content is stored with context and timestamps
  • Content is not presented as current if deleted

5.3 Deleted Content Handling

When a public post is removed from the source platform, the platform may retain a historical copy for analytical purposes. Such content is clearly labeled as deleted and separated from current content.

  • Date of deletion detection is recorded
  • Deletion reasons are unknown
  • No assumption of wrongdoing is made

6. Legitimate Interest Assessment

When relying on legitimate interest, we ensure that:

  • processing is limited to public or necessary service data,
  • no intent, belief, or personal profiling is inferred,
  • outputs are analytical indicators only,
  • user rights and freedoms are not overridden.

You may object to processing based on legitimate interest at any time.

7. Cookies and Similar Technologies

AgoraLens uses cookies and similar technologies for:

  • essential authentication and session management,
  • security purposes,
  • usage analytics.

Where required, analytics cookies are used only after consent. You can manage cookies through your browser settings or our cookie controls.

8. Data Sharing and Service Providers

8.1 Processors that may receive personal data

We use the following categories of processors:

  • Hosting and infrastructure: Render (EU-located servers and databases)
  • Authentication: Clerk
  • Payments: Stripe
  • Email communications: Resend
  • AI analysis: OpenAI
  • Analytics: Google Analytics

All processors act under contractual data processing agreements. We may also share information with social media platforms (including X) as required for data ingestion, compliance, and platform integrity.

8.2 Services that do not receive personal user data

The following services are used for platform functionality or data ingestion but do not receive personal user data from us:

  • twitterapi.io and X (Twitter) directly (used to retrieve and interact with public social media data)

9. International Data Transfers

Some service providers are located outside the EU/EEA.

Where personal data is transferred outside the EU/EEA, we rely on:

  • the EU-US Data Privacy Framework, and/or
  • Standard Contractual Clauses approved by the European Commission.

10. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Account data: for the duration of the customer relationship
  • Billing data: as required by accounting and tax laws
  • Usage logs: retained for security and analytics purposes for a limited period

Public analytical data may be retained in aggregated or anonymized form.

11. Automated Processing

AgoraLens uses automated systems to analyze publicly available content.

These processes:

  • do not produce legal or similarly significant effects on individuals,
  • are intended solely for analytical and informational purposes,
  • require human interpretation.

12. Your Rights

Under GDPR, you have the right to:

  • access your personal data,
  • request correction of inaccurate data,
  • Request Review of Sensitive ContentRequests concerning public political communication are reviewed individually. Retention may continue where justified by public interest, research, or freedom of expression. (We do not promise erasure).
    Submit a review request
  • restrict processing,
  • object to processing based on legitimate interest,
  • request data portability.

You also have the right to lodge a complaint with the Finnish Data Protection Authority:

Tietosuojavaltuutetun toimisto

https://tietosuoja.fi

13. Data Security

We apply appropriate technical and organizational security measures to protect personal data against unauthorized access, loss, or misuse.

14. Contact

For privacy-related questions or requests, contact:

contact@agoralens.com