Privacy Policy

1. Data Controller

The data controller responsible for the personal data processed through this website and the LensLaber software is:

LensLaber is operated by a single individual, not a company. There is no appointed Data Protection Officer (DPO), as this is not required for sole traders who do not carry out large-scale systematic processing of personal data (Article 37 GDPR). For any privacy-related query, contact the address above.

2. What Data We Collect and Why

The LensLaber software itself is offline-first and does not collect, transmit, or store any user data in the cloud. Your images, annotations, and local project files never leave your machine. No telemetry or usage analytics are sent from the application.

Through this website, we process the following personal data:

We do not collect payment information, physical addresses, IP addresses, browser fingerprints, or any sensitive categories of data (Article 9 GDPR).

3. Legal Basis for Processing

Each processing activity rests on a specific legal basis under Article 6 GDPR:

• Newsletter subscription (email only): Your freely given, specific, and informed consent (Article 6(1)(a) GDPR). You may withdraw this consent at any time.
• Contact and feedback forms: Legitimate interest (Article 6(1)(f) GDPR) — specifically, our legitimate interest in responding to user enquiries and improving the software. The processing is proportionate: only the minimum data needed to reply is collected.

4. Data Retention

• Newsletter email addresses are retained for as long as your subscription is active. You can unsubscribe at any time by emailing LensLaber@gmail.com, after which your address will be removed within 30 days.
• Contact and feedback messages (received via email) are retained for a maximum of 24 months, or until the related matter is resolved, whichever comes first.

After these periods, personal data is permanently deleted or anonymised.

5. Third-Party Sub-Processors

We do not sell or rent your personal data to any third party. However, we use the following sub-processors to operate this website:

6. International Data Transfers

Google LLC and GitHub, Inc. are headquartered in the United States. The data they process on our behalf may therefore be transferred outside the European Economic Area (EEA). These companies rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for such transfers, in accordance with Article 46(2)(c) GDPR.

EmailJS processes data within the EEA or under equivalent safeguards. We recommend reviewing their privacy policy for the latest information.

7. Your Rights

Under the GDPR and the Spanish Organic Law 3/2018 (LOPDGDD), you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR): Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16 GDPR): Ask us to correct inaccurate data.
• Right to erasure / "right to be forgotten" (Art. 17 GDPR): Request deletion of your data, where no legal obligation requires us to retain it.
• Right to restriction of processing (Art. 18 GDPR): Ask us to limit how we use your data in certain circumstances.
• Right to data portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format.
• Right to object (Art. 21 GDPR): Object to processing based on legitimate interest.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right not to be subject to automated decisions (Art. 22 GDPR): We do not use automated decision-making or profiling.

To exercise any of these rights, send an email to LensLaber@gmail.com with the subject line Privacy Request. We will respond within 30 days, as required by Article 12 GDPR.

8. Cookies and Tracking Technologies

This website does not use analytics, advertising, or tracking cookies. We do not use Google Analytics, Facebook Pixel, or any other behavioural tracking tool.

Third-party scripts embedded in this page (Tailwind CDN, Font Awesome CDN, Google Fonts, EmailJS) may set their own technical cookies or log requests. These are strictly functional in nature. By using this website you acknowledge this limited third-party technical activity.

9. Children's Privacy

LensLaber is a professional software tool not directed at children. We do not knowingly collect personal data from anyone under the age of 14 (the minimum age for consent under Article 8 GDPR as implemented by Spain's LOPDGDD, Article 7). If you believe a minor has submitted data to us, please contact us immediately at LensLaber@gmail.com and we will delete it promptly.

10. Security Measures

We apply technical and organisational measures appropriate to the risk, in accordance with Article 32 GDPR. These include: HTTPS encryption for all website traffic, limiting data collection to the minimum necessary, and using reputable third-party providers with their own security certifications.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority (AEPD) within 72 hours, and affected individuals without undue delay, as required by Articles 33–34 GDPR.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in the law, our services, or our data practices. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will also notify subscribers by email. Continued use of the website or software after a change constitutes acceptance of the updated policy.

12. Supervisory Authority

As the data controller is established in Spain, the competent supervisory authority is the Agencia Española de Protección de Datos (AEPD). If you believe your data protection rights have not been respected, you have the right to lodge a complaint with the AEPD:

Users outside Spain may also lodge a complaint with the supervisory authority of their EU/EEA member state of habitual residence.