Privacy Policy

Last updated: June 23, 2026

Lenzon is a product of Horizon Two Labs (“Lenzon,” “we,” “us”). Lenzon turns a pull request or repository into a short narrated, animated explainer. This policy describes what we collect, how we use it, and — most importantly for teams working in private repositories — how we keep your code and the analysis derived from it confidential.

Our core commitment for private repositories

We do not share your private repository code, or any analysis or explainer derived from it, with anyone outside your trusted, authenticated access group. Access to a private repository’s analysis and explainer is gated on GitHub authentication and your Lenzon GitHub App installation: only users whose installation covers the repository can request or view its explainers. Private explainers are not public by default — they are protected by per-artifact access tokens and are never listed, indexed, or surfaced to users who lack the corresponding GitHub access. We do not sell your code or derived analysis, and we do not share it for advertising or with unrelated third parties.

We do not use your code to train AI models. Your repository content is processed only to generate the explainer you requested. Inference runs on Anthropic’s API, which under Anthropic’s commercial API terms does not train models on inputs or outputs. When you bring your own Anthropic key (BYOK), that inference is performed under your own Anthropic account and terms.

Information we collect

• Account & identity. Your GitHub identity (login, account id) obtained when you sign in or install our GitHub App, and your email address.
• Repository & PR metadata. Repository identifiers (owner/repo), branch names, pull request numbers, titles, authors, and commit SHAs — the minimum needed to locate and explain a PR.
• Repository content, at processing time. To generate an explainer we transiently clone and analyze the relevant code and diff. This content is used to produce the analysis and explainer and is not repurposed.
• Derived artifacts. The analysis, narration script, audio, and rendered explainer we generate from a PR or repository.
• Credentials you provide. If you use BYOK, your Anthropic API key is stored encrypted and used only to run inference for your runs.
• Usage & billing. Run history, costs, and payment records (payments are processed by Stripe; we do not store full card details).

How we use information

We use the above to provide the service: locate the PR, generate and deliver the explainer, enforce access controls, operate billing and the free/beta tiers, maintain reliability and security, and communicate with you about your account.

Service providers (subprocessors)

We share data with a small set of providers strictly to operate the service, each acting on our instructions:

• Anthropic — LLM inference that produces the analysis (under your own key when using BYOK).
• Google Cloud (Text-to-Speech) — narration audio.
• Amazon Web Services — compute and storage for cloning, analysis, rendering, and artifact hosting.
• Vercel — application hosting.
• Stripe — payment processing.

These providers process data only as needed to deliver their part of the service and are not permitted to use your code or derived analysis for their own purposes.

Data retention

We retain account, run, and artifact data for as long as your account is active or as needed to provide the service, and delete or anonymize it within a reasonable period after it is no longer needed, subject to legal and accounting requirements. You may request deletion of your data as described below.

Security

We use access controls, encryption in transit, and encryption at rest for sensitive credentials. Access to private-repository analysis is scoped to your authenticated GitHub access group. No system is perfectly secure, but protecting your code is central to how the product is designed.

Your choices

You can disconnect Lenzon at any time by uninstalling the GitHub App and revoking access in your GitHub settings, and you can remove a stored BYOK key from your account. To request access to or deletion of your data, contact us via the contact page.

Changes

We may update this policy as the product evolves. Material changes will be reflected by the “last updated” date above.

Contact

Questions about this policy or your data? Reach us through the contact page.