LENALegal

Privacy Policy

Last updated: May 21, 2026

This Privacy Policy explains how HAZE PARK collects, uses, stores, shares, and protects personal information when you access or use Lena Code.

Lena Code is a universal code platform operated by HAZE PARK. This Privacy Policy applies to our website, applications, software tools, APIs, account services, paid subscriptions, customer support, and related services.

By using Lena Code, you acknowledge that your personal information will be handled as described in this Privacy Policy.

1. Service Operator

Lena Code is operated by:

Business name상호
HAZE PARK
Representative대표자
Matt Park
Business Registration Number사업자등록번호
609-45-01302
Address사업장 주소
97, Centum jungang-ro, Haeundae-gu, Busan, Republic of Korea (48058)
Privacy Contact개인정보 보호책임자
Matt Park
Email이메일
support@lenacode.com

2. Information We Collect

We may collect the following categories of information.

2.1 Account Information

When you create an account or use Lena Code, we may collect:

  • name;
  • email address;
  • username or account ID;
  • password or authentication credentials;
  • company or organization name;
  • workspace name;
  • account settings;
  • subscription plan;
  • login and authentication records.

2.2 Billing and Payment Information

When you purchase a paid plan, we may collect or receive billing-related information, including:

  • billing name;
  • billing email;
  • billing address;
  • company name;
  • tax information;
  • subscription plan;
  • payment status;
  • invoice records;
  • transaction ID;
  • payment date;
  • refund or cancellation history.

Payments are processed through our designated payment provider. Payment Provider: Lemon Squeezy. We do not store full credit card numbers on our own servers. Full payment card details are handled by the payment provider according to its own terms, privacy policy, and security standards.

2.3 Service Content

When you use Lena Code, you may submit code, text, files, prompts, instructions, configuration data, comments, documentation, or other materials to the Service.

In this Privacy Policy, we refer to these materials as “Service Content.”

Service Content may include:

  • source code;
  • code snippets;
  • technical documentation;
  • prompts or instructions;
  • files submitted for transformation or validation;
  • generated outputs;
  • validation results;
  • language pair information;
  • transformation history;
  • project or workspace data.

2.4 Usage and Technical Information

We may collect technical and usage information when you use the Service, including:

  • IP address;
  • device information;
  • browser type;
  • operating system;
  • approximate region;
  • referring URL;
  • pages viewed;
  • features used;
  • timestamps;
  • session duration;
  • API usage;
  • error logs;
  • crash logs;
  • system performance data;
  • security logs.

2.5 Communications

When you contact us, we may collect:

  • your name;
  • email address;
  • message content;
  • support request details;
  • feedback;
  • attachments;
  • customer service history.

2.6 Cookies and Similar Technologies

We may use cookies, local storage, pixels, and similar technologies to:

  • keep you logged in;
  • remember preferences;
  • improve website performance;
  • understand usage patterns;
  • prevent fraud and abuse;
  • support analytics;
  • measure product performance.

You may disable cookies through your browser settings, but some features may not work properly.

3. How We Use Information

We use personal information for the following purposes.

3.1 To Provide the Service

We use information to:

  • create and manage accounts;
  • provide code transformation and validation features;
  • process Service Content;
  • generate Output;
  • manage workspaces;
  • provide API access;
  • authenticate users;
  • maintain user sessions;
  • deliver subscribed features.

3.2 To Process Payments and Subscriptions

We use billing and payment-related information to:

  • process paid subscriptions;
  • issue invoices and receipts;
  • confirm payment status;
  • manage renewals;
  • process cancellations;
  • handle refunds;
  • prevent payment fraud;
  • comply with tax, accounting, and legal obligations.

3.3 To Maintain and Improve the Service

We use information to:

  • monitor service performance;
  • debug errors;
  • improve reliability;
  • develop new features;
  • analyze feature usage;
  • improve user experience;
  • optimize supported language pairs;
  • evaluate transformation quality;
  • improve validation accuracy.

3.4 To Protect the Service

We use information to:

  • detect abuse;
  • prevent unauthorized access;
  • investigate suspicious activity;
  • enforce usage limits;
  • prevent fraud;
  • protect users, our systems, and third parties;
  • maintain security logs;
  • respond to security incidents.

3.5 To Communicate With You

We use information to:

  • respond to support requests;
  • send account notices;
  • send billing notices;
  • notify you of changes to the Service;
  • provide security alerts;
  • send administrative messages;
  • provide product updates where permitted.

4. Service Content and Code Privacy

We understand that Service Content may include sensitive technical materials, proprietary code, confidential business information, or internal development logic.

We process Service Content to provide, maintain, secure, troubleshoot, and improve Lena Code.

Unless you explicitly opt in or we separately agree with you, we do not use your Service Content to train general-purpose AI models.

We do not sell your Service Content to advertisers or data brokers.

Submitted source code is not persisted beyond the request lifecycle in Lena Code infrastructure.

Generated result caches may store AI-generated output, not submitted source bodies, keyed by request hash, with TTL no longer than 30 minutes.

AI request ledger entries store request hashes, plan, token counts, cost, and usage metadata only; those entries expire after 30 days.

Logs and metrics retain request hashes and operational metadata only; submitted source bodies are not retained.

We may access Service Content only when reasonably necessary for purposes such as:

  • providing the requested Service;
  • debugging technical issues;
  • responding to support requests;
  • preventing abuse or security threats;
  • complying with legal obligations;
  • enforcing our Terms of Service;
  • improving reliability, quality, and safety of the Service.

4.1 AI Provider Boundary

AI model providers (currently Google Gemini) process redacted request content to return results under their own data terms.

For paid Gemini API services, Google states that prompts and responses are not used to improve Google products. Limited transient logging may occur for safety, policy, legal, and regulatory purposes under Google's Gemini API terms and applicable data processing commitments.

6. How We Share Information

We may share information in the following circumstances.

6.1 Service Providers

We may share information with trusted service providers that help us operate Lena Code, including:

  • cloud hosting providers;
  • database providers;
  • payment processors;
  • authentication providers;
  • analytics providers;
  • customer support tools;
  • email service providers;
  • security and monitoring tools;
  • infrastructure providers;
  • AI or model service providers, where applicable.

These providers may process information only as necessary to provide services to us and are required to protect information according to applicable contractual and legal obligations.

6.2 Payment Providers

If you purchase a paid plan, billing and transaction information may be processed by our payment provider.

Payment Provider: Lemon Squeezy

Payment providers may independently collect and process certain information according to their own terms and privacy policies.

6.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, personal information may be transferred as part of that transaction.

We will take reasonable steps to ensure that the recipient handles personal information consistently with this Privacy Policy or provides appropriate notice where required.

7. Third-Party Service Providers and Subprocessors

We may use third-party service providers to operate, secure, and improve Lena Code.

The service providers and subprocessors we currently use are listed below.

ProviderPurposeLocation
VercelHosting, infrastructure, serverless functions, static edge deliveryUnited States / Global edge
GitHubUser authentication (OAuth sign-in)United States
GoogleUser authentication (OAuth sign-in)United States
Google Gemini APIAI inference for explanation and reconstruction using redacted submitted source contentUnited States
Upstash RedisDaily quota counters, abuse-prevention metering, temporary usage limits, and short-window hash-keyed result cache for AI-generated outputUnited States
Neon PostgresIdentity, subscriptions, entitlements, payment-event ledger, API token hash metadata, and usage countersUnited States
Lemon SqueezyPayment processing, subscription billingUnited States
ResendTransactional emails and account noticesUnited States
VercelProduct analytics and usage measurementUnited States / Global edge

8. International Processing and Transfers

Lena Code is operated from the Republic of Korea and may be used globally.

Your information may be processed, stored, or transferred in countries other than your country of residence, depending on our infrastructure, service providers, payment provider, and operational needs.

Where required by applicable law, we will take appropriate measures for international transfers of personal information.

The international transfers we currently make are described below.

RecipientCountryInformation TransferredPurposeRetention
VercelUnited States / Global edgeAccount information, submitted source content (ephemeral processing only), generated results, usage logsHosting, serverless function execution, static edge delivery, and service operationPer provider data processing agreement; submitted source code is not persisted by Lena Code beyond the request lifecycle; logs and operational metadata follow operational retention
GitHubUnited StatesAccount identifier, email address, OAuth profile (name, avatar)User authentication (OAuth sign-in)Per the provider’s data processing agreement; for the duration of authentication
GoogleUnited StatesAccount identifier, email address, OAuth profile (name, avatar)User authentication (OAuth sign-in)Per the provider’s data processing agreement; for the duration of authentication
Google Gemini APIUnited StatesRedacted submitted source content and generated responsesAI inference for explanation and reconstructionPer provider data processing agreement and Gemini paid API terms; prompts/responses not used to improve Google products; limited transient logging for safety, policy, legal, and regulatory purposes
Upstash RedisUnited StatesDaily quota identifiers such as account email-derived keys, IP-derived keys, request counters, reset TTLs, request hashes, and AI-generated output cached for result rehydration; no submitted source bodyQuota enforcement, abuse prevention, temporary usage limits, and short-window result rehydrationTTL-based daily counters; generated result cache TTL no longer than 30 minutes; per provider data processing agreement
Neon PostgresUnited StatesAccount identifiers, OAuth provider account links, subscription and payment-event records, API token hashes, and daily usage countersIdentity, billing, and quota system of recordPayment and contract records retained for at least 5 years where required by law; other records until account deletion or as required by law
Lemon SqueezyUnited StatesBilling information, payment status, transaction recordsPayment processingPer the provider’s data processing agreement; until account deletion or as required by law
ResendUnited StatesEmail address, account noticesEmail deliveryPer the provider’s data processing agreement; until account deletion or as required by law
VercelUnited States / Global edgeUsage and technical informationAnalytics and product improvementPer the provider’s data processing agreement; until account deletion or as required by law

9. Data Retention

We retain personal information only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention periods may vary depending on the type of information, the reason for collection, legal requirements, security needs, and dispute resolution needs.

9.1 General Retention

Type of InformationRetention Period
Account informationUntil account deletion, unless retention is required by law
Submitted source codeNot persisted beyond the request lifecycle in Lena Code infrastructure
Generated result cacheAI-generated output only, not submitted source bodies; hash-keyed; TTL no longer than 30 minutes
AI request ledgerRequest hash, plan, token counts, cost, and usage metadata only; TTL 30 days
Operational logs and metricsRequest hashes and operational metadata only; submitted source bodies are not retained; retained up to 12 months unless a shorter operational TTL applies
Support inquiries3 years
Billing and payment records5 years
Security logs12 months
Marketing consent recordsUntil consent withdrawal or as required by law

10. Deletion

When personal information is no longer necessary for the purposes described in this Privacy Policy, we will delete or anonymize it in accordance with applicable law and our internal retention procedures.

Deletion may be delayed where retention is necessary to:

  • comply with legal obligations;
  • resolve disputes;
  • enforce agreements;
  • prevent fraud or abuse;
  • maintain security;
  • complete backup deletion cycles;
  • comply with tax, accounting, or audit requirements.

11. Your Rights

Depending on your location and applicable law, you may have rights regarding your personal information, including the right to:

  • request access to your personal information;
  • request correction of inaccurate information;
  • request deletion of personal information;
  • request suspension of processing;
  • withdraw consent;
  • object to certain processing;
  • request data portability, where applicable;
  • file a complaint with a relevant data protection authority.

You may exercise these rights by contacting us at: Email: support@lenacode.com. We may need to verify your identity before responding to your request. We may deny or limit a request where permitted by applicable law, such as when retention is required for legal obligations, security, dispute resolution, fraud prevention, or legitimate business purposes.

12. Account Controls

Where available, you may access, update, export, or delete certain information through your account settings; otherwise, you may contact support to make such a request.

Available controls may include:

  • updating account profile information;
  • changing email address;
  • changing password;
  • managing workspace settings;
  • managing subscription status;
  • deleting account data;
  • contacting support for privacy requests.

Some information may not be editable or deletable through the account interface if it is required for legal, billing, security, or operational reasons.

13. Cookies and Analytics

We may use cookies and similar technologies for authentication, security, preferences, analytics, and performance measurement.

Types of cookies may include:

  • essential cookies;
  • authentication cookies;
  • security cookies;
  • preference cookies;
  • analytics cookies;
  • performance cookies.

You can manage cookies through your browser settings. However, disabling certain cookies may affect the functionality of the Service. If we use analytics tools, they may collect usage and technical information to help us understand how users interact with the Service. Analytics Provider: Vercel.

14. Marketing Communications

We may send you product updates, announcements, or marketing communications where permitted by law.

You may opt out of marketing emails by using the unsubscribe link in the email or by contacting us.

Even if you opt out of marketing communications, we may still send non-marketing messages, such as:

  • account notices;
  • billing notices;
  • security alerts;
  • service updates;
  • legal notices;
  • support replies.

15. Security

We use reasonable technical, administrative, and organizational measures to protect personal information.

These measures may include:

  • encryption in transit;
  • access controls;
  • authentication controls;
  • logging and monitoring;
  • backup controls;
  • vulnerability management;
  • internal access restrictions;
  • service provider review;
  • incident response procedures.

However, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

16. Data Breach Notification

If a security incident occurs that affects personal information, we will take appropriate steps in accordance with applicable law.

These steps may include:

  • investigating the incident;
  • limiting further harm;
  • notifying affected users where required;
  • notifying relevant authorities where required;
  • improving safeguards to prevent similar incidents.

17. Children’s Privacy

Lena Code is not intended for children.

We do not knowingly collect personal information from children under the minimum age required by applicable law.

Minimum Age: 14

If we learn that we have collected personal information from a child without appropriate consent, we will take reasonable steps to delete it.

If you believe a child has provided us with personal information, please contact us at: Email: support@lenacode.com

18. Do Not Track

Some browsers may send “Do Not Track” signals.

Because there is no uniform industry standard for responding to such signals, we may not respond to Do Not Track signals unless required by applicable law.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If we make material changes, we will take reasonable steps to notify you, such as by posting the updated Privacy Policy on our website, sending an email, or displaying an in-service notice.

The updated Privacy Policy will be effective as of the date stated at the top of the policy.

Your continued use of the Service after the updated Privacy Policy becomes effective means you acknowledge the updated policy.

21. Contact

If you have questions, requests, or concerns about this Privacy Policy or our handling of personal information, please contact us at:

HAZE PARK

Privacy Contact: Matt Park

Email: support@lenacode.com

Address: 97, Centum jungang-ro, Haeundae-gu, Busan, Republic of Korea (48058)