Legal

Privacy Policy

How we collect, use, and protect your personal data.

Effective date: 1 March 2026

This Privacy Policy describes how Hanso Pte. Ltd. ("we", "us", "our"), a company registered in Singapore (UEN pending), collects, uses, discloses, and protects your personal data when you use the Lenno platform ("Service"), our website at lenno.ai, and related services.

We are committed to complying with the General Data Protection Regulation (GDPR), the Singapore Personal Data Protection Act 2012 (PDPA), and other applicable data protection laws.

1. Information We Collect

1.1 Information You Provide

  • Account information: name, email address, and authentication credentials when you register for a Lenno account.
  • Billing information: payment method details and billing address, processed by our third-party payment provider.
  • Agent configuration: agent names, personalities, system prompts, API keys, and other configuration data you provide when setting up AI agents.
  • Communications: any messages, feedback, or support requests you send to us.

1.2 Information Collected Automatically

  • Usage data: features used, agent interactions, API call volumes, timestamps, and performance metrics.
  • Device and connection data: IP address, browser type, operating system, device identifiers, and referring URLs.
  • Log data: server logs including access times, pages viewed, and system activity for security and diagnostics.
  • Cookies and similar technologies: as described in Section 9 below.

1.3 Information from Third Parties

  • Channel integrations: when you connect third-party channels (e.g. Telegram, WhatsApp), we receive messages and metadata as configured by you.
  • Authentication providers: if you sign in via a third-party identity provider, we receive your profile information as permitted by that provider.

2. How We Use Your Information

We use your personal data for the following purposes:

  • Service delivery: to operate, maintain, and improve the Lenno platform, including provisioning and orchestrating AI agents on your behalf.
  • Account management: to create and manage your account, authenticate your identity, and process billing.
  • Communication: to send you service-related notifications, respond to your enquiries, and provide customer support.
  • Security: to detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activity.
  • Analytics: to understand how our Service is used, measure performance, and improve functionality.
  • Legal compliance: to comply with applicable laws, regulations, and legal processes.
  • Marketing: with your consent, to send you information about new features, products, or services that may interest you. You may opt out at any time.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal bases:

Purpose Legal Basis
Service delivery and account management Performance of a contract (Art. 6(1)(b) GDPR)
Security and fraud prevention Legitimate interests (Art. 6(1)(f) GDPR)
Analytics and service improvement Legitimate interests (Art. 6(1)(f) GDPR)
Legal compliance Legal obligation (Art. 6(1)(c) GDPR)
Marketing communications Consent (Art. 6(1)(a) GDPR)

4. Data Sharing and Disclosure

We do not sell your personal data. We may share your information with the following categories of recipients:

  • Service providers: third-party vendors who assist us in operating the platform, including cloud infrastructure providers, payment processors, email delivery services, and analytics providers. These providers are contractually obligated to process data only on our behalf and in accordance with our instructions.
  • AI model providers: when your agents interact with third-party AI models (e.g. Anthropic's Claude), prompts and conversation data are transmitted to these providers in accordance with their respective data processing agreements.
  • Channel providers: when you integrate with messaging platforms (e.g. Telegram), your agent interactions are transmitted through these channels as configured by you.
  • Legal and regulatory authorities: when required by law, regulation, legal process, or enforceable governmental request.
  • Business transfers: in connection with a merger, acquisition, reorganisation, or sale of assets, your data may be transferred as part of that transaction.

5. International Data Transfers

Hanso Pte. Ltd. is based in Singapore. Your data may be transferred to and processed in countries outside your jurisdiction, including Singapore and other countries where our infrastructure providers operate.

For transfers from the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognised transfer mechanisms. You may request a copy of the relevant safeguards by contacting us at privacy@lenno.ai.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law.

  • Account data: retained for the duration of your account and for up to 30 days after account deletion to allow for recovery.
  • Agent conversation data: retained according to your configured retention policies. You may delete conversation history at any time through the platform.
  • Billing records: retained for up to 7 years as required by applicable tax and accounting regulations.
  • Server logs: retained for up to 90 days for security and diagnostic purposes.

7. Your Rights

7.1 Rights Under GDPR (EEA and UK Residents)

If you are located in the EEA or UK, you have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete personal data.
  • Erasure: request deletion of your personal data, subject to legal retention requirements.
  • Restriction: request that we restrict processing of your personal data in certain circumstances.
  • Data portability: receive your personal data in a structured, commonly used, machine-readable format.
  • Objection: object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw consent: where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
  • Lodge a complaint: file a complaint with your local data protection supervisory authority.

7.2 Rights Under PDPA (Singapore Residents)

If you are located in Singapore, you have the following rights under the PDPA:

  • Access: request access to your personal data held by us and information about how it has been used or disclosed in the past year.
  • Correction: request correction of any error or omission in your personal data.
  • Withdrawal of consent: withdraw your consent for the collection, use, or disclosure of your personal data, subject to legal or contractual restrictions.
  • Data portability: request that your data be transmitted to another organisation in a commonly used machine-readable format (where applicable under the PDPA data portability obligation).

To exercise any of these rights, please contact us at privacy@lenno.ai. We will respond to your request within the timeframes required by applicable law (generally 30 days).

8. Data Protection Officer

You may contact our Data Protection Officer for any questions or concerns regarding our handling of your personal data:

Data Protection Officer
Hanso Pte. Ltd.
Email: privacy@lenno.ai

9. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential cookies: required for the platform to function, including session management and authentication. These cannot be disabled.
  • Analytics cookies: help us understand how visitors interact with our website. We use privacy-respecting analytics that do not track individual users across sites.

We do not use third-party advertising cookies or tracking pixels. You can control cookie preferences through your browser settings.

10. Children's Privacy

The Lenno platform is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information promptly. If you believe we have collected data from a child, please contact us at privacy@lenno.ai.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. The "Effective date" at the top of this policy indicates when it was last revised.

Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Hanso Pte. Ltd.
Singapore
Email: privacy@lenno.ai
Website: lenno.ai