Skip to content

Lens Cloud data handling#

Lens Cloud is designed with a strong focus on data privacy and security. This document explains how your data is managed, stored, and transmitted when using Lens Cloud services.

Data hosting#

All core Lens Cloud services, such as account management and license delivery, operate exclusively within our EU data center.

Lens Spaces enables you to choose one of the options where to run its relay component: EU or US. The traffic related to your space, does not move across regions without your explicit selection.

What We Store#

Lens Cloud only retains the minimal information necessary for authentication and license management:

  • Lens ID and Lens Business ID
  • Billing-related account metadata

We do not store any Kubernetes resources, logs, or metrics from your clusters

How Clusters Connect#

Lens Desktop establishes a direct connection from your local machine to the API server of each cluster. This ensures isolation:

  • All requests, responses, and workloads remain within your network boundary.
  • Lens Cloud infrastructure is completely bypassed during these interactions.

Lens Spaces Traffic Relay#

When you share a cluster through Lens Spaces:

  • A lightweight, stateless relay pod is deployed into your cluster.
  • Traffic is tunneled through the regional relay service you selected.
  • All traffic is encrypted using AES-256-GCM for symmetric encryption, with key exchange handled through RSA-4096 asymmetric encryption.
  • No payloads, credentials, or configuration data are logged, persisted, or inspected by Lens Cloud.

Zero Data Retention Guarantee#

Lens Cloud guarantees zero data retention:

  • No workload data from your Kubernetes environments is logged, stored, or replicated.
  • Your clusters, workloads, and secrets remain entirely under your control, whether you work solo or collaborate through Lens Spaces.