Skip to content

Privacy#

This page contains information about how we ensure secure development and protect data.

Development process security#

  • What types of authentication are used for internal services, applications, etc.?

    Employees use Google Account and YubiKey for two-factor authentication.

  • Do employees use VPN for secure access for production and non-production environments?

    Our employees use the Cato Client to access production and non-production environments.

  • How static credentials and secrets are stored?

    Static credentials are stored in the AWS Secrets Vault. Secrets are stored partially in the AWS Secrets Vault and within the Kubernetes platform.

  • Does Lens perform static security scanning?

    Lens does perform static security scanning.

  • How the dependency scanning is organized?

    All dependencies are checked for updates with the help of Dependabot.

  • How the Supply chain Level for Software Artifacts (SLSA) is applied?

    Two-person reviews of all changes are required. The build process is hermetic and reproducible. The self-hosted runners are a part of the CI/CD process for complete control over machine(s).

Lens Desktop application security#

  • Does Lens Desktop require a connection to the internet?

    No. Lens Desktop can be used offline. It requires activation which can be done offline with an activation file downloaded from the Lens ID Portal.

  • Does Lens Desktop undergo any security tests?

    Yes, Lens Desktop has undergone 3rd party penetration testing by specialists in Electron application testing. All vulnerabilities of such tests are usually immediately addressed and remediated. The penetration test results are available upon request.

  • How are critical vulnerabilities found in Lens?

    We have a vulnerability bounty program in place with a top security provider to tap into the skills of the global hacker community to uncover high-risk vulnerabilities faster.

  • Does Lens report vulnerabilities?

    Yes, we do a full disclosure of all CVEs on the NIST National Vulnerability Database that can be found here.

  • Does Lens Desktop provide application signing?

    Lens Desktop is signed for Windows and Apple to assure users that it hasn’t been modified since it was last signed by our release process.

  • Where can I find the third-party software report for Lens Desktop?

    You can find the report in a special file within the application directory. If Lens Desktop is installed to the default directory, the report is located by the following path:

    /opt/Lens/resources/LEGAL.txt

    /Applications/Lens.app/Contents/Resources/LEGAL.txt

    C:\Program Files\Lens\resources\LEGAL.txt

Data security#

  • What features require a connection to the internet?

    Lens ID, Lens Desktop Kubernetes, and Lens Teamwork are the only features requiring an internet connection.

  • What are the ways of logging/signing in Lens?

    Lens users can choose one of the following options:

    • Username and password
    • GitHub or Google accounts
    • SSO service such as Entra ID, JumpCloud, or Okta

  • Does Lens support multifactor authentication?

    No, Lens does not support multifactor authentication at this time.

  • Does Lens support concurrent sessions per user?

    No, concurrent sessions per user are not supported.

  • Does Lens support automatic logout?

    Yes, Lens supports automatic logout.

  • Does Lens have internal network firewalls for inbound and outbound traffic?

    Yes, the Lens internal network includes firewalls for inbound and outbound traffic.

  • Does the Lens internal network support monitoring, logging, and alerting?

    Yes, the Lens internal network supports monitoring, logging, and alerting.

  • Does Lens support HTTPS?

    Yes, Lens supports HTTPS.

  • Does Lens support role-based access control (RBAC)?

    Yes, Lens users have roles, and access is managed based on these roles.

  • Does Lens use the Advanced Encryption Standard (AES)?

    Yes, Lens Teamwork uses end-to-end encryption with the AES-256 standard. For details, see Cluster Connect.

  • Does Lens use customer data for backups?

    No, Lens does not include customer application data in its backup process.

  • What is Lens's retention policy for customer application data?

    Lens does not store or process customer application data, so no retention policy applies.

  • Do Lens employees have access to customer application data or metadata?

    No, Lens employees do not have access to customer application data or metadata, as this data is not used or stored by Lens.

  • What customer data does Lens store or process?

    Lens stores only basic profile information for the Lens ID. No sensitive data, such as kubeconfigs, local profiles, secrets, or config maps, is uploaded or synced from Lens Desktop to cloud services.

  • Does Lens process data related to customer applications or products?

    No, Lens does not store or process application data from customers. It only manages Lens ID data.

  • What third parties are used by Lens for hosting customer applications?

    None. Lens does not store or process customer application data.

  • Under what jurisdiction is Lens data stored?

    Lens ID data is stored and processed under European Union legislation.