Skip to policy
OpenLens
Features Remote Access Privacy Support
Back to OpenLens
Effective July 16, 2026

Privacy Policy

How information is handled by OpenLens for iPhone and iPad, the optional OpenLens Remote companion for macOS, and this website.

On this page Summary Local information Camera and network OpenCode and AI Remote Access Website hosting Support communication Third parties Retention and deletion Your rights Security Contact

Who we are and what this policy covers

Martyn Pękala, an independent developer based in Poland (“we”, “us”), provides OpenLens, including the OpenLens app for iPhone and iPad and the optional OpenLens Remote companion for macOS.

OpenLens does not operate a user account service, central application backend, analytics platform, advertising network, or remote-access relay.

During normal use, we do not receive or have access to your:

  • OpenCode conversations or prompts;
  • source code, files, diffs, or workspace contents;
  • server or Cloudflare credentials;
  • saved connection profiles;
  • Cloudflare account or Access logs;
  • app usage or precise location.
In short

Information required for OpenLens to function is stored locally or transmitted to systems selected and controlled by you.

Information stored locally

OpenLens may store the following information on your iPhone or iPad:

  • OpenCode server addresses and connection names;
  • selected providers, models, workspaces, and recent connection information;
  • server credentials;
  • Remote Access Service Tokens;
  • device keys and gateway identifiers.

Sensitive credentials and private keys are stored using Apple Keychain.

OpenLens Remote may store the following information locally on your Mac:

  • Cloudflare Tunnel and Access configuration;
  • approved workspace paths;
  • names and public keys of paired devices;
  • pairing and last-connection timestamps;
  • local configuration and security state;
  • bounded, redacted diagnostic events such as agent startup, tunnel state, or the presence of an error.

Diagnostic events do not intentionally include prompts, source code, workspace contents, credentials, file paths, or raw error messages.

Camera and local network access

OpenLens uses the camera only when you choose to scan a connection QR code. Camera images are processed for QR recognition and are not stored or uploaded by OpenLens.

Local network access is used to discover and connect to OpenCode servers on your network. OpenLens does not request or collect your device’s geographic location.

OpenCode and AI providers

OpenLens connects to an OpenCode server selected and controlled by you. Content you submit may include prompts, messages, source code, file paths, diffs, permission responses, and other workspace information.

Depending on your OpenCode configuration, this content may be sent by OpenCode to an AI provider selected by you. Processing performed by OpenCode or an AI provider is governed by their respective configuration, terms, and privacy policies.

We do not select these providers for you and do not receive the content transmitted to them.

Optional Remote Access and Cloudflare

Remote Access is optional and requires a Cloudflare account, domain, Tunnel, Access application, and Service Token controlled by you.

When Remote Access is used, the OpenLens app connects to your Cloudflare-protected hostname. Cloudflare may process connection and authentication metadata, including:

  • IP address and country derived from the IP address;
  • requested hostname;
  • authentication time and result;
  • Cloudflare Ray ID;
  • Service Token identity;
  • connection duration and traffic volume.

The OpenLens application payload is encrypted end-to-end between the iPhone or iPad and OpenLens Remote on the Mac. It is not available to the OpenLens developer and is designed not to be readable by Cloudflare.

Cloudflare determines its own processing and retention according to your Cloudflare plan, configuration, and agreements. The OpenLens developer cannot view or delete data in your Cloudflare account.

See the Cloudflare Privacy Policy and Cloudflare Data Processing Addendum.

Website hosting

The OpenLens website is hosted using GitHub Pages. We do not add analytics, advertisements, tracking scripts, or marketing cookies to the website.

GitHub may process technical request information required to host and secure the website according to the GitHub Privacy Statement.

Support communication

If you contact us by email, we receive your email address, the content of your message, and any information you voluntarily include.

We use this information only to respond to your request, investigate a reported problem, or handle a privacy or security issue. We do not use support messages for advertising.

Third-party services

OpenLens does not include third-party analytics, advertising, payment, or tracking SDKs.

Depending on the features you choose, information may be processed independently by:

  • your OpenCode server;
  • an AI provider configured in OpenCode;
  • Cloudflare for optional Remote Access;
  • GitHub when visiting this website or the public repository;
  • Apple when downloading or interacting with OpenLens through Apple services.

These services operate under their respective terms and privacy policies.

Data retention and deletion

Connection profiles remain on your device until you remove them. Using Forget Connection removes the selected OpenLens connection and its associated Remote credentials from the app’s local storage.

On the Mac, you can revoke paired devices and remove approved workspaces through OpenLens Remote. Local diagnostic files rotate automatically and have a bounded size.

Cloudflare data must be managed through your Cloudflare account. Data held by an AI provider must be managed according to that provider’s controls and privacy policy.

Support emails are retained only for as long as reasonably necessary to respond, investigate the reported issue, protect the project, or meet applicable legal obligations.

To request deletion of information you provided directly through support, contact openlens.app@icloud.com.

International processing

Cloudflare, GitHub, Apple, OpenCode services, or an AI provider selected by you may process information outside your country. Their respective terms and privacy policies describe the safeguards they apply to international transfers.

Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object to processing, or receive a copy of personal data you provided directly to us.

Residents of the European Economic Area may have rights under GDPR/RODO and may lodge a complaint with their local data protection authority. California residents may have rights under CCPA/CPRA.

We do not sell personal information or share it for cross-context behavioral advertising.

To exercise applicable rights, contact openlens.app@icloud.com.

Security

OpenLens uses measures such as Apple Keychain, device-specific keys, local network isolation, Cloudflare Access, and end-to-end encryption for Remote application traffic.

No electronic storage or transmission method is completely secure. Users are responsible for protecting their devices, OpenCode server, Cloudflare account, Service Tokens, QR pairing codes, and configured AI provider accounts.

Changes to this policy

We may update this Privacy Policy when OpenLens functionality or data-handling practices change. Updates will be published on this page with a revised effective date.

Contact and support

For support, privacy questions, security concerns, or data requests:

  • Email: openlens.app@icloud.com
  • Source code: github.com/martynpekala/OpenLens

© 2026 Martyn Pękala. OpenLens is an independent open-source project.

OpenLens Support GitHub App Store