Privacy Policy
Effective date: April 30, 2026
RegexLens ("RegexLens," "we," "us,") provides a web-based regular-expression tester, debugger, and visualizer. This Privacy Policy explains what information we collect, how we use it, and your choices. It applies to our website and online product offered at https://regexlens.dev and related subdomains.
Information we collect
Information you provide
- Account and sign-in. If you create or use an account, we process authentication data from your chosen provider (for example Google, GitHub, or email magic links). This typically includes your email address, name, and profile image URL when supplied by the provider. Magic-link email is delivered using our email vendor (Resend).
- Saved content. If you save regexes or related snippets in the app, we store that content and metadata you choose to save in our database so you can access it across sessions.
Information collected automatically
- Usage and diagnostics. We may use Vercel Analytics (and similar first-party analytics) to understand aggregated traffic and product usage.
- Logs and security. Our hosting and application may record technical data such as IP address, user agent, request path, and timestamps for security, reliability, and abuse prevention.
- Cookies and similar technologies. We use cookies and similar mechanisms required for authentication sessions (for example, secure session cookies when you sign in).
Regex, test text, and AI features
- Core regex testing and visualization run in your browser. Unless you explicitly save content to your account or use features that send data to our servers, your patterns and sample text are not stored by us as part of routine operation.
- Shareable links may encode pattern and test state in the URL you share. Anyone with the link can view that encoded state.
- Regex Copilot (AI assistant) — Bring Your Own Key.AI features require you to provide your own Anthropic API key. Your key is stored only in your browser's local storage (with an automatic 24-hour expiry) and is never saved, logged, or retained on our servers. When you use an AI feature, your key is sent to our server in the
X-Anthropic-Keyheader to authenticate the proxied request to Anthropic; it is not written to application logs, but like any HTTP header it could appear in infrastructure or CDN access logs depending on how your hosting provider collects telemetry. The key is discarded after the request completes. Because keys live inlocalStorage, any XSS vulnerability in the browser could expose them — keep your browser updated and avoid untrusted browser extensions. Your prompts and relevant regex context are sent to Anthropic under your own API key and account. Please do not submit secrets, regulated personal data, or other sensitive information you are not authorized to share.
How we use information
We use the information above to:
- Provide, operate, and improve RegexLens;
- Authenticate users and sync saved library content;
- Communicate transactional messages (for example, sign-in emails where applicable);
- Monitor security, prevent abuse, and comply with legal obligations.
Legal bases (EEA, UK, and similar jurisdictions)
Where required, we rely on contract (providing the service you request), legitimate interests (security, analytics, product improvement—balanced against your rights), and consent where applicable (for example, non-essential cookies or marketing, if offered).
How we share information
We share information with service providers who process data on our behalf, including:
- Hosting and infrastructure (for example Vercel);
- Database and authentication storage (PostgreSQL as configured for our Auth.js adapter);
- Transactional email (Resend, for magic links);
- Analytics (Vercel Analytics).
When you use AI features, your prompts are sent to Anthropic using your own API key. RegexLens acts as a technical proxy and does not maintain a separate data-processing relationship with Anthropic on your behalf.
We may also disclose information if required by law, to protect rights and safety, or in connection with a business transfer, subject to applicable law.
API keys and local storage
If you choose to use AI-powered features, you provide your own third-party API key. We handle your key as follows:
- Your key is stored exclusively in your browser's local storage with a 24-hour automatic expiry. We have no access to your browser's local storage.
- When you make an AI request, the key is included in the request to our server only so we can forward it to Anthropic. The key is never written to a database, log file, or any persistent storage on our systems.
- After the proxied request completes, the key is discarded from server memory.
- You can remove your key at any time using the "Clear key" button in the Copilot interface, or by clearing your browser's local storage.
Data retention
We retain account and saved-library data as needed to provide the service and meet legal requirements. Session and security logs are kept for a limited period consistent with operational needs. You may request deletion of your account (see Contact); some records may be retained where we are legally required to do so.
Security
We use industry-standard safeguards designed to protect data in transit and at rest. No method of transmission or storage is completely secure; we work to reduce risk but cannot guarantee absolute security.
International transfers
We may process and store information in the United States and other countries where our service providers operate. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers.
Your choices and rights
Depending on where you live, you may have rights to:
- Access, correct, or delete personal information;
- Object to or restrict certain processing;
- Port data where applicable;
- Withdraw consent where processing is consent-based;
- Lodge a complaint with a supervisory authority.
You can manage some information through your account settings. For other requests, contact us using the information below.
Children
RegexLens is not directed to children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps.
Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the effective date. Where changes are material, we will provide additional notice as required by law.
Contact
For privacy-related questions or requests, contact us at prince.agyei.tuffour@gmail.com.