EvalLense

Explore EvalLense

  • ProductOne Pager, Entry Hub, Reports, Review Board
  • TrustMethodology, Consistency, Security, Use Cases
  • PricingPricing Overview, Benefits
  • NewsroomResearch, Product News, Company Updates
  • AboutAbout EvalLense, Contact
Our approachData protectionAuthentication and access control
Launch App→
Legal / Technical

Security

Last updated: June 16, 2026

An overview of the technical and organizational measures EvalLense uses to protect pitch decks, account data, and evaluation results — and how to report a vulnerability.

Draft for review. This page is a working draft provided for transparency. It has not been reviewed by qualified legal counsel and does not constitute legal advice. Bracketed placeholders such as [Legal entity name] must be completed and the text reviewed before it is relied upon.

On this page

  1. Our approach
  2. Data protection
  3. Authentication and access control
  4. Secrets and keys
  5. Private workspaces
  6. Evaluation integrity
  7. Certifications and audits
  8. Responsible disclosure
  9. No absolute guarantee
  10. Updates to this page

01Our approach

Pitch decks and evaluation results are sensitive, so security is built into how EvalLense works rather than bolted on. We aim for private handling of submitted materials, controlled access to workspaces, and decisions that stay under human control. This page summarizes the technical and organizational measures we use; it is informational and not a contractual commitment.

02Data protection

Data is encrypted in transit using TLS. Data is hosted with reputable cloud infrastructure providers and protected by access controls. Sensitive details such as pitch decks and account data are handled only as needed to run the Service, as described in our Privacy Policy.

03Authentication and access control

Access to the Service is authenticated and scoped to the minimum each user needs:

  • Sign‑in is handled by a managed authentication provider with sessions kept in httpOnly cookies; we support email and password (with verification) and Google OAuth.
  • Each project is isolated at the database level, so an organizer can access only their own projects and submissions (row‑level‑security on every query).
  • Administrative operations are gated behind explicit permission checks, and privileged access follows least‑privilege principles.

04Secrets and keys

Service‑side credentials — including database service keys and AI‑provider keys — are stored and used only on the server and are never shipped to the browser or exposed in client code.

05Private workspaces

Each evaluation batch lives in a controlled workspace available only to authorized reviewers. Public submission pages are reachable only when an organizer explicitly publishes a project; otherwise they return “not found.” Reports are accessed through the organizer’s authenticated workspace.

06Evaluation integrity

Submitted deck content is treated as evidence to analyze, not as instructions to follow, so hidden or adversarial text in a deck cannot rewrite the evaluation rules. The numeric layer is deterministic and the AI score is advisory, with a human making the final decision. More detail is on our Prompt Injection Safety and Security & Privacy pages.

07Certifications and audits

EvalLense does not currently hold formal third‑party security certifications (such as SOC 2 or ISO 27001). As the product matures, we expect to formalize additional controls and will update this page accordingly. [Status to be confirmed.]

08Responsible disclosure

If you believe you have found a security vulnerability, please report it to security@evallense.com with enough detail to reproduce the issue. Please give us reasonable time to investigate and remediate before public disclosure, and avoid accessing or modifying data that is not yours. We appreciate good‑faith research.

09No absolute guarantee

No product or transmission method is perfectly secure. While we work to protect your information, we cannot guarantee absolute security. Your use of the Service is also subject to our Terms of Service.

10Updates to this page

We may update this page as our practices evolve. The “Last updated” date above reflects the latest revision.

Questions about this page? Contact legal@evallense.com.

EvalLense

Batch-review pitch decks.
Final decisions stay human-controlled.

Product

One PagerEntry HubReportsReview boardPricingSite map

Trust

MethodologyConsistency & reliabilityPrompt injection safetySecurity & privacyUse cases

Company

AboutNewsroomContactcareers@evallense.com
EvalLense © 2026PrivacyTermsSecurity