Privacy Policy

Last updated: April 12, 2026

1. Who We Are

Leng.Leng ("the App," "the Software") and lengleng.ai ("the Website," "the Service") are products of MakoBytes ("we," "us," "our," "the Company"). Our website is located at lengleng.ai. For any privacy-related questions, contact us through the information provided on our website.

2. Scope of This Policy

This Privacy Policy applies to all interactions with the Leng.Leng desktop application, the lengleng.ai website, and any related services, APIs, or downloads we provide. By using the App, the Website, or any of our services, you acknowledge that you have read, understood, and agree to the practices described in this policy. If you do not agree with any part of this policy, you must stop using our services immediately.

3. Information We Collect

3.1 Information You Provide Directly

  • Account information: When you create an account on lengleng.ai, we collect your name, email address, and profile picture through your Google or GitHub OAuth provider. We do not collect or store your OAuth provider passwords.
  • License keys: We generate and store a deterministic license key associated with your account for software activation purposes.
  • Support communications: If you contact us for support, we may retain the content of those communications.

3.2 Information Collected Automatically (Website)

  • Page views: We record which pages you visit on lengleng.ai, your referrer URL, and a truncated IP address for basic traffic analytics.
  • Download events: When you download the App, we record the download event, version number, IP address, and user agent string.
  • Cookies and session data: We use essential cookies for authentication (NextAuth session tokens). We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

3.3 Information Processed by the Desktop App

The Leng.Leng desktop application processes the following data locally on your computer:

  • Voice audio: Your microphone audio is captured, processed by Whisper AI locally on your machine for speech-to-text conversion, and immediately discarded after transcription. Audio data is never transmitted to our servers or any third party. The temporary WAV file is deleted after transcription.
  • Screen captures: When screen awareness is enabled, the App periodically takes screenshots of your monitors for contextual analysis. These screenshots are processed locally and are never transmitted to our servers. Screenshots may be sent to your chosen LLM provider (e.g., Google Gemini, Anthropic Claude) as part of the AI conversation if the feature is active.
  • Conversation history: Your conversations with Leng.Leng are stored locally in your Windows AppData folder. We do not have access to your conversation history.
  • Memories and preferences: Any facts, preferences, or memories you ask Leng.Leng to remember are stored locally on your machine. We cannot access this data.
  • Files and system commands: When you ask Leng.Leng to read, create, or delete files, or execute PowerShell commands, these actions occur entirely on your local machine.
  • Browser activity: When using the browser control feature, Leng.Leng controls a dedicated Chrome profile on your machine. Your browsing data, cookies, login sessions, and browsing history remain local. We do not have access to any browsing activity.
  • API keys: Your AI provider API keys are stored locally on your machine and encrypted using Windows DPAPI (Data Protection API), which ties encryption to your Windows user account. We never receive, transmit, or store your API keys.

4. How We Use Your Information

  • To create and manage your account on lengleng.ai
  • To generate and manage your license key
  • To track downloads for version management and basic usage statistics
  • To monitor website traffic and improve our services
  • To communicate with you about service updates, security notices, or support requests
  • To enforce our Terms of Service and protect against fraud or abuse

We do not use your information for advertising, profiling, automated decision-making, or selling to third parties.

5. Third-Party Services and Data Sharing

5.1 AI Provider Data

When you use Leng.Leng, your text prompts (and optionally screenshots) are sent to the AI provider you have selected (e.g., Google Gemini, Anthropic Claude, OpenAI, xAI Grok). This communication happens directly between the App on your computer and the provider's API — it does not pass through our servers. Each provider has its own privacy policy and data handling practices. We strongly recommend reviewing the privacy policies of any AI provider you choose to use:

  • Google Gemini: ai.google.dev/terms
  • Anthropic Claude: anthropic.com/privacy
  • OpenAI: openai.com/privacy
  • xAI Grok: x.ai/legal/privacy-policy

If you use Ollama or LM Studio (local models), no data leaves your computer at all.

5.2 Website Infrastructure

  • Vercel: Our website is hosted on Vercel. Vercel may process server logs including IP addresses and request metadata.
  • Neon: Our database is hosted on Neon (serverless PostgreSQL). Account data and license keys are stored in Neon's infrastructure.
  • Google OAuth / GitHub OAuth: We use Google and GitHub as authentication providers. When you sign in, we receive your name, email, and profile picture from the provider. We do not receive your password.

5.3 We Do Not Sell Your Data

We do not sell, rent, lease, or trade your personal information to any third party for any reason, including marketing or advertising purposes. We do not participate in data broker networks. We do not share your information with third parties for their own marketing purposes.

6. Data Retention

  • Account data: We retain your account information for as long as your account is active. You may request deletion at any time.
  • License keys: License keys are retained for as long as your account exists or until revoked.
  • Analytics data: Page views, download events, and traffic logs are retained for up to 12 months and then automatically purged.
  • Local App data: All data stored by the desktop App (conversations, memories, screenshots, configs) is stored on your machine and is under your full control. Uninstalling the App removes all locally stored data.

7. Data Security

We implement commercially reasonable security measures to protect your personal information. These include:

  • HTTPS encryption on all website communications
  • Encrypted database connections (SSL/TLS) to our PostgreSQL database
  • OAuth-based authentication (no passwords stored on our servers)
  • Windows DPAPI encryption for API keys stored by the desktop App
  • Role-based access controls for administrative functions

However, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You acknowledge and accept this inherent risk.

8. Children's Privacy

Our services are not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate personal information.
  • Deletion: Request deletion of your account and associated data.
  • Portability: Request your data in a portable format.
  • Objection: Object to certain processing of your personal information.
  • Withdrawal of consent: Withdraw consent for processing where consent is the legal basis.

To exercise any of these rights, contact us through our website. We will respond to verified requests within 30 days.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. As stated above, we do not sell personal information. You may exercise your CCPA rights by contacting us.

11. International Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information based on legitimate interests (operating our service), contractual necessity (providing the service you requested), and consent (where applicable). You have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of our services after any changes constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy, your personal data, or would like to exercise your rights, please visit our website at lengleng.ai for contact information.