About Lenzeye Technologies¶
Lenzeye Technologies Private Limited — a next-generation, cloud-agnostic data management and governance platform built in India.
Vision & Mission¶
Vision To become India's leading cloud-agnostic data management and governance platform — a pure software layer that any organization in any industry can use to transfer, store, and govern digital assets with enterprise-grade security, data sovereignty, and zero vendor lock-in.
Mission To eliminate vendor lock-in, fragmentation, and compliance risk in digital asset management — by building an intelligent software abstraction layer that works above any cloud, gives organizations full control over where their data lives, and meets the highest security and governance standards regardless of industry.
Industries Lenzeye Targets¶
Lenzeye is built for any organization that generates, moves, or stores large volumes of digital data. Target sectors:
| Industry | Use Case |
|---|---|
| Media & Photography | Early validation vertical — high-volume, high-stakes file transfer without compression or data loss |
| Healthcare | Secure medical imaging transfer, patient record governance, HIPAA-aligned pipelines |
| Legal | Confidential case file exchange, evidence transfer, document chain-of-custody |
| Research & Academia | Large dataset transfer across institutions, data residency compliance |
| Government & Defence | Sovereign-cloud deployment, air-gapped options, national data locality |
| Media & Entertainment | Large video/audio file delivery, post-production asset management |
| SMBs (all sectors) | Secure file delivery to clients without requiring sender accounts |
Photography was chosen as the first validation vertical — not the permanent target. Solving 250 GB transfers with AES-256 encryption in production proves the platform before enterprise rollout.
Stage of Lenzeye¶
Lenzeye is currently in Stage 1 (complete), actively working through Stage 2. End goal is Stage 5.
| Stage | Name | Status | Key Milestones |
|---|---|---|---|
| Stage 1 | Core Platform | ✅ Complete | Secure file transfer (250 GB+), AES-256-CTR encryption, HMAC integrity, multi-tenant isolation, admin panel, subscription tiers, industry workflow modules (Lab Portal, Website Builder, Collaboration), Android REST API |
| Stage 2 | Growth & Self-Service | 🔄 In Progress | Razorpay self-service billing, transfer completion notifications, upload resume, client-side zero-knowledge encryption, Android app build |
| Stage 3 | Multi-Cloud & Governance | 🔜 Planned | Bring Your Own Cloud (BYOC), multi-cloud storage routing, centralized governance dashboard, audit trails, data residency controls, white-label deployment |
| Stage 4 | Compliance & Enterprise | 🔜 Planned | DPDP Act compliance module, GDPR reporting, healthcare (HIPAA) pipelines, public-sector sovereign-cloud deployment, enterprise SLAs, multi-user org accounts |
| Stage 5 | Intelligence Layer | 🎯 End Goal | AI-based asset classification, smart governance policy suggestions, cross-cloud storage analytics, full mobile coverage (Android + iOS) |
Where Lenzeye is today: Stage 1 is fully complete and commercially validated. Stage 2 is actively in development with Razorpay billing as the immediate priority.
Funding Status¶
| Current Stage | Bootstrapped — self-funded by the founding team |
| External Funding | 1 external investor onboarded |
| Revenue Status | Pre-revenue; paying customers live; Razorpay billing integration in progress |
| Seeking | Seed / early-stage investment for infrastructure scaling, Android app, multi-cloud BYOC development, and go-to-market in regulated sectors |
Team¶
| Employees | 3 |
| External Investors | 1 |
| Headquarters | Karnataka, India |
Lenzeye is a small, founder-led, deeply technical team. The entire platform — 178,000+ lines of production Python, full-stack Flask, encryption service, Android REST API — was built in-house.
Certifications¶
| Certification / Recognition | Status |
|---|---|
| Lenzeye Technologies Private Limited — MCA registered company | ✅ Registered |
| Production deployment — commercially validated with paying customers | ✅ Achieved |
| DPDP Act alignment | 🔜 In design (compliance module planned for Stage 4) |
| GDPR compliance reporting | 🔜 Planned Stage 4 |
| ISO 27001 (Information Security Management) | 🔜 Target post-Series A |
Security Standards in the Codebase¶
Lenzeye's security is implemented in code — not just policy. Every standard below is actively enforced at the application layer:
Encryption¶
- AES-256-CTR — files encrypted chunk-by-chunk using a stream cipher; any 10 MB part can be encrypted independently at the correct byte offset without re-reading the full file
- Per-user encryption keys — every registered user has a unique 256-bit key; one user's key cannot decrypt another user's data
- Master key wrapping — user keys are AES-256-GCM encrypted using a master key stored only as a server environment variable; never in the database or codebase
- Stateless session tokens — upload encryption context (key, IV, part size) is sealed in an AES-256-GCM authenticated token held client-side; zero database reads per upload part
Integrity¶
- HMAC-SHA256 — a keyed integrity tag is accumulated during upload across all ciphertext chunks; verified on every download; any bit-level corruption or tampering is detected and rejected
- IV prepended to ciphertext — the 16-byte initialization vector is stored with the encrypted file; decryption is fully self-contained
Access Control¶
- OTP-protected download links — a 256-bit secure token plus a one-time OTP are both required to access any shared download; OTP shown once at link creation
- Presigned time-limited S3 URLs — all file downloads go through short-lived Wasabi presigned URLs; no direct storage access
@login_requiredand@login_required_android— all authenticated routes decorated at the blueprint level; no route is accidentally public- Multi-tenant namespace isolation — every user's files are stored under
{email}/prefix in S3; cross-tenant access is structurally impossible through the platform
Transport¶
- HTTPS enforced — all traffic encrypted in transit via TLS
- CORS controls — Android API endpoints restricted to expected origins
Operational¶
- BoundedSemaphore concurrency control — concurrent encrypt+upload operations capped to prevent memory exhaustion under load
- No secrets in code —
MASTER_KEY, database URL, Redis URL, Wasabi credentials all loaded from environment variables; never hardcoded - Celery async task isolation — S3 file listing and background jobs run in isolated Celery workers; cannot block or corrupt the web request pipeline
Problem Statement¶
As businesses generate more digital data, assets become fragmented across multiple cloud providers. This creates three compounding problems:
1. Fragmentation & Vendor Lock-in Organizations store data across AWS, GCP, Azure, on-premise, and specialized providers — with no unified view, no consistent governance, and high switching costs if they want to change providers.
2. Insecure Transfer Layer Existing tools (Google Drive, WeTransfer, Dropbox, WhatsApp) either require the sender to have an account, compress files, cap file sizes, or store data without per-user encryption. None offer HMAC integrity verification. None offer data residency controls.
3. Governance & Compliance Gap For regulated industries — healthcare, legal, government, research — file transfer is a compliance problem, not just a logistics one. Who accessed what, when? Where does data reside? Is DPDP or GDPR satisfied? Existing SaaS platforms, mostly US-based, cannot answer these questions for Indian organizations.
Solution¶
Lenzeye is the software layer between organizations and their cloud storage — a cloud-agnostic data management and governance platform:
| Problem | Lenzeye Solution |
|---|---|
| Fragmented multi-cloud assets | Cloud-agnostic abstraction layer — connect any S3-compatible storage through one interface |
| Vendor lock-in | Bring Your Own Cloud (BYOC) — Lenzeye manages governance on top; you own the storage |
| No secure account-free transfer | Lenzeye File Transfer — any size, no account for sender, OTP-protected links |
| No encryption at rest | AES-256-CTR per-user encryption; per-user keys; master-key wrapping |
| No integrity verification | HMAC-SHA256 accumulated during upload, verified on every download |
| No data sovereignty | Indian company, Indian hosting, DPDP-aligned design, regional storage |
| No governance layer | Audit trails, access controls, retention policies — Stage 3 & 4 roadmap |
| Enterprise inaccessible | SMB-first pricing; scales to enterprise SLAs and sovereign-cloud deployment |
The end result: any organization — from a 3-person studio to a government ministry — can transfer, store, and govern digital assets securely across any cloud, without vendor lock-in, without compromising on security or compliance.
Contact¶
| support@lenzeye.in | |
| Phone | +91 7259901166 |
| Website | www.lenzeye.in |
| Headquarters | Karnataka, India |
© 2026 Lenzeye Technologies Private Limited. All rights reserved.