Investor FAQ¶
The questions an investor or jury panel would ask — answered directly.
Product¶
1. What exactly does Lenzeye do? Lenzeye is a cloud-agnostic data management and governance platform — a pure software abstraction layer that lets any organization transfer, store, and govern digital assets securely, regardless of which cloud storage they use. The core product is a high-security file transfer pipeline with AES-256 encryption, HMAC integrity, and multi-tenant isolation. Photography is the early validation vertical, not the permanent target.
2. What is the core technical product? A secure data transfer pipeline: AES-256-CTR encryption per file, HMAC-SHA256 integrity on every download, S3 multipart upload (10 MB chunks, resumable to 250 GB+), stateless session tokens (zero DB reads per upload part), and strict per-tenant data isolation. This pipeline works on top of any S3-compatible storage — Wasabi, AWS, GCP, or a customer's own cloud.
3. Is this just another Dropbox clone? No. Dropbox is a consumer storage product tied to its own infrastructure. Lenzeye is a software abstraction layer: organizations bring their own cloud, and Lenzeye provides the secure transfer, governance, encryption, and compliance layer on top. No vendor lock-in. No consumer UX compromises.
4. Why photography as the first vertical? Photography is a high-stakes, high-volume proof point: photographers transfer 500 GB – 2 TB monthly, files must arrive intact without compression, recipients have no cloud accounts, and the existing tools all fail visibly. Solving it in production — with 250 GB transfers, AES-256 encryption, and HMAC integrity — validates the platform before enterprise expansion.
5. Is the product live? Yes. Deployed on production infrastructure, serving paying customers, validated with 2,630+ files in a 6h 56min session with zero crashes and zero file corruption.
6. Who are your current users? Businesses and professionals using the platform for large, secure file transfer and storage. The guest upload (Lenzeye File Transfer) is the primary adoption driver. Early adopters are from the photography and media industry.
7. What is the multi-cloud vision? Phase 3 of the roadmap introduces Bring Your Own Cloud (BYOC): organizations connect their own S3-compatible storage backend, and Lenzeye's software layer manages transfer, encryption, governance, and compliance on top. This makes Lenzeye cloud-vendor-neutral and deployable on any infrastructure.
8. What is zero-trust / zero-knowledge mode? A planned capability where the Lenzeye server never sees plaintext — encryption and decryption happen client-side. The server only transfers ciphertext. This is the highest security tier for regulated industries (legal, healthcare, government).
9. Do you have patents or IP protection? The platform is proprietary software. The specific combination of AES-256-CTR multipart upload with HMAC accumulation during upload (avoiding re-download for integrity verification) is a novel implementation. Patent filing is on the roadmap.
10. What is the Android app status? The Android REST API is live and fully tested — all backend endpoints for auth, storage, file transfer, and profile management are ready. The mobile app build has not started yet; it is on the roadmap for the next phase.
Market¶
11. How big is the market? The addressable market is every organization that moves, stores, or governs large digital assets. In India alone: healthcare (medical imaging), legal (case files and evidence), media & entertainment (video production), research institutions (scientific datasets), government and defence (sovereign data), and SMBs across all industries. The global cloud data management market is projected to exceed $100 billion by 2027. Photography is the early entry point — not the ceiling.
12. Who is the target customer? Near-term: businesses and professionals needing secure large-file transfer without vendor lock-in — starting with media, photography, and content industries. Mid-term: SMBs and regulated industries (healthcare, legal, research) needing governance and compliance layers. Long-term: enterprises and public-sector organizations requiring sovereign cloud deployment with Bring Your Own Cloud support.
13. Why hasn't anyone built this in India before? The technical complexity of encrypted large file transfer at scale is high. Building a cloud-agnostic abstraction layer with HMAC integrity, stateless session tokens, and multi-tenant isolation requires deep cryptographic and distributed systems knowledge. Most Indian tech companies build on top of foreign cloud APIs — Lenzeye builds the layer between organizations and those APIs.
14. What is your go-to-market strategy? Near-term: direct outreach and word-of-mouth through the guest upload use case. Mid-term: B2B SaaS to regulated industries (healthcare, legal) with governance and compliance modules. Long-term: white-label and BYOC enterprise deployments for organizations that cannot use foreign-hosted SaaS. Strategic: positioning as India's indigenous answer to Kiteworks, ShareFile, and similar secure managed file transfer platforms.
15. What is the pricing model? Freemium for individual users (25 GB free, paid tiers for storage). B2B subscription for organization accounts, Lab Portal, and governance features. Enterprise: white-label licensing and managed deployment fees. BYOC: per-seat or per-transfer pricing on the software layer.
Security¶
16. How is data protected? AES-256-CTR encryption at rest, per-user unique keys, HMAC-SHA256 integrity verification, HTTPS in transit, presigned time-limited URLs, OTP-protected download links.
17. Can Lenzeye staff read user files? Not without deliberate effort requiring both the master key (environment variable) and the user's encrypted key (database). The system is designed to minimize trust surface — no casual access to user data.
18. What happens if Lenzeye's database is breached? User encryption keys are stored encrypted with the master key. A database breach without the master key yields no usable decryption keys. User account data (names, emails) would be exposed but not file contents.
19. Where is data stored? Wasabi S3, AP Southeast-1 region. Wasabi is an S3-compatible storage provider with zero egress fees and comparable reliability to AWS S3.
20. Are you compliant with Indian data laws? The platform is designed with data minimization principles. Full compliance review under India's DPDP Act is planned as the platform scales.
Scalability¶
21. Can your infrastructure handle 10,000 users? The current single-server architecture handles current load well. Scaling to 10,000 users requires horizontal scaling on Render (adding worker instances) and potentially separating the encryption worker from the web server. The architecture is stateless by design — scaling is straightforward.
22. What is your biggest technical bottleneck? The encrypted upload path runs through a single server (for encryption). The BoundedSemaphore limits concurrent operations. This is addressable by adding more server instances — the session token design ensures any server can handle any request.
23. How does storage scale? Wasabi S3 is virtually unlimited. Storage costs scale linearly. No architectural changes needed for storage growth.
24. What is the database load like? Minimal for uploads (session token design means zero DB reads per upload part). DB is only hit for user lookup, guidelines check, and link generation — all infrequent operations.
25. Can you handle concurrent users from multiple cities simultaneously? Yes. The current architecture is stateless for uploads. The semaphore limits encryption concurrency, not total users. Plain (non-encrypted) uploads have no server-side bottleneck at all.
Financials¶
26. What are your current infrastructure costs? Render Starter plan (~$25/month), Wasabi S3 (pay-per-GB stored, zero egress), PostgreSQL managed DB (included in Render plan). Total infrastructure: sub-$100/month at current scale.
27. What is your revenue today? Pre-revenue. Platform is live, users are onboarded, subscription billing (Razorpay) is in final integration.
28. What is the unit economics model? Cost per user: Wasabi storage cost per GB × user's storage. Revenue per user: subscription plan fee. At 50 GB average usage and standard Wasabi pricing, storage cost per user per month is well below ₹100.
29. When do you expect to be revenue-generating? Within the next quarter, post-Razorpay integration. The subscription tier structure is already built and user-visible.
30. What is the funding being sought for? Server scaling (higher Render plan or dedicated servers), Android app build, multi-cloud BYOC infrastructure, go-to-market for regulated sectors, and team expansion (1-2 engineers).
Roadmap¶
31. What is the next major feature? Razorpay self-service subscription billing and client-side encryption (zero-knowledge mode). Android app build follows once the web platform billing is self-service.
32. What is the 12-month roadmap? Razorpay payments → client-side encryption → Android app build → Bring Your Own Cloud (BYOC) → centralized governance dashboard → audit trails → data residency controls.
33. What is your 3-year vision? Become India's leading cloud-agnostic data management and governance platform — a pure software layer deployable by any organization across any industry to transfer, store, and govern digital assets with enterprise-grade security and zero vendor lock-in.
34. Will you expand beyond photography? Yes — and that is the core plan. Photography was the early validation vertical. The platform's technology — encrypted transfer, multi-tenant isolation, BYOC support — applies to healthcare, legal, media, research, government, and any regulated industry moving large digital assets. Depth in photography proves the technology; expansion is the business.
35. What is the AI roadmap? AI-based asset classification (tagging, categorization across storage environments), smart governance policy suggestions, and storage analytics. Google Cloud Vision API is already integrated in the codebase for OCR/vision tasks.
Team¶
36. Who built Lenzeye? Lenzeye is a founder-led, bootstrapped startup. The core platform (178,000+ lines of Python, full-stack Flask + React) was built by the founding team.
37. What is the technical depth of the team? The team has implemented production-grade AES-256 encryption, S3 multipart upload, Celery async task queues, PostgreSQL, Flask blueprints, Gunicorn tuning, and Android REST APIs — all deployed and validated in production.
38. Are you looking for co-founders or key hires? Yes. Looking for a business development co-founder and 1-2 engineers post-funding.
Risk¶
39. What if Google adds a no-account file transfer feature? Google's target market is global, general-purpose users. Lenzeye's value is the full-stack photography workflow — lab portal, website builder, collaboration, encrypted storage — not just file transfer. A single Google feature doesn't replicate the platform.
40. What if a photographer's storage is hacked? Files are AES-256 encrypted with per-user keys. A breach of Wasabi S3 yields encrypted blobs, not readable photos. HMAC ensures tampered files are detected and rejected on download.
41. What is the risk of Wasabi going down? Wasabi has 99.9% uptime SLA. S3-compatible API means migration to AWS S3 or another provider requires only an endpoint change — the codebase is not Wasabi-specific.
42. What is the risk of Render going down? Render has 99.9%+ uptime. The stateless architecture means recovery is as fast as a new server spin-up. No server-side session state means no data loss on restart.
43. What is the biggest risk to the business? User acquisition speed. The platform is technically ready. The challenge is reaching photographers at scale. Partnership with photography associations is the primary channel.
44. What if a larger player (Amazon, Microsoft) enters this space? Large cloud providers build for enterprise, not for a wedding photographer in Hubli. The localized, workflow-specific, India-priced platform is a genuine moat that cloud giants cannot replicate through generic tooling.
45. How do you handle data loss scenarios? Wasabi S3 provides 11 nines (99.999999999%) of durability through internal redundancy. Lenzeye adds HMAC verification to detect any corruption. There is no single point of data loss in the storage layer.
Technical Deep Dive¶
46. Why AES-256-CTR instead of AES-256-GCM? CTR mode is seekable — any byte offset can be encrypted independently. This is essential for multipart upload where chunks must be encrypted at their correct stream position without sequential dependency. GCM requires sequential processing of the entire stream.
47. How is the HMAC computed without re-downloading the file?
HMAC is accumulated chunk-by-chunk during the upload-part phase, stored in a server-side registry keyed by upload_id. On completion, the final HMAC is read from the registry and stored in S3 metadata — zero re-download required. This was a specific engineering decision to avoid RAM spikes proportional to file size.
48. What is the session token and why? A JWT-style AES-256-GCM sealed blob carrying the user's encryption key, IV, and part size. The browser holds it opaquely and sends it on every upload-part request. The server decrypts it with one AES-GCM operation — zero database reads per part. Works across all Gunicorn workers (stateless).
49. How does the platform handle Wasabi eventual consistency?
After complete_multipart_upload, the server retries head_object up to 5 times with 1-second sleep between attempts before updating S3 metadata with the HMAC. This handles Wasabi's consistency window reliably.
50. What would break first at 100× current load?
The encrypted upload path's BoundedSemaphore(4) would cause queuing (not failure) as concurrent users increase. The fix is horizontal scaling — adding more server instances. The stateless session token design ensures any instance can process any request without shared state.