Privacy Policy
Last updated: January 1, 2025
1. Who we are
LexAI ("we", "us", "our") is an AI-powered legal assistance platform. Our registered address and data controller contact: privacy@lexai.app. For EU/UK data subjects, we act as the data controller under the GDPR and UK GDPR respectively.
2. What data we collect
We collect: • Account information: email address, name, and authentication data provided via Clerk. • Usage data: messages sent, features used, timestamps, and session metadata. • Billing information: payment data is processed by Stripe and never stored on our servers. • Conversation content: messages you send to LexAI are processed by Anthropic's API to generate responses. • Technical data: IP address, browser type, device type, and cookies.
3. How we use your data
We use your data to: • Provide, operate, and improve the LexAI service. • Enforce usage limits and manage your subscription. • Send transactional emails (account confirmation, billing receipts). • Comply with legal obligations. We do not sell your personal data to third parties. We do not use your conversation content to train AI models.
4. Legal basis for processing (GDPR)
For EU/UK users, we process your data under the following lawful bases: • Contract performance: to provide the service you have signed up for. • Legitimate interests: security, fraud prevention, and service improvement. • Legal obligation: compliance with applicable laws. • Consent: for any optional communications (which you may withdraw at any time).
5. Data retention
We retain your account data for as long as your account is active. Conversation history is retained for 90 days, after which it is automatically deleted. You may request earlier deletion at any time. Billing records are retained for 7 years as required by tax law.
6. Your rights (GDPR / UK GDPR)
If you are located in the EU or UK, you have the right to: • Access the personal data we hold about you. • Correct inaccurate personal data. • Request deletion of your personal data ("right to be forgotten"). • Object to or restrict processing. • Data portability. • Withdraw consent at any time. To exercise any of these rights, email privacy@lexai.app. We will respond within 30 days.
7. Cookies
We use strictly necessary cookies for authentication and session management. We use analytics cookies only with your consent. You may withdraw cookie consent at any time via the cookie settings link in our footer.
8. Third-party processors
We share data with: • Clerk (authentication) — clerk.com • Anthropic (AI processing) — anthropic.com • Stripe (payments) — stripe.com • Supabase (database) — supabase.com • Vercel (hosting) — vercel.com Each processor is bound by appropriate data processing agreements. Anthropic processes conversation content solely to return a response and does not retain or train on your data under our enterprise agreement.
9. International transfers
Your data may be processed in the United States. For EU/UK users, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to legitimize these transfers.
10. Important disclaimer
LexAI is an AI tool and does not constitute legal advice. All output must be reviewed by a qualified, licensed attorney before use. LexAI is not a law firm and no attorney-client relationship is formed through use of this service.
11. Contact & complaints
For privacy questions: privacy@lexai.app. EU/UK users have the right to lodge a complaint with their national data protection authority (e.g. the ICO in the UK, or your local EU supervisory authority).