🔒 Privacy Policy

📋 1. Overview

Lexi AI, Inc. ("Lexi," "we," "us," or "our") operates the Lexi website and application at lexilaw.ai (the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights over it.

By using Lexi, you agree to the practices described in this policy. If you disagree with any part of it, please discontinue use of the Service.

📊 2. What We Collect

Information You Give Us Directly

• Account information: Name, email address, state of residence, and password when you create an account.
• Profile information: Your legal profile details (state, family status, business ownership) to personalize guidance.
• Documents you create or upload: Legal documents you build with Lexi or upload for analysis.
• Chat conversations: Messages you send to Lexi AI and responses you receive.
• Payment information: Billing details processed securely by our payment provider (Stripe). We never store full card numbers.

Information We Collect Automatically

• Usage data: Pages visited, features used, time spent, and clicks — to understand how to improve Lexi.
• Device information: Browser type, operating system, screen size, and IP address.
• Cookies and local storage: Session tokens and preferences (see Section 11).

What We Do NOT Collect

• We do not collect your Social Security Number, government ID, or financial account numbers.
• We do not access your device's contacts, camera, or microphone.
• We do not track you across other websites or apps.

⚙️ 3. How We Use Your Information

We do not use your data to serve you advertisements, sell your information to third parties, or build profiles for marketing purposes.

🤝 4. Who We Share Your Information With

We share your data with a small number of trusted service providers — only as needed to operate Lexi:

We do not sell your personal information. We do not share your data with advertisers, data brokers, or any third parties for their own marketing purposes.

We may disclose your information if required by law, court order, or to protect the safety of users or the public.

🤖 5. AI Conversations & Your Documents

What happens to your chat history

• Your conversations are stored in encrypted form on our servers so Lexi can provide context in future sessions.
• You can delete your chat history at any time from your account settings.
• We do not use your individual conversations to train AI models without your explicit consent.

Document Vault

• All documents in your vault are encrypted at rest using AES-256 encryption.
• Only you can access your documents. Lexi staff cannot read the contents of your vault.
• When you use the Document Analyzer, your document content is temporarily sent to our AI provider and then discarded — it is not stored by the AI provider.

🛡️ 6. Data Storage & Security

We take the security of your information seriously, particularly given the sensitive nature of legal documents.

• Encryption at rest: All stored data is encrypted using AES-256.
• Encryption in transit: All data is transmitted over HTTPS/TLS.
• Access controls: Only authorized Lexi personnel can access operational systems, and access is logged and monitored.
• Payment security: We are PCI-DSS compliant. Card details are handled entirely by Stripe — we never see or store them.
• Data location: Your data is stored on servers in the United States.
• Retention: We retain your data for as long as your account is active. After account deletion, data is purged within 30 days, except where required by law.

No system is 100% secure. If we ever detect a breach affecting your data, we will notify you within 72 hours by email.

✅ 7. Your Rights

You have the following rights over your personal data, regardless of where you live:

• Access: Request a copy of all personal data we hold about you.
• Correction: Ask us to correct inaccurate or incomplete data.
• Deletion: Request deletion of your account and all associated data.
• Portability: Request an export of your data in a machine-readable format.
• Opt-out of marketing: Unsubscribe from any marketing emails at any time (note: service emails like receipts cannot be opted out of while your account is active).
• Withdraw consent: Where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, email us at privacy@lexilaw.ai. We will respond within 30 days.

🌵 8. California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you additional rights:

• Right to Know: What personal information we collect, use, disclose, and sell (we don't sell it).
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell your personal information, so this right is already honored.
• Right to Non-Discrimination: We will not treat you differently for exercising your CCPA rights.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Data: You may limit our use of sensitive personal information.

California residents may submit requests via email to privacy@lexilaw.ai or by mailing us. We may need to verify your identity before processing your request.

In the past 12 months, we have not sold or shared personal information with third parties for cross-context behavioral advertising.

🇪🇺 9. EU & UK Residents (GDPR)

If you are located in the European Union or United Kingdom, the General Data Protection Regulation (GDPR) applies to your data. In addition to the rights listed in Section 7, you also have:

• Right to Restrict Processing: Ask us to limit how we use your data while a complaint is being resolved.
• Right to Object: Object to processing based on legitimate interests.
• Right to Lodge a Complaint: With your local data protection authority (e.g., ICO in the UK, your national DPA in the EU).

Our legal bases for processing are: (1) contract performance — processing necessary to provide the Service; (2) legitimate interests — improving the Service and preventing fraud; and (3) legal obligation — complying with applicable laws.

Data transfers outside the EU/UK are protected by Standard Contractual Clauses (SCCs) where required.

👧 10. Children's Privacy

Lexi is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18.

If we discover that a child under 18 has provided us with personal information, we will delete it immediately. If you believe a child has provided us with information, please contact us at privacy@lexilaw.ai.

🍪 11. Cookies & Tracking

We use a minimal set of cookies to operate the Service:

We do not use advertising cookies, tracking pixels, or third-party behavioral advertising technologies. You can disable non-essential cookies in your browser settings at any time.

📢 12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Send you an email notification at least 14 days before the change takes effect.
• Display a notice inside the Lexi app.

Continued use of the Service after the effective date constitutes your acceptance of the updated policy. If you disagree with the changes, you may delete your account before they take effect.

✉️ 13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out: