Back to Home

Privacy Policy

Effective Date: 27 May 2026 | Last Updated: May 2025 | Version: 1.0

1. INTRODUCTION

LexOS Intell ("LexOS Intell," "we," "our," "us") is committed to protecting your privacy. This Privacy Policy explains:

  • What information we collect
  • How we use that information
  • Who we share it with
  • How long we keep it
  • Your rights regarding your data

This Privacy Policy applies to all users of the LexOS Intell Platform, including individual users, organization admins, and organization members.

2. INFORMATION WE COLLECT

2.1 Information You Provide

Account Registration:

  • Full name, email address, phone number (optional)
  • Organization/firm name, industry
  • Professional credentials (optional, for verification)
  • Password (encrypted)

Billing Information:

  • Payment method (card, bank account)
  • Billing address and contact information
  • Invoice history and payment records

Customer Data (Documents Uploaded):

  • Legal contracts, briefs, policies, SOPs
  • Metadata: document titles, dates, file types
  • Activity logs: who accessed what, when, modifications made

Communication:

  • Support tickets, messages, feedback
  • Email correspondence with our team

2.2 Information Collected Automatically

Usage Data:

  • Modules accessed, features used, time spent
  • Documents processed, search queries
  • IP address, browser type, device information
  • Approximate location (country/region, from IP)

Cookies & Tracking:

  • Session cookies (necessary for login)
  • Preference cookies (remember your settings)
  • Analytics cookies (understand Platform usage)
  • See Cookie Policy for details

2.3 Information from Third Parties

Payment Processors:

  • Razorpay, Stripe: payment transaction data
  • Limited to transaction amount, date, status (not full card details)

Infrastructure Providers:

  • GCP, AWS: logs related to service delivery
  • Never raw Customer data

3. HOW WE USE YOUR INFORMATION

3.1 Service Delivery

  • Provide access to the Platform
  • Process documents and generate outputs
  • Maintain account security (MFA, authentication)
  • Deliver customer support
  • Send service updates and notifications

3.2 Billing & Payment

  • Process subscription payments
  • Issue invoices and manage billing
  • Detect and prevent fraud
  • Respond to payment-related inquiries

3.3 Legal & Compliance

  • Comply with legal obligations (tax, regulatory, court orders)
  • Enforce this Privacy Policy and other agreements
  • Protect against fraud, security threats, or abuse
  • Respond to government requests (if legally required)

3.4 Business Operations

  • Understand Platform usage (anonymized, aggregated)
  • Improve features, security, and performance
  • Communicate about account status, changes to terms
  • Send important administrative notifications

3.5 Legitimate Interests

  • Prevent misuse of the Platform
  • Ensure fair access for all users
  • Market our Platform responsibly
  • Resolve disputes

3.6 What We DO NOT Do

  • ❌ Sell personal data to third parties
  • ❌ Share Customer data with competitors or external AI companies for model training
  • ❌ Use Customer documents to train our AI models
  • ❌ Use personal information for targeted advertising
  • ❌ Combine data from multiple customers

4. WHO WE SHARE YOUR INFORMATION WITH

4.1 Subprocessors & Service Providers

We share limited information with trusted partners:

Infrastructure Providers:

  • GCP, AWS: Infrastructure, storage, compute (encrypted data only)
  • Firebase: Authentication, identity verification

Payment Processors:

  • Razorpay: Payment processing (INR transactions)
  • Stripe: Payment processing (international transactions)
  • Limited to: Transaction amount, date, status, currency

Security & Monitoring:

  • Automated security scanning, penetration testing, vulnerability detection

All subprocessors are contractually bound by Data Processing Agreements (DPAs) and cannot use your data for other purposes.

Subprocessor Consent:

  • We maintain a public list at lexosintell.com/subprocessors
  • We notify you of material subprocessor changes (30 days notice)
  • You have the right to object to new subprocessors

4.2 Legal & Regulatory Requests

We may disclose information if required by law:

  • Court order, subpoena, or government request
  • Law enforcement investigation
  • Legal compliance (tax, regulation)

Our Commitment:

  • We will notify you of legal requests (unless legally prevented)
  • We will disclose only the minimum required by law
  • We will not voluntarily provide data to government agencies

4.3 No Third-Party Sales

We do NOT sell, rent, or trade your personal information with third parties for marketing purposes.

5. DATA RESIDENCY & SECURITY

5.1 Geographic Locations

Your data is stored based on your location:

  • India Customers: GCP asia-south1 (Mumbai)
  • EU Customers: GCP europe-west3 (Frankfurt) [GDPR compliant]
  • US Customers: GCP us-central1 (Iowa) [available for enterprise]
  • Global Customers: Multi-region with customer preference

Payment Data:

  • All payment information processed in India (RBI compliance)
  • Never stored outside India

5.2 Encryption

Data at Rest:

  • AES-256 CBC mode encryption
  • Field-level encryption for document contents
  • Unique encryption keys per customer

Data in Transit:

  • TLS 1.2+ HTTPS for all connections
  • End-to-end encryption for sensitive payloads
  • No unencrypted data transmission

5.3 Access Controls

LexOS Intell Staff Access:

  • Staff cannot access encrypted Customer data without explicit permission
  • Access logs are maintained for all data access
  • Admin access requires approval and audit trail
  • Field-level encryption ensures staff see only metadata, not content

Customer Admin Controls:

  • IP whitelisting: restrict access to specific IP ranges
  • SSO (SAML/OIDC): centralized identity management
  • Audit logs: view all access and modifications
  • User role management: granular permission controls

6. DATA RETENTION & DELETION

6.1 How Long We Keep Your Data

Account Data (emails, billing, settings):

  • Retained while account is active
  • Deleted 90 days after account termination

Customer Documents & Processed Data:

  • Retained while subscription is active
  • For 12 months after subscription ends (for data access/export)
  • Permanently deleted after 12 months

Activity & Audit Logs:

  • Retained for 1 year for security audits
  • Automatically deleted after 1 year

Backups:

  • Encrypted backups retained for 90 days for disaster recovery
  • Backups automatically deleted after 90 days

6.2 Your Right to Deletion

You can request deletion of your account and data at any time:

Upon Termination:

  • Account data deleted within 90 days
  • Customer documents deleted within 30 days
  • Data export available for 30 days

Pro-Active Deletion:

  • Contact Compliance Officer to request immediate deletion
  • GDPR: Right to be forgotten (subject to legal holds)
  • Non-GDPR customers: Deletion at our discretion after termination

7. YOUR DATA RIGHTS

7.1 Access (Right to Know)

You have the right to request a copy of all personal data we hold about you.

Request Process:

  • Submit request via support dashboard or email
  • Verification: We'll confirm your identity
  • Response time: Within 30 days
  • Format: CSV or JSON export

7.2 Correction (Right to Rectify)

If your data is inaccurate, you can request corrections.

  • Account information: Update directly in Platform settings
  • Contact information: Request correction via support
  • Response time: Within 14 days

7.3 Deletion (Right to be Forgotten)

You can request deletion of your data (subject to legal obligations).

Exceptions:

  • If required by law (tax, regulatory)
  • If subject to litigation hold
  • If needed for Platform security

7.4 Portability (Right to Data Portability)

You can request your data in a portable format.

  • Available format: CSV, JSON, standard formats
  • Includes: Personal data, uploaded documents, activity logs
  • Response time: Within 30 days
  • Cost: Free for one request per year

7.5 Objection (Right to Object)

You can object to processing of your data for:

  • Direct marketing
  • Profiling for marketing purposes
  • Automated decision-making

Exception: Objection does not apply to processing necessary for contract performance.

7.6 Appeal & Complaint

If you believe we've violated your privacy rights:

  • Contact us first: Compliance Officer will respond within 30 days
  • Escalation: Request review from senior management
  • Regulatory complaint: File complaint with data protection authority (GDPR: EU authorities; CCPA: California Attorney General)

8. INTERNATIONAL DATA TRANSFERS

8.1 GDPR Compliance (EU Customers)

For EU customers, we process data under the GDPR:

  • Data stored in EU region (Frankfurt, Germany)
  • Data Processing Addendum (DPA) executed
  • Standard Contractual Clauses (SCCs) in place for any transfers
  • GDPR compliance audited annually

8.2 CCPA/CPRA Compliance (California Customers)

For California residents:

  • All rights under CCPA apply (access, deletion, opt-out)
  • We do not sell personal information
  • Right to non-discrimination for exercising privacy rights

8.3 Cross-Border Transfers

For data transferred outside the customer's home country:

  • Explicit customer consent obtained
  • Adequate safeguards in place (encryption, contractual terms)
  • Transfer notification in Privacy Policy

9. CHILDREN'S PRIVACY

LexOS Intell is not directed to individuals under 18 years of age.

  • We do not knowingly collect data from minors
  • If we become aware of data from a minor, we'll delete it immediately
  • Organization Admin is responsible for ensuring only authorized users access the account

10. COOKIES & TRACKING

10.1 Cookie Types

Essential Cookies:

  • Session tokens (required to stay logged in)
  • CSRF tokens (prevent unauthorized requests)
  • Security settings

Functional Cookies:

  • Language preference
  • UI preferences (dark mode, layout)
  • Saved searches

Analytics Cookies:

  • Usage patterns (modules accessed, features used)
  • Performance monitoring
  • Error tracking (anonymized)

Marketing Cookies:

  • Tracking across web properties (if you click links from our website)
  • Remarketing (if you visit other sites)

10.2 Cookie Management

  • You can disable non-essential cookies in browser settings
  • Disabling cookies may affect Platform functionality
  • See Cookie Policy for detailed list

11. THIRD-PARTY LINKS & SERVICES

LexOS Intell may contain links to third-party websites (documentation, tutorials, external resources).

  • We are not responsible for third-party privacy practices
  • Review their privacy policies before providing data
  • We do not control external websites

12. SECURITY MEASURES

12.1 Technical Safeguards

  • End-to-end encryption (AES-256)
  • Intrusion detection systems
  • Automated vulnerability scanning
  • Firewall and DLP (Data Loss Prevention)
  • Secure API authentication (OAuth, API keys)

12.2 Operational Safeguards

  • Employee access controls and training
  • Background checks for staff with data access
  • Confidentiality agreements for all employees
  • Regular security audits (annual)
  • Incident response and security escalation procedures designed to address security incidents in a timely manner.

12.3 Breach Notification

If we discover a breach of unencrypted personal data:

  • Internal notification: Immediate (within 1 hour)
  • Customer notification: Without undue delay.
  • Regulatory notification: As required by law

13. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

If you are a California resident, you have the following rights:

  • Right to Know: Request what personal information we collect and use
  • Right to Delete: Request deletion of personal information (with exceptions)
  • Right to Opt-Out: Opt out of "sales" of personal information (we don't sell data, but right applies)
  • Right to Correct: Request correction of inaccurate information
  • Right to Limit: Limit use of personal information to purposes disclosed
  • Right to Non-Discrimination: We will not discriminate based on exercise of rights

How to Exercise:

  • Submit request via support dashboard
  • Or email privacy request to Compliance Officer
  • We'll respond within 45 days

14. EUROPEAN PRIVACY RIGHTS (GDPR)

If you are a data subject under GDPR (EU, UK, EEA):

Your Rights:

  • Right of Access, Rectification, Erasure, Portability
  • Right to Object to processing
  • Right to restrict processing
  • Right to lodge complaint with supervisory authority

Data Controller:

LexOS Intell | IntellAxis AI Pvt Ltd | Pune, Maharashtra

Data Protection Officer:

Sanket Kedar (Compliance Officer)
Contact via support channel

Your Remedy:

  • Contact us first for resolution
  • Lodge complaint with your data protection authority (e.g., GDPR supervisory authority)

15. INDIA PRIVACY COMPLIANCE

LexOS Intell complies with India's IT Act 2000 and emerging data protection regulations.

Sensitive Personal Data:

  • Encrypted storage and access controls
  • Minimal collection (only necessary for services)
  • No sharing without explicit consent

Reasonable Security:

  • ISO 27001 certified security practices
  • Regular security audits and vulnerability testing

16. UPDATES TO THIS POLICY

16.1 Changes

  • We may update this policy at any time
  • Material changes require 30 days notice
  • Notice via email and in-app notification
  • Continued use = acceptance of new policy

16.2 Version Control

All versions maintained at lexosintell.com/privacy-archive with change log.

17. CONTACT US

Questions about privacy?

  • Escalation: Sanket Kedar, Compliance Officer
  • Channel: In-app ticketing dashboard
  • Email subject: "Privacy Request"
  • Response time: 30 days for formal requests; 7 days for urgent inquiries

ACKNOWLEDGMENT

By using LexOS Intell, you acknowledge that you have read and understood this Privacy Policy.

If you have concerns about our privacy practices, please contact us immediately.

LexOS Intell
IntellAxis AI Pvt Ltd
Pune, Maharashtra
Version 1.0 | Effective 27 May 2026