Privacy Policy

Last Updated: October 14, 2025

1. Overview

LexRoss provides AI-powered legal technology that runs entirely within your organization's infrastructure. We are committed to maintaining the confidentiality and security of your data, consistent with our core value proposition: Your Knowledge. Your Control.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, organization details, and contact information when you create an account or request a demo.
• Usage Data: Documents, queries, and other content you input into the LexRoss platform for AI processing.
• Communication Data: Information you provide when contacting our support team or participating in surveys.

2.2 Automatically Collected Information

• Technical Data: IP addresses, browser type, device information, and operating system.
• Usage Analytics: Information about how you interact with our platform, including features used, time spent, and performance metrics.
• Cookies: We use cookies and similar technologies to enhance user experience and analyze platform performance.

3. How We Use Your Information

We use the information we collect to:

• Provide Services: Operate, maintain, and improve the LexRoss platform.
• Process AI Requests: Analyze and respond to your queries using our AI technology within your controlled environment.
• Customer Support: Respond to your inquiries, provide technical assistance, and resolve issues.
• Security: Monitor and prevent security threats, fraud, and unauthorized access.
• Analytics: Understand usage patterns to improve our services and develop new features.
• Communications: Send you service updates, security alerts, and administrative messages.
• Compliance: Meet legal obligations and enforce our Terms of Service.

4. Data Storage and Security

4.1 Enterprise Deployment Model

Your data stays in your environment. LexRoss is deployed within your organization's cloud infrastructure (AWS, Azure, GCP, or private cloud). Your documents, queries, and proprietary information never leave your controlled environment.

4.2 Security Measures

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Access Controls: Role-based access controls and multi-factor authentication.
• Audit Logs: Comprehensive logging of all system access and activities.
• Regular Security Audits: Periodic security assessments and penetration testing.
• Compliance: SOC 2 Type II, ISO 27001, and GDPR compliant practices.

4.3 Data Retention

Since LexRoss operates within your infrastructure, you control data retention policies. LexRoss administrative data is retained for the duration of your subscription plus 90 days for backup purposes, unless you request earlier deletion.

5. Data Sharing and Disclosure

5.1 Third-Party AI Models

You choose which AI models to use (OpenAI, Anthropic, Google, etc.). When you use these models, your queries are processed according to your direct agreement with the model provider. LexRoss facilitates this connection but does not store or share your query data with these providers independently.

5.2 Service Providers

We may share limited information with trusted service providers who assist us with:

• Cloud infrastructure hosting (for our administrative systems)
• Payment processing
• Customer support tools
• Analytics and monitoring

All service providers are contractually bound to protect your information and use it only for specified purposes.

5.3 Legal Requirements

We may disclose information when required by law, such as:

• In response to valid legal process (subpoena, court order, search warrant)
• To protect our rights, property, or safety
• To prevent fraud or security threats
• In connection with a business transaction (merger, acquisition, sale of assets)

5.4 No Sale of Personal Data

We do not sell your personal information. Your data is not used to train our models or shared with third parties for their marketing purposes.

6. Your Rights and Choices

6.1 Access and Correction

You have the right to access, update, or correct your personal information at any time through your account settings or by contacting us.

6.2 Data Portability

You can export your data from the LexRoss platform in standard formats.

6.3 Deletion

You can request deletion of your account and associated data. Since your content data resides in your infrastructure, you have direct control over its deletion.

6.4 Opt-Out of Communications

You can opt out of marketing communications at any time by clicking the unsubscribe link in emails or contacting us directly.

6.5 Cookie Management

You can control cookies through your browser settings. Note that disabling cookies may affect platform functionality.

7. International Data Transfers

LexRoss is headquartered in the United States. If you are accessing our services from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses where applicable.

8. Children's Privacy

LexRoss is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice within the LexRoss platform

Your continued use of LexRoss after changes are posted constitutes acceptance of the updated policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

11. Specific Rights by Jurisdiction

11.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to know what personal information we collect, use, and disclose
• Right to request deletion of your personal information
• Right to opt-out of the sale of personal information (note: we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at [email protected].

11.2 European Economic Area (GDPR)

If you are in the EEA, you have rights under the General Data Protection Regulation, including:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

12. Attorney-Client Privilege

Important Notice: While LexRoss provides technology for legal professionals, we are not a law firm and do not provide legal advice. The attorney-client privilege exists between you and your clients, not between you and LexRoss. You are responsible for maintaining privilege and confidentiality in accordance with your professional obligations.