Privacy Policy

1. Introduction

Welcome to LexiCore™ ("LexiCore," "we," "us," or "our"). LexiCore is an enterprise legal document intelligence and practice management platform designed exclusively for licensed attorneys and law firms.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at www.lexicorelegal.com and related services. By accessing or using LexiCore, you agree to the terms of this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the platform.

2. Information We Collect

Account Information

When you create an account or are provisioned by your firm administrator, we collect:

• Full name and professional title
• Email address
• Organization/firm name
• Role and practice area assignments
• Authentication credentials (passwords are hashed and salted; never stored in plain text)

Billing & Financial Data

When you use our billing features, we process:

• Client names, matter descriptions, and billing rates
• Time entries, expenses, and invoice records
• Payment transaction metadata (amounts, dates, statuses)
• Tokenized payment method references (see Payment Processing)

Documents & Content

When you use document drafting, review, or filing features, we process:

• Documents you upload, draft, or generate
• Document metadata (titles, dates, practice areas)
• AI-generated analysis, summaries, and suggestions

Usage & Technical Data

We automatically collect:

• Browser type, device information, and operating system
• Pages visited, features used, and interaction patterns
• IP address and approximate geographic location
• Error logs and performance metrics

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain our services — Authenticate users, process documents, manage billing, and deliver platform features
• Process payments — Generate invoices, facilitate payment collection, and manage trust accounts
• Improve our platform — Analyze usage patterns to enhance features, fix issues, and optimize performance
• Ensure security — Detect and prevent fraud, enforce access controls (including Chinese Wall/ethical wall policies), and maintain audit logs
• Communicate with you — Send billing notifications, system alerts, and service-related updates
• Comply with legal obligations — Respond to legal requests and enforce our terms of service

We do not sell your personal information to third parties. We do not use your legal documents or client data to train AI models.

4. Payment Processing

LexiCore uses Finix Payments as our payment processor. When clients make payments through LexiCore:

• Credit card and bank account details are submitted directly to Finix and are never stored on our servers
• We store only tokenized references (e.g., card brand and last four digits: "Visa ****4242")
• Finix is PCI-DSS Level 1 compliant, the highest level of payment security certification
• Saved payment methods use Finix instrument tokens — no raw card numbers, CVVs, or bank account numbers are retained by LexiCore

For more information about how Finix handles your payment data, please review Finix's Privacy Policy.

5. Data Security

We take the security of your data seriously and implement multiple layers of protection:

• Encryption in transit — All data is transmitted over HTTPS/TLS
• Encryption at rest — Data is stored in encrypted databases
• Access controls — Role-based access control (RBAC) with partner, attorney, paralegal, and admin roles
• Ethical walls (Chinese Walls) — Practice-area-based data isolation prevents unauthorized cross-matter access, enforcing conflict-of-interest protections
• Audit logging — All significant actions are logged with timestamps, user identities, and change details
• Password security — Passwords are cryptographically hashed and salted before storage
• Session management — JWT-based authentication with automatic expiration

While no system is 100% secure, we continuously monitor and update our security practices to protect your data.

6. Data Retention

We retain your data as follows:

• Account data — Retained for the duration of your active account, plus a reasonable period after account closure for legal and audit purposes
• Billing records — Retained in accordance with applicable legal and accounting requirements (typically 7 years)
• Documents — Retained according to your firm's configured retention policies
• Audit logs — Retained for a minimum of 3 years
• Usage analytics — Aggregated and anonymized data may be retained indefinitely

You may request deletion of your personal data at any time by contacting us (see Contact Us). Some data may need to be retained to comply with legal obligations or legitimate business interests.

7. Third-Party Services

LexiCore integrates with the following third-party services to deliver our platform:

• Finix Payments — Payment processing, tokenized card storage, and payment link generation
• Resend — Transactional email delivery (invoice notifications, system alerts)
• Cloudflare — Web hosting, CDN, DDoS protection, and edge computing
• Google — Single Sign-On (SSO) authentication for users who choose Google login
• Neon — PostgreSQL database hosting with encryption at rest

Each third-party service has its own privacy policy governing how they handle data. We encourage you to review their respective privacy policies. We share only the minimum data necessary for each service to perform its function.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to Access — Request a copy of the personal data we hold about you
• Right to Correction — Request correction of inaccurate or incomplete personal data
• Right to Deletion — Request deletion of your personal data, subject to legal retention requirements
• Right to Data Portability — Request your data in a structured, machine-readable format
• Right to Restrict Processing — Request that we limit how we use your data
• Right to Object — Object to certain types of data processing

To exercise any of these rights, please contact us at the email address listed in the Contact Us section below. We will respond to your request within 30 days.

9. Cookies & Tracking

LexiCore uses minimal tracking technologies:

• localStorage — We store authentication tokens in your browser's localStorage to keep you signed in. This is essential for the platform to function.
• Session data — We use session-based data for maintaining your current workspace state (selected practice area, active tab, etc.)

We do not use third-party tracking cookies, advertising pixels, or behavioral analytics tools. We do not participate in cross-site tracking or ad networks.

10. Children's Privacy

LexiCore is a professional tool designed exclusively for licensed attorneys, legal professionals, and law firm staff. Our platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 13.

If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Provide notice through the platform (e.g., a banner notification)
• For significant changes, send an email notification to account administrators

Your continued use of LexiCore after changes are posted constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: