← Back to LEXUMAN

Privacy Policy

Last updated: 28 June 2026

LEXUMAN is operated by Pawan Kumar ("we", "us"), based in Jharkhand, India. This Privacy Policy explains what personal data we collect, how we use it, and the rights you have over it. Our core commitment: your contract text is never used to train AI or foundation models, and we do not save it in our database. It is sent over an encrypted connection to our AI provider for a single analysis. The upstream AI provider may retain inputs for a short period (typically around 30 days) for abuse and trust-and-safety monitoring before deletion; they do not use the data to train their models.

1. Data we collect

  • Account data: email address, authentication credentials (managed by our auth sub-processor — we never see your password in plain text), and account preferences.
  • Billing data: plan, subscription status, and billing metadata returned by our payment provider. We do not store full card details.
  • Usage data: quota counters (e.g. analyses run this month), feature usage events, error logs, and timestamps.
  • Technical data: IP address, browser, device, and cookies strictly necessary to keep you signed in.

2. How your contract text is handled

Encrypted in transit. Contracts you upload are sent over TLS to our AI gateway for a single inference request.

Not stored on our servers. LEXUMAN does not save the contract body in our database. Your analysis history lives in your browser; if you sign out or clear browser storage, it is gone.

Never used to train AI. Neither LEXUMAN nor our upstream AI provider uses your contract text to train AI or foundation models.

Upstream trust-and-safety retention. Our upstream AI provider may retain API inputs for a limited period (typically around 30 days) for abuse monitoring and trust-and-safety review, after which they are deleted. This is the provider's policy, not ours, and we do not have access to that data.

3. How we use data

  • To provide and operate the Service (run analyses, answer Q&A);
  • To manage your account, subscription, and billing;
  • To enforce quotas and prevent abuse;
  • To communicate service updates and respond to support requests;
  • To improve and secure the Service (aggregate, non-identifying usage analytics).

4. Legal bases (GDPR / UK GDPR)

  • Contract: to deliver the Service you signed up for.
  • Legitimate interests: security, fraud prevention, product improvement.
  • Consent: where required (e.g. optional communications).
  • Legal obligation: tax, accounting, and lawful requests.

5. Sub-processors

We rely on a small set of trusted providers to run the Service:

  • Cloud hosting, database & auth — for hosting the application, managing accounts, and storing account/usage data.
  • AI gateway — for running language-model inference on contracts you upload. Contract text is sent in real time, never used to train AI models, and may be retained briefly by the upstream provider for trust-and-safety monitoring before deletion. We may change AI sub-processors or models from time to time; material changes will be notified per Section 11.

6. International transfers

Our providers may process data outside your country, including in the United States, the European Union, and India. Where required, transfers are protected by appropriate safeguards such as Standard Contractual Clauses.

7. Retention

  • Contract text: not saved in our database; may be retained briefly by the upstream AI provider for trust-and-safety monitoring before deletion.
  • Analysis results: stored locally in your browser (e.g. via localStorage); we do not retain them on our servers. Clearing your browser storage or signing out removes them from your device.
  • Account & billing records: kept for the life of the account plus any period required by law (typically up to 7 years for tax).
  • Logs & security events: kept for a limited period (typically 30–180 days).

8. Security

We use industry-standard security measures including TLS in transit, encryption at rest for stored data, role-based access controls, and regular review of our infrastructure. No system is perfectly secure; please use a strong, unique password.

9. Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict, or port your personal data, and to object to or withdraw consent for certain processing. To exercise any of these rights, contact us at [privacy@yourdomain.com]. We will respond within the timeframes required by law.

10. Children

The Service is not directed to individuals under 18. We do not knowingly collect personal data from children.

11. Changes

We will post changes to this Policy on this page and update the "Last updated" date. Material changes will be notified by email or in-app.

12. Contact

Privacy questions: [privacy@yourdomain.com].