How Lexlegis Solutions Private Limited collects, uses, stores, and shares personal data. Aligned with the Digital Personal Data Protection Act 2023 (DPDP) and the EU General Data Protection Regulation (GDPR).
Lexlegis Solutions Private Limited is a private limited company incorporated in India under the Companies Act 2013. We operate the Lexlegis.ai platform, including the Legal AID features (Ask, Interact, Draft) and MIRA, our AI legal workforce in early access.
Registered office, Nariman Point, Mumbai 400021, Maharashtra, India.
CIN, U63110MH2024PTC426876.
PAN, AAFCL8661E. GST, 27AAFCL8661E1ZB.
Data Protection Officer, dpo@lexlegis.ai.
We collect personal data in three buckets. Account data (name, work email, organisation, role, billing information). Usage data (logs of queries, session identifiers, device and browser metadata, performance telemetry). Content data (documents you upload, queries you submit, outputs generated for you).
Content data is governed by strict access controls. It is not used to train shared models and is accessible only to the account it belongs to.
We use account data to provide the service, to bill you, and to respond to enquiries. We use usage data to operate, secure, and improve the platform, to run analytics in aggregate, and to investigate security incidents. We use content data only to deliver the feature you requested, and to retain it for the period you configure.
We do not sell your personal data. We do not disclose it to third party advertisers. We do not use it to train shared models.
Under DPDP and GDPR, the lawful bases on which we process your personal data are consent (for optional features and marketing), contract (to provide the service you have ordered), legitimate interest (for security, fraud prevention, and improvement), and legal obligation (for tax, accounting, regulatory response).
Account data is retained for the duration of your relationship with us plus seven years as required under the Companies Act and Income Tax Act record keeping rules. Usage data is retained for up to 24 months by default, configurable on Enterprise. Content data retention is set by you, defaulting to active account life plus 90 days for export.
On Mode A (SaaS), in India on ISO 27001 certified infrastructure. On Mode B, on L&T Vyoma sovereign Indian cloud. On Mode C, in your chosen region within your cloud estate. On Modes D and E, on your premises or air gapped silicon.
We rely on a small set of sub processors for infrastructure and operational needs. A current list is published at trust.lexlegis.ai. We notify customers of material changes to the sub processor list, with a right to object for Enterprise customers.
Under DPDP and GDPR, you have rights to access, correct, erase, and export your personal data, and to restrict or object to processing in defined circumstances. To exercise these rights, write to dpo@lexlegis.ai. We respond within 30 days.
For customers outside India, transfers are governed by Standard Contractual Clauses and equivalent mechanisms. Data residency can be locked to the region of your choice on Modes B, C, D and E.
Full security architecture is described at /security. Briefly, TLS 1.3 in transit, AES 256 at rest, customer managed keys available on non SaaS modes, ISO 27001:2022 certification, CERT-In empaneled audits, and responsible disclosure at security@lexlegis.ai.
For any privacy related matter, contact our Data Protection Officer at dpo@lexlegis.ai. For grievance redressal under the DPDP Act, the same email serves as our designated channel. Response within 30 days as required under rule.