1. Data Controller
Lexiel AI (company in formation) Email: hola@lexiel.ai Website: https://lexiel.ai
2. Data We Collect
We collect the following categories of personal data:
- Registration data: name, email, password (hashed), firm name
- Usage data: queries made, documents uploaded, features used
- Technical data: IP address, browser type, operating system, cookies
- Billing data: processed directly by Stripe (we do not store card details)
Uploaded Legal Documents
Documents you upload to Lexiel are processed exclusively to provide you the requested service. Your documents are NEVER used to train AI models. Documents are stored encrypted and automatically deleted according to your retention settings.
3. Processing Purposes
| Purpose | Legal Basis (GDPR) |
|---|---|
| Service provision | Art. 6.1.b - Contract performance |
| AI document analysis | Art. 6.1.b - Contract performance |
| Marketing communications | Art. 6.1.a - Consent |
| Service improvement (anonymized) | Art. 6.1.f - Legitimate interest |
| Legal compliance | Art. 6.1.c - Legal obligation |
4. Artificial Intelligence Processing
Lexiel uses AI models to analyze legal documents, search case law, and generate briefs. Here's what you should know:
- We don't train models with your data: Your documents and queries are never used to train or improve third-party AI models.
- EU processing: Our primary servers are located in the European Union.
- Automatic anonymization: We offer automatic anonymization of personal data in documents before processing.
- Human oversight: AI results are support tools and do not replace the professional judgment of a lawyer.
5. Sub-processors
| Provider | Function | Location |
|---|---|---|
| Railway | Infrastructure (servers) | EU (Germany) |
| codelabs.studio | PostgreSQL database (VPS) | EU |
| Cloudflare | CDN & DDoS protection | Global (data in EU) |
| Anthropic | AI model (Claude) | USA (with SCCs) |
| Stripe | Payment processing | USA (with SCCs) |
6. International Transfers
When data is transferred outside the EEA (Anthropic, Stripe), Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914) apply, ensuring a level of protection equivalent to the GDPR.
7. Data Retention
- Account data: While your account is active + 30 days after cancellation
- Uploaded documents: According to your settings (default: 90 days)
- Query history: 12 months from last query
- Billing data: 6 years (Spanish tax obligation)
- Technical logs: 90 days
8. Your Rights (Arts. 15-22 GDPR + LOPDGDD)
You may exercise the following rights:
- Access (Art. 15): Obtain a copy of your personal data
- Rectification (Art. 16): Correct inaccurate data
- Erasure (Art. 17): Request deletion of your data
- Restriction (Art. 18): Restrict the processing of your data
- Portability (Art. 20): Receive your data in a structured format
- Objection (Art. 21): Object to the processing of your data
- Automated decisions (Art. 22): Not be subject to decisions based solely on automated processing
To exercise your rights, contact: hola@lexiel.ai
9. Minors
Lexiel is not intended for minors under 14 years old (pursuant to LOPDGDD Art. 7). We do not intentionally collect data from minors under this age.
10. Complaints
If you believe your rights have been violated, you may file a complaint with the Spanish Data Protection Agency (AEPD):
- Web: https://www.aepd.es
- Address: C/ Jorge Juan 6, 28001 Madrid
11. EU AI Act (Regulation 2024/1689)
Lexiel aligns with the European Artificial Intelligence Regulation:
- Classification: Limited risk AI system (professional assistance)
- Transparency: We clearly indicate that results are AI-generated
- Human oversight: The lawyer always maintains control and final decision
- Technical documentation: We maintain records of system operation