Your legal data, under your absolute control
6 security commitments
Designed to uphold professional privilege and GDPR from day one.
We never train on your data
Your cases, documents and conversations are exclusively yours. They are never used to train AI models, neither ours nor anyone else's. Period.
AES-256 encryption at rest and in transit
All data is encrypted with AES-256 at rest. Communications use TLS 1.3. Encryption keys are managed independently per organization.
100% EU-hosted infrastructure
All Lexiel servers are located in the EU. None of your data leaves the European Economic Area. We comply with GDPR Chapter V on international data transfers.
DPA compliant with GDPR Art. 28
We act as a Data Processor under GDPR Art. 28. We sign a Data Processing Agreement (DPA) with each law firm. Available on request.
Role-based access control
Each team member only accesses the cases assigned to them. Complete audit log of who accessed what and when.
Right to portability and erasure
You can export all your data at any time (JSON, PDF). You can request complete deletion of your account and data within 30 days.
Regulatory compliance
RGPD / GDPR
Regulation (EU) 2016/679
EU AI Act (RIA)
Regulation (EU) 2024/1689
Art. 28 RGPD
DPA available
CGAE White Paper
5 recommendations met
CGPJ Instruction 2/2026
Judicial AI regulation
DPIA GDPR Art. 35
Available on request
EU Hosting
Spain and Germany
Spanish Data Law
Organic Law 3/2018
What risks do we mitigate?
Client data breach
AES-256 encryption + role-based access. Only authorized people access data.
AI training on your documents
Explicit contract: your data is NEVER used for training. Auditable.
Data outside the EU
100% EU servers. No transfers to third countries.
Attorney-client privilege violation
GDPR Art. 28 DPA. Lexiel acts under your instruction, not as independent third party.
Unable to recover data
Full export in JSON/PDF at any time. Portability guaranteed.
Hallucinations and fabricated citations
Over 370 global disciplinary cases have been filed for AI-fabricated citations (VLAIR 2025). Lexiel verifies every citation against official sources (BOE, CENDOJ). 99.3% on the Bar Exam (144/145) and 98.4% on the Judiciary Exam (253/257).
Native GDPR compliance in all plans
There is no special security plan. Data protection is embedded in Lexiel's core. We sign the DPA with all clients at no extra cost.
Start free 14 daysSecurity FAQ
Does Lexiel access my clients' documents?
Lexiel processes documents you upload to provide the analysis you request. Documents are not stored longer than necessary for the task and are never shared with third parties or used for AI training.
Is attorney-client privilege protected?
Yes. We operate as a technology tool under your direction (GDPR Art. 28). Information shared with Lexiel is covered by the same duty of confidentiality as any other tool in your firm. The DPA ensures we are accountable for protecting that information.
Where are Lexiel's servers located?
In the European Union (Spain and Germany). None of your data leaves the European Economic Area. We fully comply with the General Data Protection Regulation (GDPR).
Does Lexiel use my data to train its AI?
No. Never. Your cases, documents, invoices and conversations are yours and are never used to improve the AI model. Lexiel's model is trained exclusively on public legal sources: BOE, CENDOJ, Constitutional Court.
Can I request deletion of my data?
Yes, you have the right to erasure (GDPR Art. 17). Send an email to privacy@lexiel.ai and we delete all your data within 30 days, with written confirmation.
Questions about security or need the DPA?
We can send you the DPA, processing activities register, and answer any questions from your DPO. Or just try Lexiel free for 14 days.