End-to-end encryption, servers in the European Union, GDPR compliance and DPA agreements with all AI providers. Built so your trust is justified.
256-bit
AES encryption at rest
TLS 1.3
Transit protocol
100%
EU-based servers
0 hours
Original file retention
— Encryption —
Your contracts travel and are stored protected by the highest industry standards.
All traffic between your device and LexyAi is protected with TLS 1.3, HTTPS enforced via HSTS and SHA-256 certificates.
All stored data is encrypted with AES-256-GCM. Keys are unique per environment and rotated periodically.
Documents are processed in memory during analysis and are never indexed or stored in plain text permanently.
— GDPR —
Designed from day one under the principles of privacy by design and by default of the European Union's General Data Protection Regulation.
Servers and database 100% within the European Union
Compliance with Art. 32 GDPR — technical and organizational measures
Right to erasure: complete cascade deletion upon request
Data Protection Impact Assessment (DPIA) performed and documented
Auditable and traceable activity logs
Explicit legal basis for each data processing activity
— Standards —
Our infrastructure runs on providers with the most demanding security certifications in the market.
Certifications correspond to the underlying infrastructure on which LexyAi operates
ISO 27001
Information Security Management
ISO 27017
Security for Cloud Services
ISO 27018
Protection of Personal Data in the Cloud
SOC 2 Type II
Security and Availability Controls
CSA STAR
Cloud Security Alliance Level 1
ENS Medio
Spanish National Security Framework
— Artificial Intelligence —
We use cutting-edge artificial intelligence with binding contractual guarantees so your data is not used outside your analysis.
We have signed Data Processing Agreements (DPAs) with all AI model providers we use.
DPAs include contractual clauses that explicitly prohibit using your content to train, fine-tune or improve their models.
Each analysis is completely independent. There is no shared context between different users or between sessions.
What happens to your contract?
You upload your contract
It travels encrypted
AI analyses it
You get your report
Your data is deleted
— Retention —
Every piece of data has a purpose and an expiry. When it is no longer needed, it is deleted.
Your contract travels encrypted with TLS 1.3. The filename is automatically sanitized before any processing.
Text is extracted directly into RAM. The original file is never written to permanent disk during the process.
The text is sent to the model under a signed DPA. The provider cannot use it to train models.
Only the structured report is stored encrypted. The extracted text of the contract is not stored permanently.
The original file is deleted from servers immediately upon completing the analysis, in less than 5 minutes.
If extracted text persists temporarily, it is automatically purged within a maximum of 2 hours.
You can delete any analysis at any time. Account deletion erases all your data in cascade, irreversibly.
— Privacy —
Designed so you always have full control over your contracts and your information.
Only you can access your analyses. Neither other users nor the LexyAi team can see your contract history.
Your information is not shared with third parties or used for advertising purposes. Your privacy is not the product.
Delete any analysis or your entire account at any time from settings. Your GDPR rights are exercised immediately.
Generated reports are private by default. They are only shared if you explicitly choose to do so.
— Commitments —
Six privacy commitments that apply to every analysis you run on LexyAi, no exceptions.
$ lexyai --privacy-audit --verbose
— Frequently asked questions —
Start analyzing your contracts knowing your data is protected by the same level of security used by the most demanding companies.