Privacy Policy

Last updated: May 5, 2026

This Privacy Policy describes how Lexabrief ("we", "us") collects, uses, and protects information when you use our service. Lexabrief is a tool designed for legal professionals to organize case material and interact with AI assistants over that material. Because our users often handle confidential and privileged information, we describe our practices in plain terms below.

Information we collect

• Account information. Your email address, display name, and authentication credentials (managed via Firebase Authentication).
• Service content. Case files you upload, documents you create, chat messages you send, and AI-generated output produced for you.
• Billing information. Subscription status and payment events, processed by Stripe. We do not store full payment card details.
• Operational telemetry. Service logs (request IDs, timestamps, error states), product analytics events (page views, feature usage), and AI execution traces.

How we use your data

• To provide and operate the Lexabrief service.
• To process payments and manage your subscription.
• To monitor reliability, debug issues, and improve agent behavior.
• To respond to your support requests.
• To meet legal obligations and prevent abuse.

We do not train AI models on your data

Your case content is sent to AI providers (Anthropic, Google AI, OpenAI) only to fulfill your requests. We use these providers via paid commercial APIs that, by default, do not use customer inputs or outputs to train their models. We do not opt in to any data-sharing or training program. See our subprocessors page for a complete list of third parties that process your data and what they receive.

Confidentiality and access

Your data is isolated to your account. Other Lexabrief users cannot access your cases, files, or chat history. Data is encrypted in transit (TLS) and at rest (Google Cloud Platform). Internal staff access to customer content is restricted by role and used only when reasonably necessary for support, security, or legal compliance.

Lexabrief is designed for use with confidential legal work, but we are not your attorney and using Lexabrief does not by itself establish or preserve attorney-client privilege. You remain responsible for evaluating whether Lexabrief is appropriate for any specific privileged communication.

Data retention and deletion

When you delete content from Lexabrief, it is removed from our active systems immediately. Encrypted backups are purged within seven (7) days. Account-level deletion follows the same timeline.

Your rights

You may request:

• A copy of your data (export).
• Correction of inaccurate information.
• Deletion of your account and associated data.
• Information about how we process your data.

To exercise these rights, email us at [email protected]. We will respond within 5 business days.

Subprocessors

We rely on a small set of third-party services to operate Lexabrief. The complete current list, including what each provider receives, is published at /legal/subprocessors.

Children

Lexabrief is intended for use by adults in a professional capacity and is not directed at children under 18.

International transfers

Our services are operated from the United States. If you access Lexabrief from outside the United States, your information will be transferred to and processed in the United States.

Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last updated" date above and, where appropriate, by direct notice.

Contact

Questions about this policy or our practices: [email protected].