Privacy Policy
How LexiCo AS handles your data. We collect the minimum needed to operate the service. Conversation context is encrypted at rest and inaccessible to anyone, including us. We never store your provider API keys.
Who we are
LexiCo AS is a company registered in Norway. For privacy inquiries, contact us at admin@lexisaas.com.
What We Collect
- Account information — Email address, display name, hashed password
- Usage data — Token counts, model used, request timestamps, cost
- Billing data — Stripe customer ID, transaction history, balance
- Security logs — IP addresses, request timestamps, error logs
Provider API Keys
Lexi uses its own provider accounts to forward your requests. You never need to share your provider API keys with us.
Cookies
We use only essential cookies required for authentication and session management lexi_session. We do not use tracking cookies, analytics cookies, or any third-party cookies.
Third-party services
- Stripe — Stripe
- Resend — Resend
We do not sell, rent, or share your personal data with third parties for marketing purposes. Data is only shared with infrastructure providers (Azure, Stripe) as necessary to deliver the service.
Data retention
- Account data — Kept while your account is active. Deleted within 30 days of account deletion.
- Usage records — Retained for billing and analytics. Aggregated after 12 months.
- Audit logs — Retained for 90 days for security and debugging.
- Conversation context — Encrypted in memory during the session. Automatically purged when the session ends.
Your rights under GDPR
To exercise any of these rights, contact us at admin@lexisaas.com.
We may update this policy when we change how we handle data. Material changes will be communicated by email at least 14 days before taking effect.
LexiCo AS, Norway — Questions? Contact us at admin@lexisaas.com