LexaxTerms of Service

Last updated: March 30, 2026

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

1. Information We Collect

We collect information you provide directly to us when you create an account, use the Service, or communicate with us. This includes:

  • Account information: Name, email address, and profile picture provided by your OAuth authentication provider (Google or Apple).
  • Workspace data: Organization names, membership roles, and collaboration settings.
  • Project data: Application code, prompts, project names, descriptions, and associated files you create using the Service.
  • Usage data: Credit consumption, feature usage patterns, and interaction logs used to provide and improve the Service.
  • Device and access data: IP address, browser type, operating system, and access timestamps collected automatically when you use the Service.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Process your AI prompts and generate application code and components.
  • Manage your account, workspaces, and collaboration features.
  • Track and display usage credits and billing information.
  • Send transactional communications such as workspace invitations and account notifications.
  • Detect, investigate, and prevent fraudulent or unauthorized activity.
  • Comply with legal obligations and enforce our Terms of Service.

3. AI Processing and Your Data

When you use the AI features of the Service, your prompts and project context are sent to our AI infrastructure for processing. We do not use your prompts or project code to train our AI models unless you explicitly opt in. AI-generated outputs are associated with your account and workspace and are subject to the same privacy protections as other User Content.

4. Information Sharing

We do not sell your personal information. We may share your information in the following limited circumstances:

  • Workspace members: Your name, email, role, and usage data are visible to other members of workspaces you belong to.
  • Service providers: We use third-party providers for authentication (WorkOS), database hosting (Supabase), and infrastructure. These providers process data on our behalf under contractual obligations.
  • Legal requirements: We may disclose information when required by law, legal process, or government request, or to protect the rights, property, or safety of Lexax, our users, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

5. Data Storage and Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS) and at rest, access controls, and regular security audits. Your authentication is managed by WorkOS with session encryption. Database access is protected by Row Level Security policies ensuring users can only access their own data. Despite these measures, no method of electronic storage is 100% secure.

6. Data Retention

We retain your account information and project data for as long as your account is active or as needed to provide the Service. When you delete your account, we will delete or anonymize your personal information within thirty (30) days, except where retention is required by law or for legitimate business purposes such as resolving disputes or enforcing agreements.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your personal information.
  • Object to or restrict certain processing activities.
  • Export your data in a portable format (data portability).
  • Withdraw consent where processing is based on consent.

To exercise these rights, contact us at privacy@lexax.dev.

8. Cookies and Tracking

We use essential cookies for authentication and session management. These are strictly necessary for the Service to function and cannot be disabled. We do not use advertising or third-party tracking cookies. Session cookies are encrypted and expire according to your authentication provider's settings.

9. Children's Privacy

The Service is not intended for users under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 16, we will take steps to delete that information promptly.

10. International Data Transfers

Your information may be processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses and adequacy decisions where applicable.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or email at least thirty (30) days before they take effect. The "Last updated" date at the top reflects the most recent revision.

12. Contact

For questions or concerns about this Privacy Policy or our data practices, contact us at privacy@lexax.dev.