Privacy Policy Overview

LEXXMATE PRIVACY POLICY

Last updated: 27th July 2025




1. Who We Are



LexxMate s.r.o. (“LexxMate”, “we”, “our”, or “us”) operates the website lexxmate.com (the “Site”) and the associated e-mail, chat and document-sharing services (collectively, the “Services”). We are a Slovakia-registered limited company and provide business-to-business legal information and coaching only; we are not a law firm, do not hold ourselves out as such, and do not give binding legal opinions.


Because we process limited personal data in the course of providing those Services, this Privacy Policy explains—in detail—how, why, and for how long we collect, store and use your data, and which rights you have in respect of it.


No legal representation

Nothing in this policy (or anywhere on the Site) constitutes the practice of law or establishes a solicitor-client relationship. Any actions you take based on information obtained through LexxMate are taken entirely at your own risk; LexxMate assumes no liabilitywhatsoever for any loss, cost or damage, whether direct or consequential, derived from the use or misuse of the Services.




2. Scope & Definitions



  • “Personal Data” means any information relating to an identified or identifiable natural person (GDPR, Art. 4 (1)).

  • “Processing” covers any operation performed on Personal Data (GDPR, Art. 4 (2)).

  • “Client Data” is the content you upload to receive our legal-information feedback (contracts, policies, Q&A, etc.).

  • “Visitor Data” is the data we collect automatically when anyone browses the Site.



This Policy covers both Client Data and Visitor Data, unless stated otherwise.




3. What Data We Collect


Category

Examples

Source

Legal Basis (GDPR)

Account & Billing

Name, job title, business e-mail, postal address, VAT ID, payment confirmation (Stripe)

You

Art. 6 (1)(b) — contract performance

Client Documents

Draft contracts, policies, factual descriptions submitted for review

You

Art. 6 (1)(b)

Communications

Chat logs, e-mails, recorded audio if you use the voice note option

You

Art. 6 (1)(b)

Technical / Usage

IP address, browser UA string, device type, referral URL, time-stamps, click-paths

Automated

Art. 6 (1)(f) — legitimate interest (site security & analytics)

Marketing Opt-in

Newsletter preferences, event RSVPs

You

Art. 6 (1)(a) — consent

We do not intentionally collect special-category data (Art. 9 GDPR). If you choose to include such data in Client Documents you accept full responsibility for having a lawful basis to do so.




4. How We Use Your Data



  1. To provide the Services


    • create your workspace, authenticate requests, render AI-generated drafting suggestions and track revision history.


  2. To invoice and manage subscriptions


    • via Stripe (EU entity) in accordance with the Stripe Services Agreement.


  3. To secure the Site


    • log IPs and user-agents, rate-limit abusive traffic, and deploy Cloudflare’s Web Application Firewall.


  4. To improve functionality


    • aggregate, de-identify and analyse usage patterns to refine templates and prompt engineering; individual identities are not required for this purpose.


  5. To send service notices


    • password resets, policy updates, downtime announcements (these are obligatory, not marketing).


  6. Optional marketing


    • only with your explicit opt-in—e.g., legal-tech newsletters, beta feature invites. You may unsubscribe at any time.




We never sell, rent or otherwise share Personal Data with third-party advertisers.




5. Cookies & Similar Technologies



We use essential cookies for session management and CSRF protection.

Analytics is handled through Plausible Analytics (EU-hosted, cookieless, IP-hashed) to minimise tracking.

You will see a thin banner the first time you visit, giving you the option to disable non-essential scripts outright.




6. How Long We Keep Data


Data Type

Retention Trigger

Retention Period

Account & billing records

End of contractual relationship

10 years (legal bookkeeping)

Client Documents

Upload date

180 days (rolling), unless you delete earlier

AI model training artefacts

Immediately aggregated & anonymised

Irreversible—cannot be linked back

Support tickets & chat logs

Ticket closure

24 months

Backup snapshots

Automatic daily

30 days, encrypted at rest

Deletion cascades across production and backup systems within 30 days.




7. Data Security Measures



  • Encryption in transit (TLS 1.3) and at rest (AES-256).

  • Role-based access (least privilege) for employees; two-factor authentication obligatory.

  • Independent penetration test every 12 months; executive summary available on request under NDA.

  • ISO 27001-aligned policies; no certification claimed.



Despite these efforts, no method of transmission can be guaranteed 100 % secure. By using the Services you acknowledge and accept this residual risk.




8. Your Rights under GDPR / UK GDPR



  1. Access – obtain a copy of your Personal Data we hold.

  2. Rectification – correct inaccurate or incomplete data.

  3. Erasure (“right to be forgotten”) – have data deleted when legally permissible.

  4. Restriction – limit processing under certain conditions.

  5. Portability – receive data in machine-readable format.

  6. Objection – object to direct marketing or processing based on legitimate interest.

  7. Complaint – lodge with your local supervisory authority; for Slovakia this is the Office for Personal Data Protection (ÚOOÚ).



To exercise any right, e-mail privacy@lexxmate.com from the verified account you used to register. We respond within 30 days.




9. International Transfers



Primary hosting is within the European Union (Hetzner Online, DE).

Where sub-processors are US-based (e.g., AWS SES for outbound e-mail redundancy) we rely on Standard Contractual Clauses and supplementary encryption. A current sub-processor list is published at lexxmate.com/subprocessors and updated at least 30 days before any material change.




10. Children



LexxMate is not directed to minors (under 18). We do not knowingly process children’s data. If you believe we have inadvertently collected such data, contact privacy@lexxmate.com and we will promptly delete it.




11. Third-Party Links



The Site may include links to external sites (e.g., legislation databases, official club-licensing rules). Clicking those links may allow third parties to collect data about you. We do not control these external sites and are not responsible for their privacy statements. Visiting them is at your own risk.




12. Changes to This Policy



We may update this Privacy Policy to reflect operational, legal or regulatory changes. When we do, we will:


  • post the new version on the Site with a new “Last updated” date, and

  • email account holders 14 days in advance if the changes are material.



Continued use of the Services after that date constitutes acceptance.




13. Contact



Data Controller:

LexxMate s.r.o.

IČO 123 456 78

Digital Park III, Einsteinova 23

851 01 Bratislava, Slovakia

E-mail: privacy@lexxmate.com




14. Liability Disclaimer (Supersedes All Else)



LexxMate provides template-based legal information and educational resources only.

We do not guarantee accuracy, completeness or suitability for your specific circumstances.

By using the Services you agree that LexxMate, its directors, employees and contributors shall not be liable for any direct, indirect, incidental, special or consequential loss, including lost profits, goodwill or data, even if advised of the possibility of such damages.

Use the content at your own risk and consult a qualified lawyer before relying on or implementing any recommendation.


If any provision of this Privacy Policy or the above disclaimer is held invalid or unenforceable, the remaining provisions shall remain in full force.



End of Privacy Policy

Legal Notice

© 2025 LexxMate s.r.o.