Product

AI Legal Chat
Document Analysis
Legal Research
Security
Pricing

Solutions

Law Firms
Corporate Legal
Legal Students
Small Business
Enterprise

Resources

Documentation
Training
Academy
FAQ
Support
Contact Us

Company

Our Story
Careers
Privacy Policy
Terms of Service

Quick heads up! We save your dark/light mode preference locally. Nothing leaves your browser, nothing gets monitored. Cookies? Your honor, we object - we're privacy first. Learn more

Accessibility
Font Size
100%
Quick Contact
Security Teamsecurity@lexaitechnologies.com
Security InquiryAsk about our security practices
Link copied to clipboard!
Jump to Section
TopZero-KnowledgeEncryptionData PrivacyPrivilegeWhy DifferentFAQContact
BEZPEČNOST A SOUKROMÍ

Vaše data. Vaše kontrola.

Bankovní úroveň zabezpečení spojená s architekturou nulových znalostí. LexAI jsme vytvořili tak, že ani my nemůžeme přistupovat k Vašim důvěrným právním datům.

Zero-Knowledge šifrování
Žádné sledování uživatelů
Data v EU
Zjistěte, jak Vás chráníme Dotaz na bezpečnost
AES-256Šifrování
0Úniků dat
100%Vaše vlastnictví
Bezpečnost na prvním místě
Lexi AI Assistant
Chráněno a šifrováno
Zero-Knowledge Skutečné soukromí
Šifrování AES-256 ochrana
Ochrana dat Vaše data, Vaše kontrola
Privilege Právní soulad
Proč jsme jiní Co nás odlišuje
Autentizace Bezpečné přihlášení
FAQ Časté dotazy
Kontakt Spojte se s námi
ARCHITEKTURA NULOVÝCH ZNALOSTÍ

Vaše data nevidíme. Záměrně.

Na rozdíl od tradičních cloudových služeb používá LexAI architekturu nulových znalostí inspirovanou Proton Mail. Vaše data jsou šifrována ještě před odesláním z Vašeho zařízení pomocí klíčů, které kontrolujete pouze Vy. Ani naši vlastní inženýři nemají přístup k Vašim důvěrným právním informacím.

Client-side encryption - Data encrypted before upload
No server-side access - We never see unencrypted data
Mathematical proof - Cryptographically guaranteed privacy

End-to-End Encryption

Your data is encrypted on your device before transmission. Only you have the decryption keys.

Attorney-Client Privilege

Architecture designed to maintain privilege. No third-party access to your confidential communications.

Proton-Inspired Security

Same security principles used by Proton Mail, trusted by journalists and activists worldwide.

Open Architecture

Our security model is documented and can be independently verified by security researchers.

ŠIFROVÁNÍ A PŘÍSTUP

Váš hlavní klíč. Váš jediný přístup.

Jediný hlavní klíč, který vlastníte pouze Vy, odemyká Váš šifrovaný trezor. Bez něj zůstávají Vaše data trvale nepřístupná – i pro nás.

Master Key Encryption

Your master password generates a unique cryptographic key using PBKDF2 with 600,000+ iterations. This key never leaves your device and is never transmitted to our servers.

AES-256-GCM

Military-grade encryption standard used by governments worldwide. The same encryption protecting classified information now protects your legal work.

Key Derivation

Each document has unique encryption keys derived from your master key. Compromising one document doesn't compromise others.

No Backdoors

If you lose your master key, we cannot recover your data. This is a feature, not a bug—it proves no one else can access your data either.

Perfect Forward Secrecy

Session keys are ephemeral and rotated regularly. Even if a key is compromised, past and future sessions remain protected.

Hardware Security

Support for hardware security keys (YubiKey, etc.) for additional authentication layer and protection against phishing attacks.

POKROČILÁ AUTENTIZACE

Více vrstev ochrany

Flexibilní možnosti autentizace od jednoduchého 2FA po hardwarovou biometrii

Two-Factor Authentication

TOTP authenticator apps (Google Authenticator, Authy) with encrypted secrets and replay protection for an extra layer of security.

Biometric Login

Face ID, Touch ID, Windows Hello - passwordless login via WebAuthn with phishing resistance and hardware-backed credentials.

Session Timeout

Automatic logout after inactivity with 2-minute warning, desktop notifications, and configurable duration for enterprise control.

Backup Codes

8 single-use recovery codes, SHA-256 hashed, for account recovery when your 2FA device is unavailable.

Security Keys

FIDO2 hardware keys (YubiKey) for maximum protection against credential theft and phishing attacks.

Login Alerts

Instant notifications of new logins with device and location info so you always know when your account is accessed.

SPRÁVA RELACÍ

Enterprise úroveň zabezpečení relací

Kompletní kontrola nad životním cyklem relace s pokročilými varováními před vypršením, bezpečnými procedurami čištění a komplexním monitorováním aktivity.

Configurable timeout - 15 minutes to 8 hours based on your security policy
2-minute warning modal - Never lose work to unexpected logouts
Desktop notifications - Alerts even when tab is in background
Secure cleanup - WebWorker termination and token invalidation

Quick Re-auth

Stay logged in with password or biometric re-verification without losing your work.

Secure Logout

Complete session cleanup with token invalidation, cache clearing, and worker termination.

Multi-Device Mgmt

View and revoke sessions across all devices from your security dashboard.

Activity Detection

Smart activity monitoring resets timeout on keyboard, mouse, and touch interactions.

ZÁVAZEK K OCHRANĚ DAT

Neprodáváme Vaše data. Tečka.

Vaše data nejsou náš produkt

Mnoho "bezplatných" AI služeb zpeněžuje uživatelská data prostřednictvím reklamy, trénování AI modelů nebo prodeje třetím stranám. LexAI je jiný. Jsme předplatitelský byznys – naše jediné příjmy pocházejí z poskytování vynikajících služeb, ne z využívání Vašich důvěrných právních informací.

No Data Selling

We never sell, license, or share your data with any third party. Your data stays yours.

No AI Training

Your documents are never used to train our AI or any third-party models. Ever.

No Advertising

Zero ads. Zero tracking for ad purposes. We make money from subscriptions, not surveillance.

Data Minimization

We collect only what's necessary to provide service. Less data = less risk.

ADVOKÁTNÍ MLČENLIVOST

Vytvořeno pro právní důvěrnost

Architektura nulových znalostí není jen bezpečnostní funkce – je to záruka, že advokátní mlčenlivost zůstává nedotčena.

We Can't Share Your Data

Even if we wanted to—which we don't—we technically cannot access your encrypted conversations and documents. Your privilege stays protected.

Zero Access

GDPR Compliant

Full compliance with EU data protection regulations. Data stored in Supabase's Frankfurt data center, processed on Hetzner servers—both in Germany. No data leaves the EU.

EU Data Only

Minimal Data Collection

We don't verify your identity. No IP logging for regular use. Payments via Stripe—we never see your card. We know almost nothing about you.

Privacy First
PROČ JSME JINÍ

Problém většiny AI služeb

Většina cloudových AI služeb nebyla vytvořena s ohledem na právní důvěrnost. Zde je, co se obvykle děje – a proč my děláme věci jinak.

Typical Cloud AI

Your data trains their models. Every query you send may be used to improve their AI—including your confidential legal questions.
US servers, US laws. Data stored in the US is subject to CLOUD Act, FISA, and government requests—even for EU citizens.
Full access to your conversations. Employees can read your chats for "safety review," abuse detection, or model improvement.
Extensive logging. IP addresses, usage patterns, device info, and behavioral data are collected and stored.
Third-party API wrappers. Many "legal AI" tools just forward your data to big tech AI APIs—adding another party with access.

The LexAI Approach

Zero training on your data. Your conversations are encrypted and never used for any purpose beyond serving you.
EU servers, EU laws. All data stays in Germany (Frankfurt). GDPR protection. No CLOUD Act exposure.
Zero-knowledge encryption. We mathematically cannot read your data. Not "we promise not to"—we literally can't.
Minimal logging. No IP tracking for normal use. No identity verification. We know almost nothing about you.
Self-hosted AI. We run our own model on our own servers. Your queries never touch third-party AI providers.

We built LexAI because we believe lawyers deserve AI tools that respect the same confidentiality standards they uphold with their clients. Our business model is simple: you pay for a subscription, and we provide a private, secure service. We have no incentive to monetize your data—and our architecture makes it impossible anyway.

INFRASTRUKTURA

V EU, se zaměřením na soukromí

Vaše data jsou uložena v datovém centru Supabase ve Frankfurtu – u důvěryhodného poskytovatele databází s SOC 2 certifikací. AI zpracování probíhá na našich vlastních Hetzner GPU serverech, také v Německu. Žádná citlivá data nikdy neopustí EU.

Supabase (Frankfurt)Your conversations and documents are stored in Supabase's Frankfurt data center—SOC 2 Type II certified with enterprise-grade security.
Hetzner AI ProcessingAll AI and backend processing runs on our own GPU servers at Hetzner in Germany. Your queries never leave our infrastructure.
Vercel FrontendOnly the client-side interface runs on Vercel. No sensitive data is processed there—just the UI you interact with.
No Third-Party AI APIsUnlike ChatGPT wrappers, we run our own AI. Your legal queries are never sent to OpenAI, Anthropic, or any external provider.
Your Browser
Vercel (UI only)
Hetzner Germany
AI & Backend
Supabase Frankfurt
Encrypted Storage
100% EU Infrastructure
FAQ

Bezpečnostní otázky

Upřímné odpovědi o tom, jak chráníme Vaše data a k čemu máme (a nemáme) přístup.

Zobrazit všechny FAQ
Lexi - LexAI Mascot
Encryption

Can LexAI employees access my data?

No. Due to our zero-knowledge architecture, your data is encrypted with keys that only you possess. Even with physical access to our servers, our employees cannot decrypt your data. This is mathematically guaranteed by our encryption design—we literally cannot access your information.

Recovery

What happens if I lose my master key?

If you lose your master key without a backup, your data cannot be recovered—by you or by us. This is intentional: it proves no one else can access your data either. We strongly recommend using our secure recovery key feature and storing backups in a safe location.

Legal

What happens if authorities request my data?

Here's exactly what we could provide: encrypted data we cannot decrypt, plus the username you chose during signup (which we don't verify—it could be fake). That's it. We don't log IP addresses during normal use, we don't verify identities, and payments go through Stripe so we don't have your card details. Even if compelled by law, we simply don't have useful information to hand over.

Breach

What if LexAI gets hacked?

Even in a breach scenario, attackers would only obtain encrypted data. Without your master key (which is never transmitted to us), your data remains protected. This is the core benefit of zero-knowledge architecture—it protects you even if we fail.

Tracking

Do you track my IP address or activity?

No tracking during normal use. We only log IP addresses when our security systems detect potential threats—like brute force attacks or suspicious activity. Legitimate users going about their work will never have their IP logged. We don't use analytics trackers, we don't build user profiles, and we don't monitor what you do in the app.

DOTAZ NA BEZPEČNOST

Otázky ohledně bezpečnosti?

Náš bezpečnostní tým je zde, aby odpověděl na Vaše dotazy a poskytl dokumentaci pro Vaše compliance kontroly.

Security WhitepapersDetailed technical documentation
Architecture DetailsZero-knowledge & GDPR documentation
Direct SupportSpeak with our security team

For urgent security concerns, email security@lexaitechnologies.com directly.

Security Inquiry

English or Czech / Anglicky nebo česky

Select a topic...
Compliance Documentation
Technical Security Questions
Security Audit Request
Report a Vulnerability
General Security Inquiry