Product

AI Legal Chat
Document Analysis
Legal Research
Security
Pricing

Solutions

Law Firms
Corporate Legal
Legal Students
Small Business
Enterprise

Resources

Documentation
Training
Academy
FAQ
Support
Contact Us

Company

Our Story
Careers
Privacy Policy
Terms of Service

Quick heads up! We save your preferences locally - theme, language, text size, and your explorer progress. Nothing leaves your browser, nothing gets tracked. Cookies? Your honor, we object - we're privacy first. Learn more

Accessibility
Font Size
100%
Quick Contact
Email Supportsupport@lexaitechnologies.com
Security InquiryAsk about our security practices
Link copied to clipboard!
Jump to Section
TopZero-KnowledgeEncryptionData PrivacyPrivilegeWhy DifferentFAQContact
SECURITY & PRIVACY

Your Data. Your Control.

Bank-level security meets zero-knowledge architecture. We built LexAI so that even we cannot access your confidential legal data.

Zero-Knowledge Encryption
No User Tracking
EU Data Residency
Learn How We Protect You Security Inquiry
AES-256Encryption
0Data Breaches
100%Your Ownership
Security First
Lexi AI Assistant
Protected & Encrypted
Zero-Knowledge True privacy
Encryption AES-256 protection
Data Privacy Your data, your control
Privilege Legal compliance
Why Different What sets us apart
Authentication Secure login
FAQ Common questions
Contact Get in touch
ZERO-KNOWLEDGE ARCHITECTURE

We Can't See Your Data. By Design.

Unlike traditional cloud services, LexAI uses zero-knowledge architecture inspired by Proton Mail. Your data is encrypted before it ever leaves your device, using keys that only you control. Even our own engineers cannot access your confidential legal information.

Client-side encryption - Data encrypted before upload
No server-side access - We never see unencrypted data
Mathematical proof - Cryptographically guaranteed privacy

End-to-End Encryption

Your data is encrypted on your device before transmission. Only you have the decryption keys.

Attorney-Client Privilege

Architecture designed to maintain privilege. No third-party access to your confidential communications.

Proton-Inspired Security

Same security principles used by Proton Mail, trusted by journalists and activists worldwide.

Open Architecture

Our security model is documented and can be independently verified by security researchers.

ENCRYPTION & ACCESS

Your Master Key. Your Only Access.

A single master key that only you possess unlocks your encrypted vault. Without it, your data remains permanently inaccessible -even to us.

Master Key Encryption

Your master password generates a unique cryptographic key using PBKDF2 with 600,000+ iterations. This key never leaves your device and is never transmitted to our servers.

AES-256-GCM

Military-grade encryption standard used by governments worldwide. The same encryption protecting classified information now protects your legal work.

Key Derivation

Each document has unique encryption keys derived from your master key. Compromising one document doesn't compromise others.

No Backdoors

If you lose your master key, we cannot recover your data. This is a feature, not a bug -it proves no one else can access your data either.

Perfect Forward Secrecy

Session keys are ephemeral and rotated regularly. Even if a key is compromised, past and future sessions remain protected.

Hardware Security

Support for hardware security keys (YubiKey, etc.) for additional authentication layer and protection against phishing attacks.

ADVANCED AUTHENTICATION

Multiple Layers of Protection

Flexible authentication options from simple 2FA to hardware-backed biometrics

Two-Factor Authentication

TOTP authenticator apps (Google Authenticator, Authy) with encrypted secrets and replay protection for an extra layer of security.

Biometric Login

Face ID, Touch ID, Windows Hello - passwordless login via WebAuthn with phishing resistance and hardware-backed credentials.

Session Timeout

Automatic logout after inactivity with 2-minute warning, desktop notifications, and configurable duration for enterprise control.

Backup Codes

8 single-use recovery codes, SHA-256 hashed, for account recovery when your 2FA device is unavailable.

Security Keys

FIDO2 hardware keys (YubiKey) for maximum protection against credential theft and phishing attacks.

Login Alerts

Instant notifications of new logins with device and location info so you always know when your account is accessed.

SESSION MANAGEMENT

Enterprise-Grade Session Security

Complete control over session lifecycle with advanced timeout warnings, secure cleanup procedures, and comprehensive activity monitoring.

Configurable timeout - 15 minutes to 8 hours based on your security policy
2-minute warning modal - Never lose work to unexpected logouts
Desktop notifications - Alerts even when tab is in background
Secure cleanup - WebWorker termination and token invalidation

Quick Re-auth

Stay logged in with password or biometric re-verification without losing your work.

Secure Logout

Complete session cleanup with token invalidation, cache clearing, and worker termination.

Multi-Device Mgmt

View and revoke sessions across all devices from your security dashboard.

Activity Detection

Smart activity monitoring resets timeout on keyboard, mouse, and touch interactions.

DATA PRIVACY COMMITMENT

We Don't Sell Your Data. Period.

Your Data Is Not Our Product

Many "free" AI services monetize user data through advertising, training AI models, or selling to third parties. LexAI is different. We're a subscription business -our only revenue comes from providing you excellent service, not from exploiting your confidential legal information.

No Data Selling

We never sell, license, or share your data with any third party. Your data stays yours.

No AI Training

Your documents are never used to train our AI or any third-party models. Ever.

No Advertising

Zero ads. Zero tracking for ad purposes. We make money from subscriptions, not surveillance.

Data Minimization

We collect only what's necessary to provide service. Less data = less risk.

ATTORNEY-CLIENT PRIVILEGE

Built for Legal Confidentiality

Zero-knowledge architecture isn't just a security feature -it's a guarantee that attorney-client privilege remains intact.

Mathematically impossible for us to access your data
Full GDPR compliance with EU-only data residency
No identity verification - maximum privacy by design

We Can't Share Your Data

Even if compelled - we technically cannot access your encrypted conversations and documents.

GDPR Compliant

All data stored in Frankfurt, processed in Germany. No data ever leaves the EU.

Minimal Collection

No identity verification, no IP logging, payments via Stripe. We know almost nothing about you.

True Encryption

Your master key never leaves your device. Only you can decrypt your conversation history.

BILLING SECURITY

Payment Data We Never See

Powered by Stripe

All billing, payments, subscriptions, and invoicing are handled entirely by Stripe - one of the world's most trusted payment processors. Your credit card details never touch our servers - not even during the free trial. If you cancel, we never had your payment data.

PCI DSS Level 1 - highest payment security certification
SOC 1 & SOC 2 - audited security controls
Zero card storage - we never see your payment details
Trusted globally - used by Amazon, Google, Shopify

Stripe Certified

Stripe processes billions of dollars annually and is trusted by millions of businesses worldwide for secure payment handling.

PCI DSS Level 1 SOC 1 SOC 2 GDPR
WHY WE'RE DIFFERENT

The Problem with Most AI Services

Most cloud AI services weren't built with legal confidentiality in mind. Here's what typically happens -and why we do things differently.

Zero training on your data - your conversations are never used for AI training
EU servers, EU laws - all data stays in Germany with GDPR protection
Self-hosted AI - your queries never touch third-party AI providers

No Data Training

Unlike typical AI services that use your queries to improve their models, we never train on your data.

No US Jurisdiction

No CLOUD Act exposure. No FISA requests. Your data is protected by EU privacy laws only.

No Employee Access

Zero-knowledge encryption means we mathematically cannot read your data - not "we promise not to."

No Third-Party APIs

We run our own AI on our own servers. Your queries never pass through OpenAI or other providers.

INFRASTRUCTURE

EU-Based, Privacy-Focused Stack

Your data is stored in Supabase's Frankfurt data center -a trusted, SOC 2 compliant database provider. AI processing happens on our own Hetzner GPU servers, also in Germany. No sensitive data ever leaves the EU.

100% EU infrastructure - all data stays in Germany
SOC 2 Type II certified - enterprise-grade security
Self-hosted AI models - no external API dependencies

Supabase Frankfurt

Conversations and documents stored in SOC 2 Type II certified Frankfurt data center.

Hetzner Germany

AI and backend processing on our own GPU servers. Queries never leave our infrastructure.

Vercel Frontend

Only the client-side UI runs on Vercel. No sensitive data is processed there.

No External APIs

We run our own AI. Your queries never touch OpenAI, Anthropic, or any third party.

FAQ

Security Questions

Honest answers about how we protect your data and what we can (and can't) access.

View all FAQs
Lexi - LexAI Mascot
Encryption

Can LexAI employees access my data?

No. Due to our zero-knowledge architecture, your data is encrypted with keys that only you possess. Even with physical access to our servers, our employees cannot decrypt your data. This is mathematically guaranteed by our encryption design -we literally cannot access your information.

Recovery

What happens if I lose my master key?

If you lose your master key without a backup, your data cannot be recovered -by you or by us. This is intentional: it proves no one else can access your data either. We strongly recommend using our secure recovery key feature and storing backups in a safe location.

Legal

What happens if authorities request my data?

Here's exactly what we could provide: encrypted data we cannot decrypt, plus the username you chose during signup (which we don't verify -it could be fake). That's it. We don't log IP addresses during normal use, we don't verify identities, and payments go through Stripe so we don't have your card details. Even if compelled by law, we simply don't have useful information to hand over.

Breach

What if LexAI gets hacked?

Even in a breach scenario, attackers would only obtain encrypted data. Without your master key (which is never transmitted to us), your data remains protected. This is the core benefit of zero-knowledge architecture -it protects you even if we fail.

Tracking

Do you track my IP address or activity?

No tracking during normal use. We only log IP addresses when our security systems detect potential threats -like brute force attacks or suspicious activity. Legitimate users going about their work will never have their IP logged. We don't use analytics trackers, we don't build user profiles, and we don't monitor what you do in the app.

SECURITY INQUIRY

Questions About Security?

Our security team is here to answer your questions and provide documentation for your compliance reviews.

Security Whitepapers - Detailed technical documentation
Architecture Details - Zero-knowledge & GDPR documentation
Direct Support - Speak with our security team

For urgent security concerns, email support@lexaitechnologies.com directly.

Security Inquiry

English or Czech / Anglicky nebo česky

Select a topic...
Compliance Documentation
Technical Security Questions
Security Audit Request
Report a Vulnerability
General Security Inquiry