Security

At Lexifina, your data privacy is paramount. We operate under zero data retention agreements with all AI foundation model providers. Your documents and client information never leave our secure environment, or contribute to external model training. We implement user data isolation and maintain full data sovereignty so that your confidential work remains confidential.

All data stored in Lexifina is protected with AES-256 encryption. Communication between your browser and our servers is secured via TLS 1.2+ protocols, ensuring full encryption both at rest and in transit. We enforce strict role-based access controls (RBAC) grounded in least-privilege principles, so only authorized personnel can access specific data. Our systems feature real-time threat detection and response, continuous monitoring with detailed audit logs, and full data segregation through isolated storage partitions.

Lexifina operates on architecture certified to DIN ISO/IEC 27001 standards for information security management. We maintain EU data residency with full GDPR compliance and can manage or migrate your data within our systems upon request. Our infrastructure providers hold SOC 2 Type II certification, and we can implement additional security controls customized to your organization's requirements.

Our database authentication employs multiple security protocols, including SCRAM and x.509 certificates for secure client-server communication. We implement Client-Side Field-Level Encryption (CSFLE) and Queryable Encryption, enabling operations on encrypted data without exposing sensitive information, even during processing.

Our systems maintain always-on cloud user action and database authentication tracking, providing complete visibility into every access attempt and user interaction with your data. Granular system activity tracking captures all database operations including DDL (Data Definition Language), DML (Data Manipulation Language), and DCL (Data Control Language) commands. This comprehensive audit trail ensures complete accountability and supports forensic analysis when required for legal compliance or security investigations.

To deliver Lexifina's intelligent legal document processing features, we make AI requests to our secure infrastructure. These requests occur when you use our document analysis tools, request clause changes, or when our system performs background analysis to identify inconsistencies and related clauses between documents.

Each AI request includes relevant context such as your document content, previous interactions within the current session, and specific legal document structures based on our specialized legal language processing. All data is transmitted through our certified infrastructure and securely routed to our AI model providers (OpenAI, Anthropic, Google). Every request passes through our systems to enforce consistent security protocols and data protection, even when using custom API configurations. For enterprise clients with specific infrastructure requirements, we can provide additional self-hosted deployment options upon request.

You retain full control over your Lexifina account and may request deletion at any time via your Settings dashboard. To do so, navigate to 'Settings' and select 'Delete Account.' This will permanently remove all data associated with your account, including legal documents, document analyses, workflow automations, and any indexed legal databases.

We ensure complete deletion of your data within 30 days of your request. While data is immediately removed from active systems, backup infrastructure and cloud storage may retain copies for disaster recovery for up to 30 days. After this period, all data is permanently and irretrievably deleted, maintaining full data sovereignty and compliance with legal data retention requirements.

We use the following third-party subprocessors to operate and improve our services: