← Back to home

Privacy Policy

1. Privacy at a Glance

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.

This policy applies under the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR), and the UK Data Protection Act 2018. Where we refer to "GDPR" below, this includes the UK GDPR as applicable.

2. Data Controller

Lexbeam Software
Owner: Werner Plutat
Speditionstraße 15A
40221 Düsseldorf, Germany
Email: info@lexbeam.com

3. Hosting

We host our website with Vercel Inc., 440 N Baxter St, Coppell, TX 75019, USA. For details, see Vercel's Privacy Policy.

4. Data Collection on This Website

Server Log Files

The hosting provider automatically collects and stores information in server log files that your browser transmits automatically. These include: browser type and version, operating system, referrer URL, hostname, time of request, and IP address. This data is not merged with other data sources. Processing is based on Art. 6 (1) lit. f GDPR.

Early Access Sign-Up

If you submit your email address via the early access form, we store it solely to contact you about product availability. We do not share your email with third parties. You can request deletion at any time by emailing info@lexbeam.com. Legal basis: Art. 6 (1) lit. a GDPR (consent).

Analytics

This website uses OpenPanel, a privacy-friendly, cookieless web analytics tool provided by Coderax AB, Sweden (openpanel.dev). OpenPanel does not use cookies and does not track users across websites or devices.

The information collected includes: page URL, referrer, approximate geographic region, device type, browser type, and screen resolution. This data is aggregated and used to produce anonymous usage statistics.

IP addresses are used temporarily for two purposes only and are never stored: (1) deriving approximate location (city, country, region); (2) generating a daily-rotating cryptographic hash from the IP address, user agent, project ID, and a rotating salt. The salt is replaced every 24 hours; only the current and previous salt are retained. The resulting identifier is cryptographically irreversible after approximately 24 hours.

OpenPanel operates its cloud infrastructure on Hetzner Online GmbH (Germany). Backups are stored on Cloudflare R2 (EU). All data is processed and stored within the EU/EEA.

OpenPanel processes this data on our behalf as a data processor pursuant to Art. 28 GDPR. A data processing agreement (DPA) is in place. Details: openpanel.dev/dpa.

Legal basis: Art. 6 (1) lit. f GDPR. Our legitimate interest is the statistical analysis of website usage in order to improve our online offering. We have weighed this interest against your rights and consider the impact on your privacy to be minimal given the aggregated, non-identifying nature of the data collected.

You have the right to object to this processing at any time for reasons arising from your particular situation (Art. 21 (1) GDPR). To exercise this right, please contact us at the address provided above.

5. International Data Transfers

Some of our service providers are based outside the EU/EEA and the UK. Where personal data is transferred to countries that have not been deemed to provide an adequate level of data protection, we rely on the following safeguards:

  • Vercel Inc. (USA) — hosting. Transfer mechanism: EU Standard Contractual Clauses (SCCs) and UK International Data Transfer Addendum (IDTA). See Vercel DPA.
  • OpenAI, LLC (USA) — AI document analysis. Transfer mechanism: EU SCCs and UK IDTA. Under OpenAI's API Data Processing Addendum, customer data submitted via the API is not used to train models. See OpenAI DPA.
  • Resend Inc. (USA) — email delivery for early access sign-ups. Transfer mechanism: EU SCCs and UK IDTA.
  • Coderax AB / OpenPanel (Sweden) — analytics. All data processed and stored within the EU/EEA. No international transfer.

6. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Server log files: Automatically deleted by our hosting provider after 30 days.
  • Early access emails: Retained until you request deletion or the early access programme ends.
  • Document review data: Not stored. Documents and analysis results exist only in memory during processing and are discarded immediately upon completion.
  • Analytics data: Aggregated, non-identifying statistics are retained indefinitely. The daily-rotating hash described in Section 4 becomes irreversible within approximately 24 hours.

7. AI Document Review Service

When you use the document review feature, your uploaded documents are processed as follows:

  • Document text is extracted on our server and sent to the OpenAI API for analysis.
  • OpenAI acts as a data processor. Under OpenAI's API terms, customer data submitted via the API is not used to train their models.
  • We do not store your uploaded documents or the extracted text after processing is complete.
  • Analysis results are streamed directly to your browser and are not persisted on our servers.

Legal basis: Art. 6 (1) lit. b GDPR (contract performance / provision of the requested service).

Important: Do not upload documents containing sensitive personal data (Art. 9 GDPR) to the demo service. The demo is intended for testing purposes with non-sensitive documents.

8. Your Rights

You have the right to free information about your stored personal data, its origin and recipients, and the purpose of data processing, as well as the right to correction, blocking, or deletion of this data at any time. You can contact us at any time at the address given above regarding this and other questions about data protection.

9. Right to Complain

You have the right to lodge a complaint with the competent supervisory authority. For EU/EEA users, the competent supervisory authority is the State Commissioner for Data Protection of North Rhine-Westphalia (LDI NRW). For UK users, the competent authority is the Information Commissioner's Office (ICO), ico.org.uk.