Privacy Policy

LexGuard is a US-focused contract-analysis service for staffing firms, recruiters, and small business owners. We collect the minimum data needed to analyze your contracts and operate your account. We do not sell your data, and we do not use your uploads to train any AI model.

• Account data — your email, name (from Clerk), and authentication metadata.
• Contract uploads — the contracts you upload and the text you paste. Stored encrypted at rest.
• Analyses — the structured output we generate from your contracts.
• Billing data — handled by Whop. We store only your membership ID and plan, never your card details.
• Usage analytics — basic page hits and error logs. No third-party advertising trackers.

• Uploaded contract files: 30 days, then permanently deleted from our storage.
• Analyses: until you delete them from your settings page.
• Account data: until you request deletion.

We do not use your uploaded contracts or analyses to train any model. Contract text is sent to Google's Gemini API for analysis. Google's paid API terms state that customer API traffic is not used to train Google's models.

The following service providers process data on our behalf:

• Google (Gemini API — AI analysis)
• Supabase (database + encrypted file storage)
• Clerk (authentication)
• Whop (subscription billing)
• Resend (transactional email)
• Vercel (hosting, edge network)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you the following rights regarding your personal information. We extend these same rights to all US users regardless of state:

• Right to know what personal information we have collected about you.
• Right to delete personal information we have collected (with some exceptions).
• Right to correct inaccurate personal information.
• Right to opt out of the “sale” or “sharing” of personal information — we do not sell or share your data with third parties for advertising. There is nothing to opt out of.
• Right to non-discrimination — you can exercise these rights without us reducing service quality or charging you more.

To exercise any of these rights:

• Delete all your contracts and analyses from your settings page directly.
• Request a full data export by emailing gabriel@lex-guard.eu.
• Request account deletion by emailing the same address. We complete deletions within 7 business days.

Similar rights are provided to residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), and Oregon (OCPA). The same procedures apply.

If you are in the United Kingdom, you have rights under the UK GDPR and the Data Protection Act 2018, including the right to access, rectify, erase, restrict, and port your personal data, and to object to processing. Our lawful basis for processing is the performance of our contract with you and our legitimate interest in operating the service.

• Exercise any of these rights using the same tools above, or email gabriel@lex-guard.eu.
• You may lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

All data is encrypted in transit (TLS 1.2+) and at rest. Access to production systems is restricted to authorised personnel via single sign-on with multi-factor authentication. We log and monitor administrative access.

LexGuard is a B2B service intended for use by business owners. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided information to us, please contact us and we will delete it.

We use cookies for authentication and to remember your preferences. We do not use third-party advertising or tracking cookies. You'll see a consent banner on first visit.

We may update this policy. Material changes will be announced via email or in-product notice at least 14 days before they take effect.

Questions? Email gabriel@lex-guard.eu.