Security
How we protect your data and your clients' data.
Lexarna handles privileged legal information. We take that responsibility seriously. Here's how we protect your data at every layer.
Encryption
All data is encrypted at rest (AES-256) and in transit (TLS 1.3). Database connections use SSL. API endpoints enforce HTTPS.
Infrastructure
Data is stored on AWS infrastructure in the Mumbai (ap-south-1) region. Database backups are encrypted and retained for 7 days.
Access Control
Authentication via Clerk with JWT verification. Organisation-scoped data isolation — users can only access their own workspace. Role-based access for team features.
AI & Privacy
Your queries are processed via OpenAI's API (not the consumer product). Your data is not used to train any AI model. We use API agreements that prohibit data retention by the LLM provider.
Document Isolation
Uploaded documents are stored in organisation-scoped S3 buckets. They are never indexed alongside other users' data. Full deletion is available on request.
Incident Response
We maintain an incident response plan. In the event of a data breach, affected users will be notified within 72 hours as required by applicable law.
Our commitments
- Your documents are never used to train AI models
- Your data is never shared with other users or third parties (except as required to provide the Service)
- You can delete your account and all data at any time
- We will never sell your data
Compliance roadmap
We are actively working towards SOC 2 Type II certification and compliance with India's Digital Personal Data Protection Act (DPDPA) 2023. If you have specific compliance requirements, please contact us at security@lexarna.com.
Report a vulnerability
If you discover a security vulnerability, please report it responsibly to security@lexarna.com. We take all reports seriously and will respond within 48 hours.