Privacy Policy
Last updated: February 20, 2026
1. Introduction
LexQ, LLC ("Company", "we", "us") is committed to protecting the privacy of our customers. This Privacy Policy describes how we collect, use, store, and disclose information when you use our policy engine platform ("Service") at lexq.io, console.lexq.io, and api.lexq.io.
2. Information We Collect
2.1 Account Information
When you create an account, we collect: name, email address, company name, phone number, and password (stored as a cryptographic hash). This information is required to provide the Service and communicate with you.
2.2 Customer Data
In the course of using the Service, you may submit policy definitions, rule configurations, execution input data (facts), simulation parameters, and deployment configurations ("Customer Data"). We process Customer Data solely to provide the Service.
2.3 Usage and Log Data
We automatically collect: policy execution logs and traces, simulation results, API call metadata (timestamps, response codes, latency), IP addresses, browser type and version, and pages visited within the Service. Execution logs are retained according to your subscription plan (7, 30, or 90 days).
2.4 Billing Information
Payment processing is handled by Stripe (for USD) and Toss Payments (for KRW). We do not store credit card numbers or full payment details on our servers. Each provider's privacy policy governs the handling of payment information.
3. How We Use Your Information
We use the information we collect to: provide, operate, and maintain the Service; process transactions and send billing-related communications; monitor usage for plan enforcement and overage calculations; detect and prevent fraud, abuse, and security incidents; send service-related notices (maintenance, security alerts, plan changes); improve the Service based on aggregated, anonymized usage patterns; and comply with legal obligations. We do not sell your personal information to third parties. We do not use Customer Data for advertising or marketing purposes.
4. Data Storage and Security
Customer Data is stored on Amazon Web Services (AWS) infrastructure located in the United States. We implement industry-standard security measures including: encryption in transit (TLS 1.2+) and at rest (AES-256), isolated tenant environments (multi-tenant architecture with logical data separation), API key authentication with cryptographic hashing, role-based access controls, and regular security assessments. While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
5. Data Sharing and Disclosure
5.1 Service Providers
We share information with third-party service providers who assist in operating the Service: Amazon Web Services (AWS) for cloud infrastructure and data hosting; Stripe for payment processing (USD); Toss Payments for payment processing (KRW); and email service providers for transactional communications. These providers are contractually obligated to protect your data and use it only for the purposes we specify.
5.2 Legal Requirements
We may disclose your information if required to do so by law, regulation, legal process, or governmental request. We will notify you of such disclosure unless prohibited by law.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership.
6. Data Retention
Account information is retained for as long as your account is active. Customer Data (policy definitions, rules) is retained while your account is active and for 30 days after account termination. Execution logs are retained according to your plan tier (Free: 7 days, Growth: 30 days, Pro: 90 days). Billing records are retained for 7 years as required by applicable tax laws. Upon account deletion, we permanently remove your personal data within 30 days, except where retention is required by law.
7. Your Rights
7.1 General Rights
You have the right to: access the personal information we hold about you; correct inaccurate or incomplete information; export your Customer Data through the console or API; delete your account and associated data; and opt out of non-essential communications.
7.2 California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA): the right to know what personal information is collected, used, and shared; the right to request deletion of your personal information; the right to opt out of the sale of personal information (we do not sell personal information); and the right to non-discrimination for exercising your CCPA rights.
7.3 EEA/UK Residents (GDPR)
If you are located in the European Economic Area or United Kingdom, you have additional rights under GDPR: the right to data portability; the right to restrict processing; the right to object to processing; the right to withdraw consent; and the right to lodge a complaint with a supervisory authority. Our legal basis for processing personal data is: contract performance (to provide the Service), legitimate interests (to improve the Service and ensure security), and legal compliance (to meet regulatory obligations).
8. Cookies and Tracking
We use essential cookies for authentication and session management. We do not use third-party advertising cookies or tracking pixels. Analytics, if implemented, will use privacy-focused solutions that do not track individual users across sites.
9. International Data Transfers
Your data may be transferred to and processed in the United States, where our servers are located. If you are accessing the Service from outside the United States, you consent to the transfer of your information to the United States. We implement appropriate safeguards for international data transfers as required by applicable law.
10. Children's Privacy
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 30 days before they take effect. Your continued use of the Service constitutes acceptance of the updated policy.
12. Contact Us
For privacy-related questions or to exercise your rights, contact us at: hello@lexq.io