LEXWRITE — PRIVACY POLICY

Effective Date: June 1, 2026

Last Updated: June 1, 2026

Version: 1.0

CORE COMMITMENT TO LEGAL PROFESSIONALS: LexWrite is built for attorneys. We understand that confidentiality and privilege are the foundation of your practice. LexWrite does not and will never use your case files, uploaded documents, client information, or AI outputs to train, fine-tune, or improve our AI models or any third-party AI models. Your data remains yours.

1. INTRODUCTION

LexWrite, Inc. ("LexWrite," "we," "our," or "us") respects your privacy and is committed to protecting the personal data and confidential client information you entrust to us. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the LexWrite platform, website, and associated applications (collectively, the "Service").

By accessing or using the Service, you agree to the practices described in this Privacy Policy. If you do not agree with our policies and practices, your choice is not to use our Service. This Privacy Policy is incorporated into and forms part of our Terms and Conditions of Service.

2. INFORMATION WE COLLECT

We collect several types of information from and about users of our Service, including:

2.1 Account and Registration Data

When you create an account, subscribe to a paid plan, or communicate with us, we collect personal information such as your name, email address, professional title, law firm or organization name, jurisdiction(s) of practice, phone number, and billing information (processed securely via our payment processor, Stripe).

2.2 Customer Data (Case Files and Documents)

In the course of using LexWrite to draft documents, analyze case files, or review records, you will upload, input, and generate content (collectively, "Customer Data"). This includes legal briefs, contracts, deposition transcripts, medical records, notes, and AI-generated outputs. You retain all ownership rights to your Customer Data.

2.3 Automatically Collected Usage Data

As you interact with our Service, we automatically collect certain technical and usage information to ensure the platform operates securely and efficiently. This includes:

• Device and Log Information: IP addresses, browser type, operating system, referring URLs, and timestamps.
• Usage Patterns: Which tools you use most frequently, session durations, and error logs (e.g., if a document fails to process). We use this data only in an aggregated, de-identified format to improve platform performance.

3. HOW WE USE YOUR INFORMATION

We use the information we collect strictly for the following purposes:

• To Provide the Service: Processing your documents through our AI infrastructure to generate the drafting, analysis, and research outputs you request.
• To Maintain Account Security: Authenticating logins, monitoring for fraudulent activity, and ensuring compliance with our Terms of Service.
• To Communicate With You: Sending transactional emails (billing receipts, password resets), customer support responses, and important product updates.
• To Improve the Platform (Technical Only): Analyzing aggregated usage data to optimize server performance, fix bugs, and design better user interfaces.

4. HOW AI PROCESSING WORKS (AND HOW IT DOESN'T)

Because LexWrite relies on advanced generative AI, transparency regarding data flow is critical:

• Zero Training Data: We explicitly opt out of data training with all of our underlying foundational model providers (e.g., Google, OpenAI, Anthropic). When your data is sent to an LLM via our secure API, it is processed transiently to generate your output and is immediately discarded by the model provider. It is never used to train their models, nor our own.
• Encrypted Transit: All prompts and documents sent for AI processing are encrypted in transit using TLS 1.3.

5. DATA SHARING AND DISCLOSURE

We do not sell, rent, or lease your personal information or Customer Data to any third parties. We only share information in the following limited circumstances:

• Trusted Subprocessors: We use secure, industry-leading third-party service providers (such as AWS for cloud hosting, Stripe for payments, and select LLM providers for AI processing). These subprocessors are strictly bound by confidentiality agreements and are prohibited from using your data for any purpose other than providing the contracted service to LexWrite.
• Legal and Regulatory Compliance: We may disclose information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). As stated in our Terms of Service, we will attempt to notify you before disclosing Customer Data, unless legally prohibited from doing so.
• Business Transfers: If LexWrite is involved in a merger, acquisition, or asset sale, your personal information and Customer Data may be transferred, provided the receiving entity agrees to be bound by privacy terms no less protective than this Policy.

6. DATA SECURITY AND HIPAA COMPLIANCE

We implement robust, enterprise-grade technical and organizational measures to secure your data from accidental loss and unauthorized access, use, alteration, and disclosure.

• Encryption: All Customer Data is encrypted at rest using AES-256 and in transit using modern TLS protocols.
• Access Controls: Access to infrastructure hosting Customer Data is strictly limited to authorized engineering personnel via zero-trust architecture and multi-factor authentication.
• HIPAA BAAs: For law firms processing Protected Health Information (PHI) in personal injury, medical malpractice, or workers' compensation matters, Business Associate Agreements (BAAs) are available for Enterprise-tier subscribers.

7. DATA RETENTION AND DELETION

We retain your personal information and Customer Data only for as long as your Account is active or as needed to provide you the Service. You can delete individual documents, cases, or your entire Account at any time through the Service interface.

Upon Account termination, we provide a 30-day grace period for you to export your data. Following that period, all Customer Data is permanently destroyed from our active servers within 60 days. Backups are automatically purged in accordance with our standard rotation schedules (maximum 90 days).

8. YOUR PRIVACY RIGHTS

Depending on your location (such as California under the CCPA, or the EU/UK under the GDPR), you may have certain rights regarding your personal information, including:

• The right to access the personal data we hold about you.
• The right to request correction of inaccurate data.
• The right to request deletion of your personal data.
• The right to opt-out of marketing communications at any time.

To exercise any of these rights, please contact us at privacy@lexwrite.qzz.io. We will respond to your request within the timeframe required by applicable law.

9. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. If we make material changes, we will notify you by email or through a prominent notice on the Service prior to the change becoming effective. Your continued use of the Service after the effective date indicates your acceptance of the updated Privacy Policy.

10. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer at:

Email: privacy@lexwrite.qzz.io

LexWrite, Inc.

This Privacy Policy was last updated on June 1, 2026.