Skip to main content
LexivoaLEXIVOA

Legal

Privacy Policy

Last updated: April 2026

Lexivoa Ltd ("Lexivoa", "we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our platform, visit our website, or otherwise engage with us.

We are registered in England and Wales (Company No. 17081705) and registered with the Information Commissioner's Office. Depending on the context, Lexivoa may act as either a data controller or a data processor: we act as a controller for website, marketing, account, and business operations data, and may act as a processor where we handle platform data on behalf of customer organisations.

1. Who This Policy Applies To

This policy applies to:

  • Visitors to lexivoa.com and any related subdomains
  • Users of the Lexivoa platform, including auditors, tenant administrators, and client users
  • Authorised users of Lexivoa Connect and similar workflow integrations made available by subscribing organisations
  • Representatives of audit firms, litigation funders, and law firms who interact with us
  • Anyone who contacts us, requests a demo, or subscribes to communications from us

2. What Data We Collect

2.1 Account and Identity Data

  • Full name and job title
  • Work email address
  • Organisation name and type
  • Encrypted password credentials (we never store passwords in plain text)

2.2 Platform Usage Data

  • Audit cycles, checklist completions, and findings you create or interact with
  • Case records and associated metadata uploaded to the platform
  • Actions performed within the platform (audit trail logs)
  • Session and authentication tokens (stored securely, not exposed to other users)

2.3 Contact and Enquiry Data

  • Name, email, and message content when you contact us or request a demo
  • Any information you provide voluntarily in correspondence with us

2.4 Technical Data

  • IP address and approximate geolocation (country/region level)
  • Browser type and version, device type, operating system
  • Pages visited, time on site, and referring URLs
  • Cookie identifiers (see Section 9)

2.5 Workflow Integration and Browser Extension Data

  • Approved-page context used to identify the relevant case or workflow, such as case references, matter identifiers, or document labels
  • Explicit user selections, such as highlighted text or manual search values submitted through Lexivoa Connect
  • Extension session identifiers, security events, and action logs associated with connected workflow integrations

Lexivoa Connect is designed to minimise data collection. We do not collect general browsing history, and we do not read unrelated content from websites outside approved customer workflows.

3. How We Use Your Data

We use your personal data for the following purposes:

  • Providing the platform: To create and manage your account, authenticate your sessions, and deliver the services you or your organisation have contracted for
  • Providing workflow integrations: To surface audit context, case status, and permitted actions inside approved third-party systems where your organisation has enabled Lexivoa Connect
  • Platform security: To detect and prevent unauthorised access, fraud, and abuse — including rate limiting, session management, and audit logging
  • Communications: To respond to your enquiries, provide support, and send product updates where you have consented or have a legitimate interest
  • Legal and compliance obligations: To comply with applicable laws, including data protection law, and to respond to lawful requests from regulators or law enforcement
  • Product improvement: To understand how the platform is used and improve its functionality (using aggregated or anonymised data where possible)

4. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

  • Contract (Article 6(1)(b)): Processing necessary to perform our contract with you or your organisation, including delivering platform access and support
  • Legitimate interests (Article 6(1)(f)): Security monitoring, fraud prevention, product analytics, and direct marketing to existing clients or professional contacts
  • Legal obligation (Article 6(1)(c)): Where we are required to process data to comply with applicable law
  • Consent (Article 6(1)(a)): Where you have specifically opted in, such as subscribing to marketing communications

5. Data Storage and Security

All personal data processed by Lexivoa is stored in the United Kingdom. We do not transfer your personal data outside the UK or EEA unless required to do so by law or with appropriate safeguards in place.

We implement the following technical and organisational security measures:

  • Encryption of data at rest and in transit (TLS 1.2+)
  • Argon2-hashed password storage — passwords are never readable by Lexivoa staff
  • Multi-tenant data isolation — each organisation's data is strictly partitioned
  • Role-based access controls — users only access data relevant to their role
  • Session freshness checks and automatic expiry
  • IP-based and credential-based rate limiting and lockout
  • Approved-domain restrictions and least-privilege workflow integration permissions
  • Full audit logging of platform actions

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with services. On account closure or contract termination:

  • Platform data is retained for up to 90 days following termination to allow for export, then securely deleted
  • Audit logs and compliance records may be retained for up to 7 years where required by applicable law or regulation
  • Contact and enquiry data is retained for up to 3 years from last interaction unless you request earlier deletion

7. Sharing Your Data

We do not sell your personal data. We may share it with:

  • Sub-processors: Third-party service providers who process data on our behalf under written data processing agreements, including:
    • Infrastructure and hosting providers based in the United Kingdom
    • Transactional email providers (for account notifications)
  • Within your organisation: Other authorised users within your firm or funder organisation, as governed by the role-based access model
  • Legal or regulatory requirements: Where required by law, court order, or to protect the rights, property, or safety of Lexivoa or others
  • Business transfers: In the event of a merger, acquisition, or sale of assets, with appropriate data protection obligations maintained

8. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your data, subject to legal retention obligations
  • Right to restriction: Request that we restrict processing of your data in certain circumstances
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests or direct marketing
  • Rights related to automated decision-making: We do not make solely automated decisions with legal or similarly significant effects on individuals

To exercise any of these rights, contact us at privacy@lexivoa.com. We will respond without undue delay and at the latest within one month. You also have the right to lodge a complaint with the ICO at ico.org.uk.

9. Cookies

We use cookies and similar technologies to operate our website and platform. These include:

  • Strictly necessary cookies: Required for authentication and secure session management — these cannot be disabled
  • Analytics cookies: Used to understand how visitors use our website. We use privacy-respecting analytics that do not track individuals across sites.

We do not use third-party advertising or tracking cookies.

When you submit website forms, we may also use Cloudflare Turnstile or similar security verification services to help distinguish legitimate visitors from automated abuse. This may involve limited technical and interaction data being processed for fraud prevention and security purposes.

10. Children's Privacy

The Lexivoa platform is intended for professional use by adults. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will notify platform users by email and update the "Last updated" date above. Continued use of the platform after notification constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us: