Privacy Policy

QUICK SUMMARY (TL;DR)

✅ What we collect:

Email address & password (encrypted)
Your chats with Lexo
Usage data (IP, browser)

✅ What we DO:

Store your chat history so you can see it
Send your questions to Anthropic (AI provider) to generate answers
Use anonymous statistics to improve the service

❌ What we DON'T do:

We NEVER sell your data
We DON'T read your chats (unless you request support)

🛡️ Your rights:

Delete your account at any time
Get all your data
Request correction of incorrect information

At Lexo, we value your privacy. This policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR).

1. DATA CONTROLLER

ETL Dynamics AB
Organization number: 559459-2999
Address: Villavägen 7, 747 30 Alunda, Sweden
Email: info@lexo.nu

We are the data controller for the processing of your personal data under GDPR.

2. WHAT PERSONAL DATA DO WE COLLECT?

2.1 Data You Give Us Directly

A) Account Registration:

Email address (used for login and communication)
Password (stored encrypted - we can NEVER see your password in plain text)
Name (optional, if you choose to provide it)

B) Subscription (Pro):

Payment information is handled 100% by Stripe (third-party provider)
We NEVER store card numbers, CVV, or bank details
We only receive confirmation that payment succeeded and your Stripe Customer ID

C) Chat History:

All your questions to Lexo
AI-generated responses
Timestamps (when you chatted)

2.2 Data We Collect Automatically

A) Technical data:

IP address (for security and error handling)
Browser type and version
Operating system and device

B) Usage data (Anonymous Statistics):

Number of chats per day
Average session length
Which features are used most

3. COOKIES AND SIMILAR TECHNOLOGIES

3.1 What are Cookies?

Cookies are small text files stored in your browser to enable functionality on the website.

3.2 Cookies We Use

Cookie Type	Purpose	Provider	Duration
Necessary	Keep you logged in (session tokens)	Supabase	Session / 7 days
Authentication	Access token and refresh token for secure login	Supabase	1 hour / renewable
Payment Security	Prevent fraud during payment	Stripe	30 minutes
Preferences	Remember your language and display settings	Lexo	1 year

3.3 Third-Party Cookies

Stripe (payment processing):

__stripe_mid and __stripe_sid - Used for fraud prevention and secure payment
These cookies are only set when you make a payment
More information: Stripe's Cookie Policy

Google (when logging in with Google account):

If you choose to log in with Google, Google may set its own cookies
More information: Google's Cookie Policy

4. SHARING WITH THIRD PARTIES

We NEVER share your data for marketing. However, we use the following subcontractors:

Provider	What They Do	Location
Anthropic	AI model (Claude) - processes your questions to generate answers	USA
Supabase	Database & authentication	EU (Stockholm)
Stripe	Payment handling	EU/USA
Render	Hosting	USA/EU

5. YOUR RIGHTS UNDER GDPR

5.1 Right to Access (Art. 15)

Get a copy of all data we have about you. Email info@lexo.nu with subject "GDPR - Data Access Request". Delivered within 30 days.

5.2 Right to Erasure - "Right to Be Forgotten" (Art. 17)

Delete all your data. Log in → Settings → "Delete account" or email info@lexo.nu.

5.3 Right to Data Portability (Art. 20)

Get your data in a format usable with another service. Email info@lexo.nu with subject "GDPR - Data Portability".

5.4 Right to Complain to Supervisory Authority (Art. 77)

If you are dissatisfied with how we handle your data, contact the Swedish Authority for Privacy Protection (IMY). Website: www.imy.se

6. SECURITY & PROTECTION OF YOUR DATA

Encryption: TLS 1.3 (HTTPS) for all communication, AES-256 in database
Access control: Only authorized personnel have access
Backup: Daily backups of the database
EU-based storage: Your data is primarily stored in EU (Stockholm, eu-north-1)

7. CONTACT & SUPPORT

Privacy questions:
Email: info@lexo.nu (Subject: "GDPR - [your question]")
Response time: 5 business days (GDPR matters within 30 days)