site logo
Lexkeep
Privacy Policy | Terms of Use

Privacy Policy

 

1. Introduction

Lexkeep Oy (“Lexkeep,” “we,” “us,” or “our”) operates a secure evidence and records platform designed for legal workflows. Protecting your privacy is paramount. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (the “Site”) or use our services, including blockchain anchoring, encrypted cloud storage, and optional end-to-end encryption (E2EE).

2. Data Controller

Lexkeep Oy
Helsinki, Finland

3. Scope

This policy applies to all visitors to lexkeep.com and all users of Lexkeep services.

4. Information We Collect

4.1. Information You Provide

• Account registration: name, work email, organization, role, password.
• Contact forms: inquiries, support requests, feedback.
• Payment details (for paid plans): billing name, address, payment method.

4.2. Automatically Collected Information

• Usage data: pages visited, features used, timestamps.
• Device data: IP address, browser type/version, operating system, device identifiers, language settings.
• First-party cookies and similar technologies for authentication, site security, and performance analytics.

4.3. Evidence Files and Metadata

• Files you upload (PDF, DOCX, JPG, WAV, MP4, etc.) and associated metadata (file name, upload time, hash).
• If you enable E2EE, plaintext remains encrypted on your device and is not accessible to Lexkeep.

  1. How We Use Your Information
    We process information to:
    • Provide, maintain, and improve Lexkeep services.
    • Create and manage your account.
    • Encrypt, store, and anchor your evidence files.
    • Process payments and prevent fraud.
    • Communicate service updates and support responses.
    • Monitor usage to ensure security and optimize performance.
    • Comply with legal obligations and enforce our Terms of Service.
  2. Legal Bases for Processing (GDPR)
    • Contract performance: to provide the services you request.
    • Consent: for optional communications (e.g., marketing) and non-essential cookies.
    • Legitimate interests: platform improvement, fraud prevention, security.
    • Legal compliance: responding to lawful requests or regulations.
  3. Cookies and Tracking
    We use first-party cookies and similar technologies to:
    • Authenticate users and manage sessions.
    • Enable essential site functionality.
    • Gather anonymous, aggregated performance metrics for internal analysis.
    We do not employ third-party analytics or advertising cookies. You may manage or disable cookies via your browser settings, though this may affect Site functionality.
  4. Data Sharing and Disclosure
    We do not sell your Personal Information. We may share data with:
    • Service providers acting on our behalf (e.g., EU-based cloud hosting, payment processors).
    • Affiliates in the context of corporate transactions (e.g., merger, acquisition).
    • Legal or regulatory authorities when required by law or to protect our rights.
    • Parties you explicitly authorize (e.g., sharing cohorts with external collaborators).
  5. Data Location and Transfers
    All data (including encrypted files and metadata) resides in secure EU-based data centers. We do not transfer your Personal Information outside the European Economic Area.
  6. Data Retention
    • Account data: retained until you delete your account, then soft-deleted and purged within 6 months. In rare compliance or legal scenarios, full deletion may take up to 12 months.
    • Uploaded files (WORM storage): when you delete a file, a soft delete is triggered immediately, but due to Write-Once-Read-Many storage, the underlying data may persist in backup systems full erasure may take up to 12 months.
    • Blockchain hashes: cryptographic fingerprints anchored on the Ethereum blockchain are immutable; once published, neither Lexkeep nor any user can delete or alter them.
    • Metadata and audit logs: retained for the same periods noted above, unless legal requirements dictate longer retention.
    • Aggregate, non-personal performance metrics: retained indefinitely.
  7. Security Measures
    • AES-256 encryption at rest for all stored files.
    • Optional client-side E2EE: plaintext never leaves your device.
    • Blockchain anchoring on Ethereum for immutable proofs and timestamps.
    • TLS encryption in transit.
    • Role-based access controls and multi-factor authentication for administrative users.
    • Routine vulnerability assessments and security audits.
  8. Your Rights
    Depending on your jurisdiction, you may have the right to:
    • Access or obtain a copy of your Personal Information.
    • Correct or update inaccurate data.
    • Request deletion of your data (“right to be forgotten”).
    • Restrict or object to certain processing.
    • Data portability.
    • Withdraw consent where processing is consent-based.
    To exercise any right, contact us at privacy@lexkeep.com. 
  9. Children’s Privacy
    Lexkeep is not intended for children under 16. We do not knowingly collect Personal Information from minors. If you believe we have done so, please contact us to request deletion.
  10. Changes to This Policy
    We may update this policy to reflect changes in practices or legal requirements. We will post the revised policy with a new “Effective Date” and, where appropriate, notify you by email or via the Site.
  11. Contact Us
    Email: privacy@lexkeep.com