Privacy Policy
1. Introduction
Lexkeep Oy (“Lexkeep,” “we,” “us,” or “our”) operates a secure legal practice management platform for digital legal workflows. Protecting your privacy is paramount. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (the “Site”) or use our services, including blockchain anchoring, encrypted cloud storage, and optional end-to-end encryption (E2EE).
2. Data Controller
Lexkeep Oy (3578901-3)
Helsinki, Finland
3. Scope
This policy applies to all visitors to lexkeep.com and all users of Lexkeep services.
4. Information We Collect
4.1. Information You Provide
- Account registration: name, work email, organization, role, password.
- Contact forms: inquiries, support requests, feedback.
- Payment details (for paid plans): billing name, address, payment method (processed by our payment providers).
4.2. Automatically Collected Information
- Usage data: pages visited, features used, timestamps.
- Device data: IP address, browser type/version, operating system, device identifiers, language settings.
- Cookies and similar technologies: used for authentication, site security, preferences, and (where you consent) marketing measurement.
4.3. Evidence Files and Metadata
- Files you upload (PDF, DOCX, JPG, WAV, MP4, etc.) and associated metadata (file name, upload time, hash).
- If you enable E2EE, plaintext remains encrypted on your device and is not accessible to Lexkeep.
5. How We Use Your Information
We process information to:
- Provide, maintain, and improve Lexkeep services.
- Create and manage your account.
- Encrypt, store, and anchor your evidence files.
- Process payments and prevent fraud.
- Communicate service updates and support responses.
- Monitor usage to ensure security and optimize performance.
- Comply with legal obligations and enforce our Terms of Service.
6. Legal Bases for Processing (GDPR)
- Contract performance: to provide the services you request.
- Consent: for non-essential cookies and marketing measurement (e.g., Google Ads conversion tracking).
- Legitimate interests: platform improvement, fraud prevention, security.
- Legal compliance: responding to lawful requests or regulations.
7. Cookies and Tracking
7.1 Essential cookies
We use essential cookies to:
- Authenticate users and manage sessions.
- Enable core site functionality.
- Maintain security and prevent abuse.
7.2 Marketing measurement (Google Ads) — optional
With your consent, we use Google Ads conversion tracking (Google tag / gtag.js) to measure the effectiveness of our advertising campaigns (for example, whether a visitor who clicked an ad later completed a sign-up or requested a demo).
This may involve Google processing certain device and usage information (such as IP address, cookie identifiers, and information about your interaction with our Site). We do not intentionally send sensitive content (such as uploaded evidence files) to Google.
You can withdraw consent at any time via our cookie settings.
7.3 Managing cookies
You can manage cookies through our cookie banner/settings and through your browser settings. Disabling certain cookies may affect Site functionality.
8. Data Sharing and Disclosure
We do not sell your Personal Information. We may share data with:
- Service providers acting on our behalf (e.g., cloud hosting, payment processors, email delivery).
- Advertising/measurement providers (e.g., Google) where you have consented to marketing measurement cookies.
- Affiliates in the context of corporate transactions (e.g., merger, acquisition).
- Legal or regulatory authorities when required by law or to protect our rights.
- Parties you explicitly authorize (e.g., sharing cohorts with external collaborators).
9. Data Location and Transfers
We host Lexkeep service data in secure EU-based data centers by default.
However, where you consent to third-party marketing measurement (e.g., Google Ads), limited data may be processed by Google and may be transferred outside the European Economic Area depending on Google’s infrastructure and settings. Where applicable, we rely on appropriate safeguards for such transfers (for example, Standard Contractual Clauses).
10. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, including to provide the Services, maintain security, comply with legal obligations, and establish, exercise, or defend legal claims.
- Account data: We retain account data for the duration of the account relationship and thereafter only as necessary for compliance, security, fraud prevention, dispute resolution, or other legitimate business purposes.
- Uploaded files and records: We retain uploaded files and related records in accordance with the applicable customer, workspace, or record retention settings. Where files are stored in protected or immutable storage, they may not be modified or erased before the applicable retention period expires.
- Archived files: Archiving affects a file’s status within the Services but does not by itself delete the file or alter any applicable retention setting.
- Deleted files: When a file is deleted through the Services, it is removed from active use within the application. Permanent erasure may be delayed where applicable retention settings, legal obligations, technical limitations, or other lawful grounds require continued retention.
- Blockchain hashes: Cryptographic hashes recorded on a public blockchain are immutable and cannot be altered or deleted.
- Metadata and audit logs: We retain metadata and audit logs for as long as necessary to provide the Services, maintain security and integrity, comply with legal obligations, and establish, exercise, or defend legal claims.
- Aggregated or de-identified data: We may retain aggregated or de-identified data to the extent permitted by applicable law.
11. Security Measures
- AES-256 encryption at rest for all stored files.
- Optional client-side E2EE: plaintext never leaves your device.
- Blockchain anchoring on Ethereum for immutable proofs and timestamps.
- TLS encryption in transit.
- Role-based access controls and multi-factor authentication for administrative users.
- Routine vulnerability assessments and security audits.
12. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access or obtain a copy of your Personal Information.
- Correct or update inaccurate data.
- Request deletion of your data.
- Restrict or object to certain processing.
- Data portability.
- Withdraw consent where processing is consent-based.
To exercise any right, contact us at privacy@lexkeep.com.
13. Children’s Privacy
Lexkeep is not intended for children under 16. We do not knowingly collect Personal Information from minors. If you believe we have done so, please contact us to request deletion.
14. Changes to This Policy
We may update this policy to reflect changes in practices or legal requirements. We will post the revised policy with a new “Effective Date” and, where appropriate, notify you by email or via the Site.
15. Contact Us
Email: privacy@lexkeep.com
