Privacy Policy

1. Introduction

Lexkeep Oy (“Lexkeep,” “we,” “us,” or “our”) operates a secure document management system designed for legal workflows. Protecting your privacy is paramount. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (the “Site”) or use our services, including blockchain anchoring, encrypted cloud storage, and optional end-to-end encryption (E2EE).

2. Data Controller

Lexkeep Oy (3578901-3)
Helsinki, Finland

3. Scope

This policy applies to all visitors to lexkeep.com and all users of Lexkeep services.

4. Information We Collect

4.1. Information You Provide

Account registration: name, work email, organization, role, password.
Contact forms: inquiries, support requests, feedback.
Payment details (for paid plans): billing name, address, payment method (processed by our payment providers).

4.2. Automatically Collected Information

Usage data: pages visited, features used, timestamps.
Device data: IP address, browser type/version, operating system, device identifiers, language settings.
Cookies and similar technologies: used for authentication, site security, preferences, and (where you consent) marketing measurement.

4.3. Evidence Files and Metadata

Files you upload (PDF, DOCX, JPG, WAV, MP4, etc.) and associated metadata (file name, upload time, hash).
If you enable E2EE, plaintext remains encrypted on your device and is not accessible to Lexkeep.

5. How We Use Your Information

We process information to:

Provide, maintain, and improve Lexkeep services.
Create and manage your account.
Encrypt, store, and anchor your evidence files.
Process payments and prevent fraud.
Communicate service updates and support responses.
Monitor usage to ensure security and optimize performance.
Comply with legal obligations and enforce our Terms of Service.

Contract performance: to provide the services you request.
Consent: for non-essential cookies and marketing measurement (e.g., Google Ads conversion tracking).
Legitimate interests: platform improvement, fraud prevention, security.
Legal compliance: responding to lawful requests or regulations.

7. Cookies and Tracking

7.1 Essential cookies

We use essential cookies to:

Authenticate users and manage sessions.
Enable core site functionality.
Maintain security and prevent abuse.

7.2 Marketing measurement (Google Ads) — optional

With your consent, we use Google Ads conversion tracking (Google tag / gtag.js) to measure the effectiveness of our advertising campaigns (for example, whether a visitor who clicked an ad later completed a sign-up or requested a demo).

This may involve Google processing certain device and usage information (such as IP address, cookie identifiers, and information about your interaction with our Site). We do not intentionally send sensitive content (such as uploaded evidence files) to Google.

You can withdraw consent at any time via our cookie settings.

7.3 Managing cookies

You can manage cookies through our cookie banner/settings and through your browser settings. Disabling certain cookies may affect Site functionality.

We do not sell your Personal Information. We may share data with:

Service providers acting on our behalf (e.g., cloud hosting, payment processors, email delivery).
Advertising/measurement providers (e.g., Google) where you have consented to marketing measurement cookies.
Affiliates in the context of corporate transactions (e.g., merger, acquisition).
Legal or regulatory authorities when required by law or to protect our rights.
Parties you explicitly authorize (e.g., sharing cohorts with external collaborators).

9. Data Location and Transfers

We host Lexkeep service data in secure EU-based data centers by default.

However, where you consent to third-party marketing measurement (e.g., Google Ads), limited data may be processed by Google and may be transferred outside the European Economic Area depending on Google’s infrastructure and settings. Where applicable, we rely on appropriate safeguards for such transfers (for example, Standard Contractual Clauses).

10. Data Retention

Account data: retained until you delete your account, then soft-deleted and purged within 6 months. In rare compliance or legal scenarios, full deletion may take up to 12 months.
Uploaded files (WORM storage): when you delete a file, a soft delete is triggered immediately, but due to Write-Once-Read-Many storage, the underlying data may persist in backup systems; full erasure may take up to 12 months.
Blockchain hashes: cryptographic fingerprints anchored on the Ethereum blockchain are immutable; once published, neither Lexkeep nor any user can delete or alter them.
Metadata and audit logs: retained for the same periods noted above, unless legal requirements dictate longer retention.
Aggregate, non-personal performance metrics: retained indefinitely.

11. Security Measures

AES-256 encryption at rest for all stored files.
Optional client-side E2EE: plaintext never leaves your device.
Blockchain anchoring on Ethereum for immutable proofs and timestamps.
TLS encryption in transit.
Role-based access controls and multi-factor authentication for administrative users.
Routine vulnerability assessments and security audits.

12. Your Rights

Depending on your jurisdiction, you may have the right to:

Access or obtain a copy of your Personal Information.
Correct or update inaccurate data.
Request deletion of your data.
Restrict or object to certain processing.
Data portability.
Withdraw consent where processing is consent-based.

To exercise any right, contact us at privacy@lexkeep.com.

13. Children’s Privacy

Lexkeep is not intended for children under 16. We do not knowingly collect Personal Information from minors. If you believe we have done so, please contact us to request deletion.

14. Changes to This Policy

We may update this policy to reflect changes in practices or legal requirements. We will post the revised policy with a new “Effective Date” and, where appropriate, notify you by email or via the Site.

15. Contact Us

Email: privacy@lexkeep.com

Privacy Policy

1. Introduction

2. Data Controller

Lexkeep Oy (3578901-3)
Helsinki, Finland

3. Scope

This policy applies to all visitors to lexkeep.com and all users of Lexkeep services.

4. Information We Collect

4.1. Information You Provide

Account registration: name, work email, organization, role, password.
Contact forms: inquiries, support requests, feedback.
Payment details (for paid plans): billing name, address, payment method (processed by our payment providers).

4.2. Automatically Collected Information

Usage data: pages visited, features used, timestamps.
Device data: IP address, browser type/version, operating system, device identifiers, language settings.
Cookies and similar technologies: used for authentication, site security, preferences, and (where you consent) marketing measurement.

4.3. Evidence Files and Metadata

Files you upload (PDF, DOCX, JPG, WAV, MP4, etc.) and associated metadata (file name, upload time, hash).
If you enable E2EE, plaintext remains encrypted on your device and is not accessible to Lexkeep.

5. How We Use Your Information

We process information to:

Provide, maintain, and improve Lexkeep services.
Create and manage your account.
Encrypt, store, and anchor your evidence files.
Process payments and prevent fraud.
Communicate service updates and support responses.
Monitor usage to ensure security and optimize performance.
Comply with legal obligations and enforce our Terms of Service.

Contract performance: to provide the services you request.
Consent: for non-essential cookies and marketing measurement (e.g., Google Ads conversion tracking).
Legitimate interests: platform improvement, fraud prevention, security.
Legal compliance: responding to lawful requests or regulations.

7. Cookies and Tracking

7.1 Essential cookies

We use essential cookies to:

Authenticate users and manage sessions.
Enable core site functionality.
Maintain security and prevent abuse.

7.2 Marketing measurement (Google Ads) — optional

You can withdraw consent at any time via our cookie settings.

7.3 Managing cookies

You can manage cookies through our cookie banner/settings and through your browser settings. Disabling certain cookies may affect Site functionality.

We do not sell your Personal Information. We may share data with:

Service providers acting on our behalf (e.g., cloud hosting, payment processors, email delivery).
Advertising/measurement providers (e.g., Google) where you have consented to marketing measurement cookies.
Affiliates in the context of corporate transactions (e.g., merger, acquisition).
Legal or regulatory authorities when required by law or to protect our rights.
Parties you explicitly authorize (e.g., sharing cohorts with external collaborators).

9. Data Location and Transfers

We host Lexkeep service data in secure EU-based data centers by default.

10. Data Retention

Account data: retained until you delete your account, then soft-deleted and purged within 6 months. In rare compliance or legal scenarios, full deletion may take up to 12 months.
Uploaded files (WORM storage): when you delete a file, a soft delete is triggered immediately, but due to Write-Once-Read-Many storage, the underlying data may persist in backup systems; full erasure may take up to 12 months.
Blockchain hashes: cryptographic fingerprints anchored on the Ethereum blockchain are immutable; once published, neither Lexkeep nor any user can delete or alter them.
Metadata and audit logs: retained for the same periods noted above, unless legal requirements dictate longer retention.
Aggregate, non-personal performance metrics: retained indefinitely.

11. Security Measures

AES-256 encryption at rest for all stored files.
Optional client-side E2EE: plaintext never leaves your device.
Blockchain anchoring on Ethereum for immutable proofs and timestamps.
TLS encryption in transit.
Role-based access controls and multi-factor authentication for administrative users.
Routine vulnerability assessments and security audits.

12. Your Rights

Depending on your jurisdiction, you may have the right to:

Access or obtain a copy of your Personal Information.
Correct or update inaccurate data.
Request deletion of your data.
Restrict or object to certain processing.
Data portability.
Withdraw consent where processing is consent-based.

To exercise any right, contact us at privacy@lexkeep.com.

13. Children’s Privacy

Lexkeep is not intended for children under 16. We do not knowingly collect Personal Information from minors. If you believe we have done so, please contact us to request deletion.

14. Changes to This Policy

15. Contact Us

Email: privacy@lexkeep.com

Privacy Policy

1. Introduction

2. Data Controller

3. Scope

4. Information We Collect

4.1. Information You Provide

4.2. Automatically Collected Information

4.3. Evidence Files and Metadata

5. How We Use Your Information

6. Legal Bases for Processing (GDPR)

7. Cookies and Tracking

7.1 Essential cookies

7.2 Marketing measurement (Google Ads) — optional

7.3 Managing cookies

8. Data Sharing and Disclosure

9. Data Location and Transfers

10. Data Retention

11. Security Measures

12. Your Rights

13. Children’s Privacy

14. Changes to This Policy

15. Contact Us

Privacy Policy

1. Introduction

2. Data Controller

3. Scope

4. Information We Collect

4.1. Information You Provide

4.2. Automatically Collected Information

4.3. Evidence Files and Metadata

5. How We Use Your Information

6. Legal Bases for Processing (GDPR)

7. Cookies and Tracking

7.1 Essential cookies

7.2 Marketing measurement (Google Ads) — optional

7.3 Managing cookies

8. Data Sharing and Disclosure

9. Data Location and Transfers

10. Data Retention

11. Security Measures

12. Your Rights

13. Children’s Privacy

14. Changes to This Policy

15. Contact Us