Skip to main content

Home / Privacy Policy

Privacy Policy

Last updated: July 16, 2026

Information We Collect

We collect the following categories of personal data:

  • Account information: name, email address, phone number, and profile details when you create an account
  • Lawyer credentials (lawyer accounts only): the practising-licence or bar-card number and any verification document you choose to upload (licence scans). Providing a credential is optional — it is used only to award the Verified badge. We do not collect Emirates ID numbers.
  • AI interaction data: queries submitted to our AI tools, documents uploaded for analysis, and chat history
  • Messages: the messages you exchange with lawyers through the platform chat, processed and stored by our real-time messaging provider (see Sub-processors) and screened automatically for compliance with our Acceptable Use Policy
  • Enquiry details: if you send an enquiry through our contact forms — with or without an account — we collect the name, email address, phone number, and message you provide so your enquiry can be handled and responded to. When your enquiry is directed at a specific lawyer, these details are shared with that lawyer so they can respond. We also record your IP address to prevent spam
  • Public Q&A posts: questions you submit to our Ask a Lawyer section are published on the site immediately and shown without your name. The text of your question is publicly visible — please do not include personal details you do not want public. Your questions are permanently deleted when you delete your account
  • Document translation orders (when our translation service is available to you): the documents you upload for translation, your order and payment details, and the Privacy Policy version you accepted when placing the order. Source documents are deleted 48 hours after your translation is delivered, and the delivered translation file is deleted 365 days after delivery
  • Lawyer subscription records (lawyer accounts only): subscription plan, billing status, and transaction references handled by our secure payment provider — we do not store credit card numbers, CVVs, or full card details on our servers
  • Usage analytics: pages visited, features used, session duration, and interaction patterns to improve the platform. Browser-based analytics run only with your consent via the cookie banner. Separately, we record a small number of service events on our servers (for example, that an enquiry, review, or reservation was completed), keyed to a pseudonymous account or record ID and never containing your name, email, or phone number

Lawful Basis for Processing

We process your personal data in line with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), which requires consent unless a statutory exception applies:

  • Consent: you consent to processing when you create an account, accept this Privacy Policy, enable optional cookies, or opt into marketing communications
  • Contract necessity: processing needed to provide the LEXAI directory service you signed up for
  • Legal obligation: processing needed to comply with UAE regulatory and record-keeping requirements, including subscription billing records for lawyer accounts
  • Protection and security: processing needed to secure the platform and prevent abuse

How We Use Your Data

Your data is used to:

  • Provide and maintain the LEXAI advertising directory
  • Help clients discover verified lawyers by practice area, location, and language
  • Power AI features including legal research and document analysis
  • Send transactional emails (account confirmations, notifications, reminders) via our email-delivery provider
  • Enable lawyer subscription billing for our paid tiers (lawyer accounts only)
  • Comply with UAE legal and regulatory requirements

Third-Party Service Providers (Sub-processors)

We share data with the following service providers, strictly for platform functionality and under signed Data Processing Agreements:

  • Database, authentication, and storage provider — hosts user accounts, profile data, and uploaded documents
  • Application hosting and AI Gateway provider — serves the website and routes AI requests
  • AI model provider — processes AI queries via Vercel AI Gateway with Zero Data Retention enabled
  • Embeddings provider — generates vector embeddings for legal-research search
  • Transactional email provider — delivers account, notification, and reminder emails
  • Real-time messaging provider — powers lawyer-client chat
  • Secure payment provider (lawyer accounts only) — processes lawyer subscription billing; card data is handled entirely by the provider and never touches our servers
  • Error-monitoring provider — captures anonymised crash and performance telemetry
  • Product analytics provider (EU-region) — browser analytics run only with your consent; limited server-side service events (pseudonymous IDs only — never your name, email, or phone) are recorded to operate and improve the service
  • Session-replay & behavioural analytics provider (United States) — used only with your consent for usage analytics

For a complete and continuously-updated list of every sub-processor (provider name, role, data category, residency, and DPA URL), see our Sub-processors page at https://lexaidxb.com/legal/sub-processors.

We never sell your personal data to advertisers or any third party.

International Transfers

Some of our sub-processors are based outside the United Arab Emirates. Under the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, Articles 22–26), we are permitted to transfer your personal data to such jurisdictions when (a) you have provided informed consent by accepting this Privacy Policy, (b) the receiving processor maintains adequate technical and organisational safeguards through a binding Data Processing Agreement, and (c) we apply data minimisation — transferring only the personal data strictly necessary for the stated purpose.

The relevant transfers and their safeguards are:

  • United States — AI model provider (inference), embeddings provider, transactional email provider, error-monitoring provider, and session-replay / behavioural analytics provider. These providers are bound by signed DPAs published on their public legal pages and listed on our Sub-processors page.
  • Multi-region — application hosting + AI Gateway, real-time messaging provider, secure payment provider (lawyer subscription billing only). Routing is configured to keep data within the closest available region where commercially feasible.
  • European Union — product analytics provider (EU endpoint; events carry only pseudonymous account or record identifiers — never your name, email address, or phone number).

For AI processing specifically, queries are routed through Vercel AI Gateway with Zero Data Retention (ZDR) enabled to Anthropic Claude. Anthropic is contractually bound under ZDR to (a) not retain your queries after the response is returned, (b) not use your data to train AI models, and (c) not share your data with any third party. The Vercel AI Gateway acts purely as a transit layer and does not persist message content. This combination — explicit DPAs + ZDR + data minimisation (we send the user's question, the retrieved legislation snippets, and — when you use the document-analysis feature — the content of the document you uploaded; never your email, name, phone, or account ID) — is how LEXAI satisfies PDPL Art. 22–26 for AI processing.

For the full list of every sub-processor, the data residency, and the DPA URL, see https://lexaidxb.com/legal/sub-processors.

AI Data Handling

AI queries are processed via Vercel AI Gateway using Anthropic Claude models. We send the AI provider only what is needed to answer your question (see International Transfers below), and we do not use your data to train AI models.

AI chat history is stored on our platform for your convenience so you can review past conversations. Each conversation is automatically deleted 12 months after your last activity in it. You can pin up to 25 conversations to keep them indefinitely. Deleting your account purges all chat data immediately.

Data Retention

  • Account data: retained while your account is active. When you delete your account, your profile and personal identifiers are permanently and irreversibly removed. Some records are retained afterwards only where required by law or for legitimate operational needs — specifically subscription billing records (lawyer accounts) and security/audit logs (each described below).
  • Lawyer–client communications: messages you exchange with lawyers through the platform chat are processed and stored by our real-time messaging provider (see the Sub-processors page) so your conversation history remains available to you, and are automatically screened for compliance with our Acceptable Use Policy. Consultations themselves are arranged and conducted directly between you and the lawyer, off-platform — LEXAI does not record or retain the consultation itself.
  • AI chat sessions: 12 months from your last activity in each conversation, then automatically purged. Pin a conversation (up to 25 per account) to keep it indefinitely. Account deletion purges all chat data immediately.
  • Lawyer subscription billing records (lawyer accounts only): retained per UAE financial-record-keeping requirements (up to 7 years) and the data-retention policies of our payment provider.
  • Deleted account records: a minimal record (reason for deletion, account type, deletion date) is kept in our deleted_accounts table for admin reference and returning-user detection.

Your Rights Under UAE PDPL

Under the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), you have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing at any time
  • Object to automated decision-making
  • Lodge a complaint with the UAE Data Office, the federal data-protection authority

You can exercise most of these rights directly from the Data & Privacy page in your account settings. Account deletion requires password confirmation and typing "DELETE" to proceed — deletion is immediate and cannot be reversed. If you have a consultation that is still scheduled, in progress, or awaiting confirmation, deletion is paused until it is resolved.

Cookies

LEXAI uses both essential and optional cookies. Essential cookies (session, authentication, language preference) are required for the platform to function and cannot be disabled. Optional cookies (analytics, additional preferences) are set only after you grant consent through our cookie banner; you can change or withdraw your consent at any time.

With your consent only, we use Google's advertising and conversion-measurement cookies (Google Ads) to measure how our advertising campaigns perform — for example, whether an ad led to a founding-member reservation. If you choose essential-only, no advertising or measurement cookies are set. For full details of each cookie, its purpose, and how to control it, see our Cookie Policy at https://lexaidxb.com/cookies.

Data Breach Response

We maintain technical and organisational safeguards designed to prevent unauthorised access, loss, alteration, or disclosure of your personal data — including encryption in transit, role-based access controls, and audit logging.

In the event of a personal data breach affecting your data, we will:

  • Notify the UAE Data Office without undue delay, in accordance with UAE PDPL Article 9 and its Executive Regulations.
  • Notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
  • Document the nature of the breach, the categories and approximate number of data subjects and records concerned, the likely consequences, and the measures taken to address it.

Contact

For data privacy inquiries or to exercise your PDPL rights, contact us:

Email: info@lexaidxb.com Location: Dubai, United Arab Emirates

We will respond to all data requests within 30 days (our service commitment).

Questions?

If you have questions about this policy, contact us at info@lexaidxb.com