LEXAI

Home / Privacy Policy

Privacy Policy

Last updated: April 7, 2026

Information We Collect

We collect the following categories of data:

  • Personal information: name, email address, phone number, and profile details when you create an account
  • Lawyer credentials: Emirates ID numbers, bar licence or DIFC/ADGM registration numbers, and uploaded verification documents (licence scans, ID copies)
  • Consultation data: booking details, case descriptions, consultation type and fees, completion status, and dispute records
  • AI interaction data: queries submitted to our AI tools, documents uploaded for analysis, and chat history
  • Payment data: transaction records processed by Stripe. We do not store credit card numbers, CVVs, or full card details on our servers — Stripe handles all card data directly.
  • Usage analytics: pages visited, features used, session duration, and interaction patterns to improve the platform

How We Use Your Data

Your data is used to:

  • Provide and maintain the LEXAI marketplace
  • Match clients with appropriate lawyers based on practice area, location, and availability
  • Process consultation bookings and payments in AED
  • Power AI features including Situation Analyzer, Smart Matching, Document Analysis, Legal Research, Intake Summarizer, Notes Generator, Contract Drafter, and Q&A Draft Replies
  • Send transactional emails via Resend (booking confirmations, payment receipts, approval notifications, reminders)
  • Enable real-time messaging between clients and lawyers via Stream Chat
  • Comply with UAE legal and regulatory requirements

Third-Party Services

We share data with the following service providers, strictly for platform functionality:

  • Supabase — Database hosting (Postgres), user authentication, and file storage. Your data is stored in Supabase's cloud infrastructure.
  • Stripe — Payment processing. Stripe receives transaction amounts, currency, and payer details. Card data is handled entirely by Stripe and never touches our servers.
  • Resend — Transactional email delivery. Receives email addresses and email content for booking confirmations, notifications, and account communications.
  • Stream Chat — Real-time messaging between clients and lawyers. Message content is processed and stored by Stream.
  • Vercel — Application hosting and AI Gateway. Requests to AI models are routed through Vercel's infrastructure.
  • Anthropic — AI model provider. AI queries are sent to Anthropic's Claude models via Vercel AI Gateway for processing.

We never sell your personal data to advertisers or third parties.

AI Data Handling

AI queries are processed via Vercel AI Gateway using Anthropic Claude models. The AI provider does not retain your data after processing each request — there is zero data retention at the AI provider level.

We do not use your data to train AI models.

AI chat history is stored on our platform for your convenience so you can review past conversations. This history is permanently deleted when you delete your account.

Data Retention

  • Account data: retained while your account is active, plus 30 days after you request deletion (PDPL grace period)
  • Consultation records: 7 years (UAE financial record-keeping requirement)
  • AI chat sessions: stored until you delete your account, then permanently removed
  • Payment records: retained per Stripe's data retention policies and UAE financial compliance requirements (up to 7 years)
  • Deleted account records: a minimal record (reason for deletion, account type, deletion date) is kept in our deleted_accounts table for admin reference and returning-user detection

Your Rights Under UAE PDPL

Under the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing
  • Object to automated decision-making

You can exercise most of these rights directly from the Data & Privacy page in your account settings. Account deletion requires password confirmation and typing "DELETE" to proceed. There is a 30-day grace period during which your data is retained before permanent deletion.

If you have active consultations (pending, upcoming, or in dispute), account deletion is blocked until those are resolved.

Cookies

LEXAI uses essential cookies only. We use Supabase authentication session cookies to keep you logged in and manage your session securely.

We do not use advertising cookies, tracking cookies, or third-party marketing cookies.

Contact

For data privacy inquiries or to exercise your PDPL rights, contact us:

Email: support@lexaidxb.com Location: Dubai, United Arab Emirates

We will respond to all data requests within 30 days as required by UAE PDPL.

Questions?

If you have questions about this policy, contact us at support@lexai.ae