Privacy Policy

Last updated: 2026-05-17

Introduction

This Privacy Policy explains how Lexi ("we", "us", "lexiapp.space") collects, uses, stores, and discloses personal data when you use our website and services. We comply with major privacy laws including GDPR (EU), CCPA (California), and other applicable regulations. For questions, contact: legal@lexiapp.space.

Data We Collect

Account data: email address, username, display name, and email verification status. Passwords are stored as a hashed value.
Profile data: profile image URL, bio, and other profile fields the user provides.
Generated content and activity: rephraser inputs and outputs, activity logs, quiz/test attempts, and other usage metadata. Some content may be persisted and can be shared publicly if you opt in.
Authentication/session data: account and session records used by NextAuth. Cookies are used for sessions.
Technical and usage data: IP address, browser/user agent, device info, and logs.
Cookie and tracking data: see our Cookie Policy.

How We Use Your Data

To operate and improve the service
Authenticate users and manage accounts
Send transactional emails (verification, password reset, welcome)
Provide profile and sharing features
Security, fraud prevention, and abuse detection
Comply with legal obligations

When you mark content as public or create a share link, that content becomes accessible to anyone with the link.

Third-Party Processors

Database provider (PostgreSQL or managed host)
Email sending via a configured SMTP provider
Object storage (S3-compatible provider such as MinIO or AWS S3) for avatar and file uploads. Uploaded files may be returned as public URLs.
Other integrations (if enabled): analytics, social login, etc.

These processors may store and process personal data on our behalf. See their privacy policies for details.

International Transfers

Your data may be stored or processed in countries outside your own. We take steps to ensure appropriate safeguards are in place for international transfers, as required by GDPR and other laws.

Retention & Security

Data is retained as needed to provide the service, comply with legal obligations, and support security. We use technical and organizational measures to protect data. Passwords are hashed before storage. Do not upload sensitive personal information to content you intend to share publicly.

Your Rights (GDPR, CCPA, etc.)

Access: You can request a copy of your personal data.
Correction: You can request correction of inaccurate data.
Deletion: You can request deletion of your data ("right to be forgotten").
Portability: You can request export of your data in a portable format.
Opt-out: You can opt out of certain data uses (e.g., marketing, analytics).
Non-discrimination: We will not discriminate against you for exercising your rights.

To exercise these rights, contact legal@lexiapp.space. We may require verification of your identity before fulfilling requests.

Children's Privacy

Lexi does not knowingly collect personal information from children under the age required by law in your jurisdiction. If you believe a child has provided us with personal data, please contact us to request deletion.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of Lexi after changes means you accept the revised policy.

Contact

If you have any questions about this Privacy Policy or your rights, please contact us at legal@lexiapp.space.

Introduction

Data We Collect

Account data: email address, username, display name, and email verification status. Passwords are stored as a hashed value.

Profile data: profile image URL, bio, and other profile fields the user provides.

Generated content and activity: rephraser inputs and outputs, activity logs, quiz/test attempts, and other usage metadata. Some content may be persisted and can be shared publicly if you opt in.

Authentication/session data: account and session records used by NextAuth. Cookies are used for sessions.

Technical and usage data: IP address, browser/user agent, device info, and logs.

Cookie and tracking data: see our Cookie Policy.

How We Use Your Data

To operate and improve the service

Authenticate users and manage accounts

Send transactional emails (verification, password reset, welcome)

Provide profile and sharing features

Security, fraud prevention, and abuse detection

Comply with legal obligations

When you mark content as public or create a share link, that content becomes accessible to anyone with the link.

Third-Party Processors

Database provider (PostgreSQL or managed host)

Email sending via a configured SMTP provider

Object storage (S3-compatible provider such as MinIO or AWS S3) for avatar and file uploads. Uploaded files may be returned as public URLs.

Other integrations (if enabled): analytics, social login, etc.

These processors may store and process personal data on our behalf. See their privacy policies for details.

Your Rights (GDPR, CCPA, etc.)

Access: You can request a copy of your personal data.

Correction: You can request correction of inaccurate data.

Deletion: You can request deletion of your data ("right to be forgotten").

Portability: You can request export of your data in a portable format.

Opt-out: You can opt out of certain data uses (e.g., marketing, analytics).

Non-discrimination: We will not discriminate against you for exercising your rights.

To exercise these rights, contact legal@lexiapp.space. We may require verification of your identity before fulfilling requests.