Privacy Policy

Effective date: 23 March 2026 · Last updated: 23 March 2026

Lexchk is operated by AI Asterion. We are committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) and all applicable South African data protection legislation.

1. Who We Are

Lexchk ("we", "us", "our") is a product of AI Asterion. We provide AI-powered legal document analysis tools via our website at lexchk.com and our mobile application (collectively, the "Service").

Information Officer: AI Asterion
Contact: legal@lexchk.com

2. Information We Collect

2.1 Account Information

When you create an account via Google or Microsoft sign-in, we receive and store:

  • Your name and email address (provided by your identity provider)
  • A unique account identifier

We do not receive or store your identity provider password.

2.2 Documents You Submit

When you submit a document for analysis, we process the text content to generate findings and risk assessments. Specifically:

  • Text content is sent to our AI analysis pipeline and may be processed by third-party AI providers (Anthropic) to generate analysis results
  • Analysis results (findings, risk scores, recommendations) are stored in our database and linked to your account
  • Uploaded files are temporarily stored during processing and deleted after analysis is complete

2.3 Payment Information

Payment processing is handled entirely by Stripe, Inc. We do not store, process, or have access to your full credit card number, CVV, or bank account details. We receive from Stripe:

  • Confirmation of payment status
  • Subscription status and billing period dates
  • A payment reference identifier

2.4 Usage Data

We collect limited technical data to operate the Service:

  • IP address (for rate limiting of free-tier usage)
  • Number of document checks performed
  • Timestamps of activity

We do not use tracking cookies, advertising pixels, or third-party analytics services.

3. How We Use Your Information

We process your personal information for the following purposes, each with a lawful basis under POPIA:

  • Providing the Service: Analysing documents you submit and delivering results (contractual necessity)
  • Account management: Maintaining your account, preferences, and check history (contractual necessity)
  • Payment processing: Processing subscriptions and one-time purchases via Stripe (contractual necessity)
  • Rate limiting: Preventing abuse of the free tier (legitimate interest)
  • Service improvement: Aggregated, anonymised usage patterns to improve analysis quality (legitimate interest)

4. Third-Party Processors

We share personal information with the following categories of third-party service providers, each bound by data processing agreements:

  • Anthropic (AI analysis): Document text is sent to Anthropic's Claude API to generate analysis results. Anthropic does not use your data to train its models when accessed via their API.
  • Stripe (payments): Payment card data is collected and processed directly by Stripe. See Stripe's Privacy Policy.
  • Keycloak / Identity Provider: Authentication is handled via Keycloak, which communicates with Google or Microsoft for single sign-on. We receive only the information listed in section 2.1.
  • Infrastructure providers: Our servers are hosted on infrastructure that may be located outside South Africa. We ensure appropriate safeguards are in place for any cross-border transfers as required by section 72 of POPIA.

5. Data Retention

  • Account data: Retained while your account is active and deleted upon account deletion request
  • Document analysis results: Retained until you delete them individually or delete your account
  • Uploaded files: Deleted immediately after processing is complete
  • Payment records: Retained as required by applicable tax and financial regulations (typically 5 years)
  • Rate limiting data: Automatically expired after 24 hours

6. Your Rights Under POPIA

As a data subject, you have the following rights:

  • Access: Request confirmation of what personal information we hold about you
  • Correction: Request correction of inaccurate personal information
  • Deletion: Request deletion of your personal information — you can delete your account and all associated data directly from the Account page in the app or website
  • Objection: Object to the processing of your personal information on reasonable grounds
  • Data portability: Request your data in a portable format
  • Complaint: Lodge a complaint with the Information Regulator of South Africa

To exercise any of these rights, contact us at legal@lexchk.com.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • All data transmitted via HTTPS/TLS encryption
  • Authentication via industry-standard OAuth 2.0 with PKCE
  • Payment data handled exclusively by PCI DSS-compliant Stripe
  • Database access restricted to authorised services only
  • Regular security reviews of our infrastructure

8. Children's Privacy

The Service is not directed at children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete it.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy.

10. Contact Us

For privacy-related enquiries, data subject access requests, or complaints:

Email: legal@lexchk.com
Operator: AI Asterion

You also have the right to lodge a complaint with the Information Regulator of South Africa at inforegulator.org.za.