Privacy Policy
Lexcore AI is committed to protecting your personal data. This policy explains what we collect, why we collect it, how we protect it, and what rights you have over it. We do not sell your data. We do not use your prompts for advertising.
Data We Collect
Account Data
| Data Type | What We Collect | Purpose |
|---|---|---|
| Identity | Email address, display name | Account creation & authentication |
| Credentials | Hashed password (never plaintext) | Secure login |
| Subscription | Plan type, billing cycle, Credit balance | Service delivery & billing |
| Payment Metadata | Transaction IDs, amounts, timestamps — no full card numbers | Billing records & dispute resolution |
Technical Data
| Data Type | Retention |
|---|---|
| IP addresses | 90–180 days |
| Device metadata (browser, OS) | 90–180 days |
| Usage logs (features accessed, generation count) | 90–180 days |
| Error and crash reports | 30 days |
AI Generation Data
We process your prompts to generate outputs. Prompts are processed in real-time and are not stored permanently unless you explicitly save them to your account. We do not use your prompts to train our models without your explicit consent.
How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Account authentication and access control | Contract performance |
| Processing payments and managing Credits | Contract performance |
| Delivering AI generation services | Contract performance |
| Detecting and preventing abuse and fraud | Legitimate interest |
| Providing customer support | Contract performance |
| Sending transactional emails (receipts, alerts) | Contract performance |
| Complying with legal obligations | Legal obligation |
| Improving Service stability and performance | Legitimate interest |
We will not use your data for any purpose not listed above without first obtaining your explicit consent.
Data Storage and Security
Infrastructure
Your data is stored on Amazon Web Services (AWS) infrastructure, hosted in regions selected for reliability and compliance with applicable data protection laws.
Encryption
| Layer | Standard |
|---|---|
| Data at rest | AES-256 encryption |
| Data in transit | TLS 1.3 |
| Passwords | bcrypt hashing — never stored in plaintext |
| Payment data | Tokenised by Razorpay/Stripe — full card numbers never stored by us |
Data Retention
| Data Category | Retention Period |
|---|---|
| Account information | Until account deletion + 30-day backup window |
| Billing records | 7 years (statutory requirement under Indian accounting law) |
| AI prompts (unsaved) | Processed in real-time; not retained |
| AI prompts (saved by user) | Until user deletes or account is closed |
| Technical logs (IP, usage) | 90–180 days |
| Support correspondence | 2 years from last interaction |
| Abuse and fraud records | Up to 5 years for legal protection |
Third-Party Data Sharing
We share data only with the following categories of recipients, under strict contractual obligations:
| Recipient | Data Shared | Reason |
|---|---|---|
| Razorpay / Stripe | Payment metadata | Payment processing |
| AWS | All stored data (encrypted) | Cloud infrastructure |
| Law enforcement | Legally required minimum | Court orders / legal obligation |
All third-party processors are contractually bound to use your data only for the specified purpose and to maintain equivalent security standards.
Your Rights — EU / EEA / UK (GDPR)
If you are in the European Union, European Economic Area, or United Kingdom, you have the following rights under the General Data Protection Regulation:
Request a copy of all personal data we hold about you
Correct inaccurate or incomplete personal data
Request deletion of your personal data ("right to be forgotten")
Receive your data in a structured, machine-readable format
Object to processing based on legitimate interests
Restrict processing while a dispute is pending
Withdraw consent at any time where processing is consent-based
File a complaint with your local data protection authority
To exercise any of these rights, email privacy@lexcoreai.com. We will respond within 30 days.
Your Rights — India (DPDP Act 2023)
Under India's Digital Personal Data Protection Act 2023, Indian users have the following rights:
Know what personal data we process and for what purpose
Correct inaccurate or outdated personal data
Request deletion of data no longer necessary for the stated purpose
File a complaint with our Grievance Officer — response within 24 hours
Nominate someone to exercise your rights in case of death or incapacity
Withdraw consent for processing; service continuity may be affected
Cookies and Tracking
| Cookie Type | Purpose | Can Opt Out? |
|---|---|---|
| Essential | Session management, authentication, CSRF protection | No — required for service |
| Functional | Remember preferences (theme, language) | Yes |
| Analytics | Aggregate usage statistics (no personal identification) | Yes |
| Marketing | Not used | N/A |
You can manage cookie preferences through your browser settings. Disabling essential cookies will impair Service functionality.
Children's Privacy
International Data Transfers
As a company incorporated in India using AWS cloud infrastructure, your data may be processed in servers located outside your country of residence. For transfers out of the EU/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.
For Indian users, all processing is conducted in compliance with DPDP Act 2023 requirements. Data transfers to third parties are governed by Data Processing Agreements that mandate equivalent protection standards.
Account Deletion
You may request account deletion at any time by contacting support@lexcoreai.com or through account settings.
| What happens | Timeline |
|---|---|
| Account deactivated and data deletion initiated | Immediately upon request |
| Personal data deleted from primary systems | Within 30 days |
| Backup copies purged | Within 90 days |
| Unused Credits forfeited | At deletion — no refund |
| Billing records retained | 7 years (legal requirement) |
Some anonymised, aggregated data may be retained indefinitely for statistical purposes — it cannot be linked back to you.
AI Prompts and Generated Content
Prompt Processing
Prompts you submit are processed in real-time to generate your requested output. Unless you explicitly save a prompt to your account history, it is not retained after generation completes.
Content Moderation
Automated systems may scan prompts and generated content to detect violations of our Prohibited Content policy. This scanning occurs in real-time and is a necessary security measure. Flagged content may be reviewed by trained staff.
Generated Content Ownership
To the maximum extent permitted by applicable law, Generated Content belongs to you. See our Terms of Service — Section 10 for full details on commercial use rights by Plan tier.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by posting a prominent notice on the Service at least 14 days before the changes take effect.
The "Last Updated" date at the top of this document reflects the most recent revision. Continued use of the Service after the effective date constitutes your acceptance of the updated Policy.
Contact and Grievance Redressal
Lexcore Enterprises Private Limited · Sherghati, Gaya, Bihar, India 824211 · www.lexcoreai.com