Last Updated: 02 February 2026
This Privacy Policy explains how Lexcore Enterprises Private Limited ("Company", "we", "us", "our") collects, uses, stores, and protects personal data when you use Lexcore AI ("Service"). We are committed to privacy-by-design, data minimization, and regulatory compliance, including the General Data Protection Regulation (GDPR).
1. SCOPE OF THIS POLICY
This Privacy Policy applies to:
- Website usage and navigation
- AI generation services and features
- Subscriptions, credits, and billing operations
- APIs and platform integrations
By using the Service, you consent to the data practices described in this policy.
2. DATA CONTROLLER
Data Controller: Lexcore Enterprises Private Limited
Location: India
For GDPR purposes, the Company acts as the Data Controller for all personal data processing activities.
3. DATA WE COLLECT
3.1 Personal Information (Provided by You)
We may collect the following personal information when you create an account or use our services:
- Email address for account management and communications
- Account credentials (passwords are cryptographically hashed and never stored in plain text)
- Subscription and plan details for service delivery
- Payment confirmation metadata (excluding full card numbers or bank account details)
Important: We do not store complete credit/debit card numbers or bank account information on our servers. Payment processing is handled by certified third-party payment processors.
3.2 Usage & Technical Data (Automatically Collected)
We collect limited technical data for system security, performance optimization, and abuse prevention:
- IP addresses (stored temporarily for security and rate limiting purposes)
- Device and browser metadata (user agent, operating system)
- Generation timestamps and request logs
- Credit usage records and transaction history
- Model usage statistics and performance metrics
3.3 AI Prompts & Generated Outputs
- User prompts and generated outputs are processed solely to deliver the AI generation service
- Prompts are not used for advertising or marketing purposes
- Prompts are not sold, rented, or shared with third parties
Training Policy: We do not train public or third-party AI models on private user data unless explicitly stated and consented to by the user.
4. PURPOSE OF DATA PROCESSING
We process personal data only for the following legitimate business purposes:
- Account creation, authentication, and user identity management
- Credit management, billing, and subscription services
- AI generation execution and service delivery
- Abuse prevention, fraud detection, and rate limiting
- System monitoring, performance optimization, and security audits
- Customer support and technical assistance
We do not process data for: behavioral profiling, targeted advertising, or commercial resale to third parties.
5. LEGAL BASIS FOR PROCESSING GDPR
Under the General Data Protection Regulation (GDPR), we process personal data based on the following legal grounds:
- Contractual Necessity: Processing required to provide the Service and fulfill our contractual obligations
- Legitimate Interest: Security measures, fraud prevention, and business operations
- Legal Obligations: Compliance with tax laws, financial regulations, and legal requirements
- User Consent: Where explicitly required by law or requested by users
6. CREDIT SYSTEM & PRIVACY
Our credit-based pricing model is designed with privacy in mind:
- Prevents unnecessary data processing and storage
- Reduces direct financial transaction exposure
- Limits excessive logging and data retention
- Provides transparent usage tracking without invasive monitoring
Only the minimal data required to enforce fair credit usage and prevent abuse is stored.
7. DATA STORAGE & SECURITY
7.1 Data Storage Infrastructure
- Data is stored on secure, enterprise-grade cloud servers
- Cloud infrastructure providers may include Amazon Web Services (AWS S3, RDS, CloudWatch)
- Access is strictly controlled via Identity and Access Management (IAM) and role-based permissions
- Data centers comply with international security standards (ISO 27001, SOC 2)
7.2 Security Measures
We implement industry-standard security practices, including:
- Encryption: Data encrypted at rest (AES-256) and in transit (TLS 1.3)
- Access Logging: Comprehensive audit trails for all data access
- Least-Privilege Access: Employees and systems have access only to data necessary for their functions
- Automated Monitoring: Real-time threat detection and security alerts
- Regular Backups: Automated, encrypted backups with disaster recovery protocols
- Vulnerability Management: Regular security assessments and penetration testing
Disclaimer: While we implement comprehensive security measures following industry best practices, no system can guarantee 100% security. We continuously work to protect your data against unauthorized access, loss, or misuse.
8. DATA RETENTION
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law:
| Data Type |
Retention Period |
| Account Information |
Until account deletion or closure |
| Billing & Transaction Records |
As required by applicable tax and financial regulations (typically 7 years) |
| Usage Logs & Analytics |
Limited duration (typically 90-180 days) |
| AI Prompts & Outputs |
Short-term processing only, unless explicitly saved by user |
You may request deletion of your data as described in Section 12 below.
9. DATA SHARING & DISCLOSURE
We do not sell or rent personal data to third parties.
Personal data may be shared only in the following limited circumstances:
- Service Providers: Cloud infrastructure providers and technical service partners acting as data processors under strict contractual obligations
- Payment Processors: Certified payment gateways for transaction processing and confirmation
- Legal Requirements: When required by law, court order, or governmental authority
- Business Transfers: In the event of a merger, acquisition, or sale of assets (with notification to affected users)
All third-party processors are contractually bound to:
- Process data only as instructed by us
- Implement appropriate security measures
- Maintain confidentiality and data protection standards
- Comply with applicable data protection laws
10. INTERNATIONAL DATA TRANSFERS
Your data may be processed and stored in countries outside your country of residence, including countries that may have different data protection laws.
When data is transferred internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with all international service providers
- Compliance with applicable cross-border data transfer regulations
- Adequate security measures equivalent to those required in your jurisdiction
11. YOUR RIGHTS GDPR
If you are located in the European Union, European Economic Area, United Kingdom, or other jurisdictions with comprehensive data protection laws, you have the following rights:
- Right of Access: Request copies of your personal data
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restriction: Request limitation of processing in certain circumstances
- Right to Object: Object to processing based on legitimate interests
- Right to Data Portability: Receive your data in a structured, commonly used format
- Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
- Right to Lodge a Complaint: File a complaint with your local data protection authority
To exercise any of these rights, please contact us using the details provided in Section 16.
12. ACCOUNT DELETION
You have the right to request deletion of your account at any time. Upon account deletion:
- Personal data will be permanently removed or anonymized within a reasonable timeframe
- All unused credits will be forfeited and cannot be recovered
- Certain records may be retained for legal compliance purposes (tax, financial regulations, fraud prevention)
- Anonymized or aggregated data may be retained for statistical and analytical purposes
Account deletion requests are typically processed within 30 days. Some data may be retained in backup systems for up to 90 days before permanent deletion.
13. AUTOMATED DECISION-MAKING
Lexcore AI uses automated systems for operational purposes, including:
- Credit balance validation and transaction processing
- Usage limits and rate limiting enforcement
- Abuse detection and prevention mechanisms
- Service optimization and resource allocation
Important Clarifications:
- These automated systems do not produce legal or similarly significant effects on individuals
- They are designed exclusively for system safety, cost control, and fair resource allocation
- Decisions can be reviewed and overridden by human intervention when necessary
- You have the right to contest automated decisions that affect your use of the Service
14. CHILDREN'S PRIVACY
Lexcore AI is not intended for users under the age of 18.
- We do not knowingly collect personal data from minors
- If we become aware that a user is under 18, we will promptly delete their account and associated data
- Parents or guardians who believe their child has provided personal data should contact us immediately
If you are under 18 years of age, please do not use this Service or provide any personal information.
15. POLICY UPDATES
We reserve the right to update this Privacy Policy periodically to reflect:
- Changes in our data practices or services
- Updates to applicable laws and regulations
- Technological improvements and security enhancements
- User feedback and best practice developments
Notification of Changes:
- Material changes will be communicated via email or prominent notice within the Service
- The "Last Updated" date at the top of this policy will reflect the most recent changes
- Continued use of the Service after updates constitutes acceptance of the revised policy
- We encourage you to review this policy periodically
16. INDIA DPDPA 2023 COMPLIANCE
This section applies specifically to users in India under the Digital Personal Data Protection Act, 2023 (DPDPA 2023).
16.1 Your Rights Under DPDPA 2023
- Right to Information: Know what personal data we collect and how it is used
- Right to Correction: Request correction of inaccurate or incomplete personal data
- Right to Erasure: Request erasure of personal data that is no longer necessary
- Right to Nomination: Nominate a person to exercise rights on your behalf in case of death or incapacity
- Right to Grievance Redressal: File a complaint with our Grievance Officer or the Data Protection Board of India
16.2 Consent
We process your personal data only on the basis of free, specific, informed, unconditional, and unambiguous consent as required under DPDPA 2023. You may withdraw consent at any time by contacting us at privacy@lexcoreai.com. Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.
16.3 Grievance Officer (India)
As required under the Information Technology Act, 2000 and DPDPA 2023, we have appointed a Grievance Officer for India:
Grievance Officer: Raj Sharma
Company: Lexcore Enterprises Private Limited
Email: grievance@lexcoreai.com
Response Time: Grievances will be acknowledged within 24 hours and resolved within 15 days of receipt, as required by law.
16.4 Data Protection Board of India
If your grievance is not resolved satisfactorily, you have the right to approach the Data Protection Board of India once constituted under DPDPA 2023. Until the Board is constituted, complaints may be addressed to the Ministry of Electronics and Information Technology (MeitY).
🔐 CORE PRIVACY PRINCIPLE
Your data is used only to run the Service — not to exploit, profile, or resell you.
We believe in transparent, ethical data practices that respect your privacy and put you in control of your information.
18. ADDITIONAL INFORMATION
17.1 Cookies and Tracking Technologies
We may use essential cookies and similar technologies to:
- Maintain your session and authentication state
- Remember your preferences and settings
- Analyze Service performance and usage patterns
You can control cookie preferences through your browser settings. Disabling certain cookies may affect Service functionality.
17.2 Third-Party Links
Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing personal information.
17.3 Data Breach Notification
In the event of a data breach that may affect your personal data:
- We will notify affected users without undue delay
- Notifications will be sent to the email address associated with your account
- We will report breaches to relevant supervisory authorities as required by law
- We will take immediate steps to mitigate harm and prevent future incidents