Privacy Policy
Effective Date: July 15, 2025
Eden Lex (“Company,” “we,” “us,” or “our”) operates the Eden Lex platform at edenlex.ai (the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our Service.
By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.
1. Information We Collect
1.1 Account Information
When you create an account, we collect information provided through our authentication provider, Clerk, including:
- Full name
- Email address
- Profile image (if provided via Google OAuth)
- Authentication identifiers
1.2 Documents and User Content
When you use the Service, you upload legal documents for analysis. We collect and store:
- The text content of uploaded documents
- Document metadata (file name, file type, upload date, file size)
- Analysis Output generated from your documents (reports, risk assessments, summaries)
- Analysis configuration (AI model selected, analysis type)
1.3 Payment Information
Subscription payments are processed by Stripe. We do not store your credit card number, CVV, or full bank account details. We receive from Stripe:
- Last four digits of your payment method
- Payment method type and expiration date
- Billing address
- Transaction history and subscription status
1.4 Usage Data
We automatically collect information about how you interact with the Service, including:
- Number of scans performed and AI models used
- Feature usage patterns
- Log data (IP address, browser type, device information, access times)
- Pages visited and actions taken within the Service
1.5 Cookies and Tracking Technologies
We use cookies and similar technologies to maintain your session, remember your preferences, and analyze usage patterns. Essential cookies are required for the Service to function. We do not use third-party advertising cookies. You may disable non-essential cookies through your browser settings, though this may affect Service functionality.
2. How We Use Your Information
We use the information we collect to:
- Provide the Service: Process and analyze your documents, generate reports, and maintain your scan history
- Manage your account: Authenticate your identity, process subscriptions, and manage billing
- Improve the Service: Analyze usage patterns to improve accuracy, features, and user experience
- Communicate with you: Send account notifications, service updates, billing receipts, and respond to inquiries
- Ensure security: Detect and prevent fraud, abuse, and unauthorized access
- Comply with legal obligations: Respond to legal requests, enforce our Terms, and protect our rights
3. AI Processing and Third-Party Data Sharing
3.1 AI Model Providers
When you submit a document for analysis, the text content of your document is transmitted to one or more of the following third-party AI model providers for processing:
- Google (Gemini) — Privacy Policy
- Anthropic (Claude) — Privacy Policy
- OpenAI (GPT) — Privacy Policy
- xAI (Grok) — Privacy Policy
We use these providers’ API services, which are generally governed by enterprise data processing terms that prohibit the use of customer data for model training. However, each provider’s data handling practices are governed by their own policies, and we encourage you to review them.
3.2 Other Third-Party Services
We also use the following service providers:
- Clerk — Authentication and user identity management. Clerk processes your name, email, and authentication credentials.
- Stripe — Payment processing. Stripe processes your billing and payment information in accordance with Stripe’s Privacy Policy.
- Neon — Cloud PostgreSQL database hosting. Your account data, documents, and analysis results are stored in Neon-hosted databases.
- Vercel — Frontend application hosting and content delivery.
3.3 When We Share Your Information
We do not sell your personal information. We share your information only:
- With the third-party service providers described above, as necessary to operate the Service;
- To comply with applicable law, regulation, legal process, or governmental request;
- To enforce our Terms of Service and protect our rights;
- In connection with a merger, acquisition, or sale of all or substantially all of our assets, with notice to you;
- With your explicit consent.
4. Data Retention and Deletion
We retain your information for as long as your account is active or as needed to provide the Service. Specifically:
- Account information: Retained for the duration of your account plus 30 days after account closure.
- Documents and Analysis Output: Retained for the duration of your subscription. You may delete individual scans at any time. All data is deleted within 30 days after account closure.
- Payment records: Retained as required by tax and financial recordkeeping laws (typically 7 years).
- Usage data and logs: Retained for up to 12 months for security and analytics purposes.
You may request deletion of your data at any time by contacting us. Upon receiving a verified deletion request, we will delete your data within 30 days, except where retention is required by law.
5. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Right to Access: Request a copy of the personal information we hold about you.
- Right to Correction: Request correction of inaccurate or incomplete personal information.
- Right to Deletion: Request deletion of your personal information, subject to certain exceptions.
- Right to Data Portability: Request a copy of your data in a structured, machine-readable format.
- Right to Opt-Out: Opt out of non-essential communications at any time.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
To exercise any of these rights, contact us at contact@edenlex.ai. We will respond to verified requests within 45 days.
6. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
6.1 Right to Know
You have the right to request that we disclose: the categories of personal information we collect; the purposes for which we use it; the categories of third parties with whom we share it; and the specific pieces of personal information we have collected about you.
6.2 Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions provided by law.
6.3 Right to Correct
You have the right to request correction of inaccurate personal information.
6.4 No Sale or Sharing
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
6.5 Categories of Personal Information Collected
| Category | Examples | Business Purpose |
|---|---|---|
| Identifiers | Name, email, account ID | Account management |
| Commercial Information | Subscription plan, payment history | Billing and service delivery |
| Internet Activity | Log data, usage patterns, IP address | Security, analytics, service improvement |
| Professional Information | Documents uploaded for analysis | Core service delivery |
To submit a CCPA request, email us at contact@edenlex.ai with the subject line “CCPA Request.” We will verify your identity before processing your request and respond within 45 days.
7. Data Security
We implement commercially reasonable technical and organizational security measures to protect your information, including:
- Encryption of data in transit using TLS 1.2 or higher
- Encryption of data at rest in our database systems
- Secure authentication through Clerk with support for Google OAuth
- Access controls limiting data access to authorized personnel
- Regular security monitoring and vulnerability assessments
- Use of enterprise-grade cloud infrastructure providers
While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. If you become aware of a security vulnerability, please contact us immediately.
8. Children’s Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at contact@edenlex.ai and we will promptly delete such information.
9. International Data Transfers
The Service is operated from the United States. If you are accessing the Service from outside the United States, your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions that may have different data protection laws than your country of residence.
10. Do Not Track Signals
Some browsers include a “Do Not Track” (DNT) feature. We do not currently respond to DNT signals. We do not track users across third-party websites and therefore do not engage in the type of tracking that DNT signals are designed to prevent.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service with a revised Effective Date and, for material changes, by sending notice to the email address associated with your account. Your continued use of the Service after the revised Effective Date constitutes acceptance of the updated Privacy Policy.
12. Contact Information
For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Eden Lex
Email: contact@edenlex.ai
Website: edenlex.ai
For CCPA requests, please use the subject line “CCPA Request” in your email.
See also our Terms of Service.