Privacy Policy

Last updated: March 2026

1. Information We Collect

When you use Lextract, we collect information you provide directly, including your email address when you create an account, lease documents you upload for processing, and payment information processed through Stripe.

2. How We Use Your Information

We use the information we collect to provide, maintain, and improve our services, process your lease extractions, send transactional emails, and comply with legal obligations.

3. Data Storage and Security

Lease documents are stored in private cloud object storage encrypted at rest (AES-256) and accessible only through time-limited pre-signed URLs. All data is transmitted over TLS 1.3. We do not share your lease data with third parties.

4. Data Retention

Uploaded lease documents and extraction results are retained for as long as your account is active. You may delete your extractions at any time from your dashboard. Upon account deletion, your data is removed within 30 days.

5. Third-Party Services

We use Stripe for payment processing, cloud infrastructure providers for document storage, and third-party AI providers for extraction. Each service has its own privacy policy governing data handling.

6. Cookies

We use session cookies for authentication and analytics cookies (PostHog) to improve our product. You may opt out of analytics tracking by contacting us.

7. Your Rights

You have the right to access, correct, or delete your personal data. To exercise these rights, contact us at privacy@lextract.io.

8. Contact

Questions about this policy? Email privacy@lextract.io.

Frequently Asked Questions

How long does Lextract store lease files?
Lease documents and extraction results are retained for as long as your account is active. You can delete individual extractions from your dashboard at any time. When you close your account, all associated data is removed within 30 days.
Is my lease data shared with third parties?
No. Lextract does not sell or share your lease documents with any third parties. Your files pass through third-party AI providers for processing and extraction, but they are not used to train models or shared beyond the processing pipeline. Each provider operates under its own data processing agreement.
What encryption does Lextract use?
All lease files are encrypted in transit using TLS 1.3 and encrypted at rest using AES-256 in private cloud object storage. Files are accessed only through time-limited pre-signed URLs — no file is ever publicly accessible.
Can I request deletion of my data?
Yes. You can delete individual extraction results from your dashboard immediately. To request full account deletion and erasure of all associated data, email privacy@lextract.io. Deletion is completed within 30 days of the request.
Is Lextract GDPR compliant?
Lextract is designed with GDPR principles in mind — including data minimization, right of access, right to erasure, and transparency about third-party processors. If you have specific compliance requirements or need a Data Processing Agreement, contact us at privacy@lextract.io.