1. Introduction
LexIQ Ltd ("LexIQ", "we", "us", or "our") is committed to protecting the privacy and security of the personal data of everyone who uses our AI-powered legal education platform (the "Platform"). This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you access or use the Platform or otherwise interact with us.
This Privacy Policy has been prepared in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR). Where you access the Platform through an institutional subscription, your institution may also act as a data controller in respect of certain processing activities.
2. Data Controller and Contact Details
| Controller | LexIQ Ltd |
| [email protected] |
If you wish to exercise any of your data protection rights, or if you have a complaint about how we handle your personal data, please contact us at [email protected].
3. Personal Data We Collect
3.1 Data You Provide Directly
| Category | Examples | Purpose |
|---|---|---|
| Account Information | Name, email address, password (hashed) | Account creation, authentication, and communication |
| Payment Information | Billing address, payment card details (processed by Stripe; we do not store full card numbers) | Processing subscription payments |
| Learning Content | Essay submissions, quiz answers, practice responses, audio recordings for advocacy exercises | Providing AI-generated educational feedback |
| Communications | Emails, support requests, feedback submissions | Responding to your enquiries and improving our services |
3.2 Data We Collect Automatically
| Category | Examples | Purpose |
|---|---|---|
| Device & Browser Data | Device fingerprint, browser type, operating system, screen resolution | Account security, concurrent session management, fraud prevention |
| Usage Data | Features used, pages visited, interaction timestamps, quiz scores, essay grades | Service improvement, personalisation, analytics |
| AI Interaction Data | Prompts sent to AI, AI-generated responses, token usage metrics | Service delivery, quality monitoring, fair use enforcement |
| Cookies & Similar Technologies | Session cookies, preference cookies, analytics identifiers | Authentication, functionality, and analytics (see our Cookie Policy) |
4. How We Use Your Personal Data
| Purpose | Lawful Basis (UK GDPR) |
|---|---|
| Providing and maintaining the Platform | Performance of a contract (Article 6(1)(b)) |
| Processing subscription payments | Performance of a contract (Article 6(1)(b)) |
| Generating AI-powered educational feedback | Performance of a contract (Article 6(1)(b)) |
| Account security and fraud prevention | Legitimate interests (Article 6(1)(f)) |
| Service improvement and analytics | Legitimate interests (Article 6(1)(f)) |
| Fair use monitoring and enforcement | Legitimate interests (Article 6(1)(f)) |
| Responding to support requests | Legitimate interests (Article 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Article 6(1)(c)) |
| Marketing communications (if opted in) | Consent (Article 6(1)(a)) |
5. AI Processing and Your Data
When you use AI-powered features (essay marking, chat tutor, quiz generation, SQE practice), your input is sent to a third-party large language model (LLM) provider for processing. We want to be transparent about how this works:
- Your data is not used to train AI models. We use API-based access to LLM services, and your inputs are not retained by the model provider for training purposes.
- Processing is stateless. Each AI interaction is independent; the model does not retain memory of previous interactions beyond the current session context.
- We do not store raw AI prompts long-term. We retain AI-generated feedback (e.g., essay marks, quiz explanations) as part of your learning record, but the underlying prompts are not stored beyond the processing session.
- AI outputs are educational only. All AI-generated content is for educational and formative purposes. It does not constitute legal advice and should not be relied upon as such.
6. Data Sharing
We share your personal data only in the following circumstances:
| Recipient | Purpose | Safeguards |
|---|---|---|
| Stripe | Payment processing | PCI DSS Level 1 certified; DPA in place |
| LLM Provider | AI-powered educational features | API-based processing; no data retention for training; DPA in place |
| Cloud Infrastructure Provider | Hosting and data storage | SOC 2 Type II certified; data encrypted at rest and in transit |
| Your Institution (if applicable) | Aggregate usage reporting under institutional licence | Data Processing Agreement; only aggregate/anonymised data shared unless otherwise agreed |
We do not sell your personal data to third parties. We do not share your personal data for marketing purposes without your explicit consent.
7. International Data Transfers
Some of our service providers (including our LLM provider and cloud infrastructure) may process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, including the UK International Data Transfer Agreement (UK IDTA) or UK Addendum to the EU Standard Contractual Clauses, as required by Chapter V of the UK GDPR.
8. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data | Duration of account plus 12 months after deletion |
| Learning content (essays, quizzes, chats) | Duration of account; deleted upon account deletion request |
| Payment records | 7 years (HMRC requirements) |
| Device session data | 90 days from last activity |
| AI usage logs | 12 months |
| Analytics data | 26 months (aggregated) |
9. Your Rights
Under the UK GDPR, you have the following rights in relation to your personal data:
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your personal data ("right to be forgotten")
- Right to restriction of processing — request that we limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — where processing is based on consent, withdraw it at any time
To exercise any of these rights, please contact us at [email protected]. We will respond within one month of receiving your request, as required by the UK GDPR.
10. Cookies
We use cookies and similar technologies on the Platform. For full details of the cookies we use and how to manage your preferences, please see our Cookie Policy.
11. Children's Privacy
The Platform is designed for law students and legal professionals aged 18 and over. We do not knowingly collect personal data from children under 18. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated Policy on the Platform and, where appropriate, by email. The "Last updated" date at the top of this page indicates when the Policy was last revised.
13. Complaints
If you are not satisfied with our response to a data protection concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Telephone: 0303 123 1113
14. Contact Us
For any questions about this Privacy Policy or our data protection practices, please contact us at [email protected].