Skip to content Skip to footer
Contact Us
Contact Us
Contact Us
Close

Lexa Shield

Privacy and Data Processing Policy

This Privacy and Data Processing Policy (the “Policy” or “PPD”) is directly related to the Lexa Shield Terms and Conditions of Use and applies to your use of the Lexa Shield platform.

At Elyon Labs LLC (“Elyon”), we value the security and confidentiality of your Data and adopt reasonable protective measures. However, no system can be considered 100% secure, and by using Lexa Shield, you acknowledge residual risks and release us from any claims in this regard.

If you have any questions, you have the right to send us a written request regarding which of your personal data we process or to request its deletion. Such requests, as well as requests for additional information, must be sent to privacy@lexashield.com. You also have the right to request that any personal data that is incorrect, incomplete, or misleading be rectified.

The contact channel privacy@lexashield.com will respond within 30 days.

1. WHAT DATA WE STORE AND HOW WE USE IT

The only personal data we store is the data voluntarily provided by you to create and manage your account: email address, company name, and access preferences. This information is used solely for authentication, customer identification, and account support.

Lexa Shield is not intended for use by minors under the age of 18, and we do not knowingly collect personal data from such individuals.

All files uploaded by you to the platform (contracts, internal documents, etc.) are automatically deleted within 24 hours after upload, without exception. Technical records and access logs may be retained for up to 12 months exclusively for security, fraud prevention, and audit purposes, and they do not contain the original uploaded content. These logs may include IP address, user agent, timestamps, and authentication information. Logs are subject to automated deletion at the end of the retention cycle.

Your data travels protected by secure protocols (HTTPS/TLS) and is stored in infrastructure with access controls and at-rest safeguards aligned with market best practices. These measures apply to uploaded files, generated reports, and technical records, with environment segregation and least-privilege controls. Lexa Shield reviews its controls periodically to ensure proportionality and effectiveness.

Certain data may be processed in aggregated and anonymized form for statistical purposes (e.g., internal reports, benchmarking newsletters, quarterly trend analyses). Such processing is done with irreversible anonymization, with no technical possibility of re-identification. If you are located in a European Union member country, you have the right to object to this processing by contacting us at the email above.

2. COOKIES

Lexa Shield uses cookies and similar technologies to support authentication, security, and user experience improvements. For details on what cookies are used, their purpose, and how you can manage your preferences, please refer to our Cookie Policy, which forms an integral part of this Privacy and Data Processing Policy.

3. WHAT HAPPENS AFTER TERMINATION OF THE AGREEMENT

After termination of the Agreement, Lexa Shield will retain service logs for 12 months. You may request deletion at any time through the contact channel above. The only data permanently stored are the final anonymized reports generated by the analysis (e.g., PDF, dashboard, or technical output), never the original uploaded files.

4. DATA LOCATION

All data is hosted exclusively in the United States of America. Elyon uses subprocessors to support Lexa Shield’s operation, always under data protection agreements. Where required by law, transfers outside the EU/EEA are governed by appropriate safeguards such as Standard Contractual Clauses. You may request a current list of subprocessors at any time.

In the event of a security incident, we will notify you as soon as possible with sufficient detail for appropriate measures to be taken. If you are in the EU/EEA, we will notify supervisory authorities and affected data subjects within the timelines required by applicable law. Elyon is not responsible for incidents caused by the Data Subject’s own fault.

5. SUBPROCESSORS

Lexa Shield relies on the following subprocessors:

    • Amazon AWS (US-East/Ohio, for hosting)

    • Stripe (for payments)

    • Auth0 (for authentication)

    • Resend (for email delivery)

Only basic information necessary to perform the Services is shared with these providers (e.g., username, email, organization name). No sensitive or financial data is shared beyond what is required for service execution. We will update this list from time to time and notify you of material changes, giving you the right to object where applicable

6. LEGAL FRAMEWORK

The Parties commit to comply with applicable personal data protection laws, including the European General Data Protection Regulation (EU GDPR 2016/6679) and the Brazilian General Data Protection Law (LGPD – Law 13.709/18).

For clarity, the terms “Personal Data,” “Data Subject,” “Data Controller,” and “Processing” have the meanings defined under the LGPD.

In particular, we commit to:

    • Process Personal Data lawfully, fairly, and transparently;

    • Collect Personal Data for specific, explicit, and legitimate purposes and not process it in ways incompatible with those purposes;

    • Ensure Personal Data is adequate, relevant, and limited to what is necessary;

    • Keep Personal Data accurate and up to date where required;

    • Retain Personal Data no longer than necessary for the purposes for which it was collected;

    • Secure Personal Data against unauthorized access, unlawful processing, and accidental loss or damage using appropriate measures, as set out in Articles 46–49 of the LGPD;

    • Respect the rights of the Data Subject, as set out in Articles 17–22 of the LGPD.

    • Where applicable under GDPR, you also have the right to data portability and the right to restrict processing.

7. FINAL PROVISIONS

This Privacy and Data Processing Policy forms an integral part of the Lexa Shield Terms and Conditions of Use. By accessing or using Lexa Shield, you acknowledge that you have read, understood, and agreed to this Policy.

Lexa Shield is operated by Elyon Labs LLC. For any requests, questions, or rights under this Policy, please contact us at privacy@lexashield.com

We reserve the right to update this Policy to reflect legal, regulatory, or technical changes. In the event of updates, we will notify you via the Lexa Shield platform or other appropriate means.

Effective Date: September 30th, 2025
Last Updated:September 30th, 2025

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.