Security & Data Protection
Enterprise-grade security for your legal documents
Your Security is Our Priority
At LexDraft, we understand that your legal documents contain sensitive information. We implement industry-leading security practices to protect your data at every step.
Encryption at Rest & in Transit
All your documents and personal information are encrypted using AES-256 encryption at rest. Data in transit is protected by TLS 1.2+ encryption over HTTPS connections.
Secure Cloud Processing
Document processing happens in isolated, secure cloud environments. Each processing session runs in a sandboxed container with no access to other users' data.
No Permanent Content Storage
We do not permanently store the content of your legal documents. Document text is processed and immediately discarded after generating suggestions and drafts.
Microsoft OAuth Authentication
LexDraft integrates seamlessly with Microsoft 365 using OAuth 2.0 authentication. We never have access to your Microsoft password and use only secure token-based authentication.
Regular Security Audits
We conduct regular third-party security audits and penetration testing to identify and address potential vulnerabilities. Our security practices are continuously reviewed and updated.
Compliance Standards
LexDraft maintains compliance with GDPR, CCPA, and other data protection regulations. We adhere to industry security standards and best practices.
Data Handling Practices
Collection
We only collect the minimum data necessary to provide LexDraft's services. This includes your Microsoft 365 account information, email address, and organization details for account management.
Processing
When you use LexDraft, document content is transmitted securely to our processing servers. The AI analysis happens immediately, and the document content is not stored permanently on our systems.
Storage
User account information and service logs are stored in encrypted databases with strict access controls. Document metadata (timestamps, document names) may be retained for service improvement, but not the content itself.
Sharing
We never share your personal data or document information with third parties without your explicit consent, except as required by law or to trusted service providers who have signed data protection agreements.
Retention
Account data is retained for the duration of your subscription. You can request deletion of your account and associated data at any time. Deleted data is securely wiped from all systems within 30 days.
Deletion
Upon account deletion, all user data is permanently removed from our primary systems. Backup copies are maintained for 30 days for disaster recovery, then securely destroyed.
Security FAQs
No. LexDraft processes document content in real-time and does not permanently store the text of your documents. After analysis and draft generation, the document content is immediately discarded from our processing systems. Only metadata and usage logs are retained for service improvement and troubleshooting.
LexDraft uses AES-256 encryption for data at rest and TLS 1.2+ encryption for data in transit. These are industry-standard encryption protocols used by financial institutions and government agencies.
LexDraft uses Microsoft OAuth 2.0 authentication, which means you log in through your Microsoft account. This approach is more secure than traditional password-based authentication because we never have access to your Microsoft password. OAuth tokens are securely managed and automatically refreshed.
Only you have access to your documents. LexDraft's AI processes your documents to provide suggestions and drafts, but the raw document content is not viewed by human employees. Access to systems that handle document processing is strictly controlled and logged.
Yes. LexDraft complies with GDPR, CCPA, and other applicable data protection regulations. We have a detailed Privacy Policy that explains how we handle your data. For specific compliance questions, contact our legal team at legal@lexdraft.ai.
LexDraft conducts regular third-party security audits and penetration testing at least annually, or more frequently if required by our compliance standards. We also perform continuous security monitoring and vulnerability assessments.
If you discover a security vulnerability, please report it responsibly to security@lexdraft.ai. We take all security concerns seriously and will investigate promptly. Please do not publicly disclose the vulnerability until we have had time to address it.
We can provide general information about our security practices. For enterprise customers who require detailed security audit reports or SOC 2 certifications, please contact our sales team at sales@lexdraft.ai to discuss your specific requirements.
Questions About Security?
If you have additional questions about LexDraft's security practices or data protection measures, please don't hesitate to reach out.