Privacy Policy
Hey, Lexxi LLC ("Hey, Lexxi")
Effective Date: June 28, 2026
This Privacy Policy explains how Hey, Lexxi LLC (“Hey, Lexxi,” “we,” “us,” or “our”) collects, uses, and discloses personal information in connection with our websites, applications, and services (the “Services”). It is incorporated into and supplements our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms of Service.
1. Two Roles: Information We Process for Law Firms vs. Information We Collect Directly
Information processed on behalf of law firms (Subscriber Data). When a law firm or other Subscriber uses the Services, it submits case materials that may contain personal information about its clients, claimants, patients, witnesses, and other individuals. We process that Subscriber Data only on the Subscriber’s behalf and under its instructions, as a “service provider” under California law. The Subscriber — not Hey, Lexxi — is the party responsible for that information as the “business” (or controller), including for the notices, consents, and authorizations required to collect it and provide it to us. This Privacy Policy does not govern a Subscriber’s own privacy practices; individuals with questions about a law firm’s handling of their information should contact that firm.
Information we collect directly. We act as a “business” with respect to the information we collect directly from Subscribers and website visitors to operate our business — for example, account, contact, billing, and usage information. The rest of this Policy describes that information.
2. Information We Collect
We collect the following information:
• Account and contact information — name, business email, firm name, role, and credentials you provide when you register or communicate with us.
• Billing information — subscription tier and transaction history. Payment-card details are collected and processed by our third-party payment processor; we do not store full card numbers.
• Usage, device, and log information — IP address, browser and device identifiers, pages and features accessed, and dates/times of access, collected through cookies and similar technologies to operate, secure, and improve the Services.
• Communications — the contents of messages, support requests, and feedback you send us.
• Subscriber Data — case materials submitted by Subscribers, which we process only on their behalf as described in Section 1.
3. How We Use Information
We use information we collect directly to: provide, maintain, secure, and improve the Services; create accounts and process payments; respond to inquiries and provide support; monitor for and prevent fraud, abuse, and security incidents; comply with legal obligations; and send service-related and, where permitted, marketing communications (which you may opt out of). We process Subscriber Data only to provide the Services and as permitted by the Terms of Service, the applicable DPA or BAA, and law. We may create de-identified and aggregated data that does not identify any individual to operate and improve the Services.
4. How We Disclose Information
We disclose information in the following circumstances:
• Subprocessors and service providers — cloud-hosting, payment, analytics, and artificial-intelligence providers that process information on our behalf under contractual data-protection and security obligations.
• Legal and safety — when required by law, subpoena, or legal process, or to protect the rights, property, or safety of Hey, Lexxi, our users, or others.
• Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality.
• With your direction or consent — as you otherwise authorize.
No sale or sharing. Hey, Lexxi does not sell personal information, and does not “share” it for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA.
5. The Law Firm’s Responsibilities
Subscribers are responsible for their own compliance with all privacy, data-protection, medical-records, and professional-responsibility laws that apply to them, and for conducting their own due diligence. Subscribers must obtain all consents and authorizations needed to provide Subscriber Data to Hey, Lexxi, must maintain their own appropriate security measures, and must notify Hey, Lexxi in writing as soon as reasonably possible if they require any agreement or accommodation (such as a BAA or DPA) or become aware of any issue, error, or potential non-compliance that Hey, Lexxi should reasonably know about. Hey, Lexxi is not responsible for any arrangement between a Subscriber and the Subscriber’s own clients or other third parties, including employers, insurance carriers, third-party administrators (TPAs), insurance groups, or insurance administrators.
6. California Privacy Rights (CCPA/CPRA)
This section applies to California residents’ personal information that we process as a “business” (our direct relationships with Subscribers and website visitors), and provides our notice at collection. In the prior 12 months we have collected the categories of personal information described in Section 2 — identifiers, customer-records and commercial information, internet/network activity, and professional information — for the business purposes described in Section 3. We disclosed these categories to the recipients described in Section 4 for business purposes. We do not sell or share personal information and do not knowingly collect the personal information of minors.
Subject to verification and legal exceptions, California residents have the right to: know and access the personal information we have collected; request correction of inaccurate information; request deletion of their personal information; opt out of any sale or sharing (which we do not do); limit the use of sensitive personal information; and not receive discriminatory treatment for exercising these rights.
To exercise a right, contact us at legal@heylexxi.com. We will verify your request and may ask for information to confirm your identity. You may use an authorized agent to submit a request on your behalf. If your personal information appears in Subscriber Data, we will refer your request to the relevant law firm (the “business”) or act on its instructions, because that firm — not Hey, Lexxi — controls how that information is used.
7. Medical Information (CMIA)
Where Subscriber Data contains medical information subject to the California Confidentiality of Medical Information Act (“CMIA”), we maintain the confidentiality of that information and use or disclose it only as permitted by the Subscriber’s instructions, the applicable agreement, and law. Subscribers are responsible for ensuring they have the authority and any required authorizations to provide medical information to Hey, Lexxi.
8. Security
We maintain administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit and at rest, access controls, and monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. Hey, Lexxi does not currently hold a SOC 2 or other third-party security certification and makes no such representation. Subscribers are responsible for maintaining the security of their own systems and credentials.
9. Data Retention
We retain personal information for as long as needed to provide the Services, maintain your account, comply with our legal obligations, resolve disputes, and enforce our agreements. We retain and delete Subscriber Data as described in the Terms of Service and any applicable DPA or BAA. We delete or de-identify information when it is no longer needed for these purposes, except for copies in routine backups, which are deleted on their ordinary cycle.
10. Children’s Privacy
The Services are intended for legal professionals and are not directed to children. We do not knowingly collect personal information directly from children. Any information about minors that appears within Subscriber Data is submitted and controlled by the Subscriber, which is responsible for the lawful basis for providing it.
11. Cookies, Analytics, and Third-Party Links
We use cookies and similar technologies to operate and analyze the Services. You can control cookies through your browser settings, though some features may not function without them. The Services may link to third-party sites and services that we do not control and whose privacy practices are governed by their own policies.
12. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will provide reasonable notice by updating the effective date and, where appropriate, by email or in-product notice. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.
13. Contact Us
Questions about this Privacy Policy, or requests regarding your personal information, should be directed to Hey, Lexxi LLC at legal@heylexxi.com.