Terms of Service

Hey, Lexxi LLC ("Hey, Lexxi")

Effective Date: June 28, 2026

These Terms of Service (“Terms”) govern access to and use of the Hey, Lexxi platform, websites, applications, and related services (collectively, the “Services”) provided by Hey, Lexxi LLC (“Hey, Lexxi,” “we,” “us,” or “our”). By creating an account, clicking “I agree,” or accessing or using the Services, you and the law firm or other organization on whose behalf you act (collectively, “Subscriber,” “you,” or “your”) agree to be bound by these Terms.

If you do not agree to these Terms, you may not access or use the Services. If you are entering into these Terms on behalf of a law firm or other entity, you represent that you have authority to bind that entity.

1. The Services; Eligibility

Hey, Lexxi provides a software platform that assists legal professionals in generating, organizing, and managing case-related work product, including independent file reviews and related reports (each, an “IFR”), based on case materials that Subscriber submits to the Services (“Subscriber Data”).

The Services are intended solely for use by licensed attorneys, law firms, and their authorized personnel in the course of their professional practice. By using the Services, you represent that you are at least 18 years old, are accessing the Services for business and professional purposes, and are authorized to submit the Subscriber Data you provide.

No legal advice. The Services are a productivity and document-generation tool. Hey, Lexxi is not a law firm, does not practice law, and does not provide legal advice. Output generated by the Services, including any IFR, does not constitute legal advice and is not a substitute for the independent professional judgment of a licensed attorney. Subscriber is solely responsible for reviewing, verifying, and exercising professional judgment over all output before relying on it or using it with clients, courts, or third parties.

2. Accounts, Subscriptions, and Billing

Access to the Services requires an account and an active subscription. You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. You must notify us promptly at the contact below of any unauthorized use.

Subscriptions are offered in tiers, each with a designated monthly allotment of IFRs and a corresponding fee. Subscriptions renew automatically for successive periods unless cancelled in accordance with these Terms. Fees are billed through our third-party payment processor, and you authorize us and our processor to charge your designated payment method.

Usage allotments and overages. Each tier includes a soft monthly IFR allotment. We may permit usage beyond your allotment and bill the excess as additional IFRs, one-time top-up charges, or an automatic upgrade to a higher tier, as described at the point of purchase. Except as required by law or expressly stated, fees are non-refundable.

We may change pricing or tier features on prospective notice. Continued use after a change takes effect constitutes acceptance of the new pricing.

3. Subscriber Responsibilities and Acceptable Use

Because the Services process sensitive case materials, Subscriber bears important responsibilities. Subscriber agrees that it will, at its own expense:

•       Maintain legal authority for all data it submits — obtain and maintain all rights, consents, authorizations, and lawful bases necessary for Hey, Lexxi to receive and process the Subscriber Data, including any personal, medical, or other protected information of the Subscriber’s clients, patients, or third parties;

•       Comply with its own legal and ethical obligations — including the rules of professional conduct, attorney-client privilege and confidentiality obligations, and all privacy and data-protection laws applicable to the Subscriber;

•       Minimize unnecessary sensitive data — refrain from submitting protected health information, government identifiers, financial account numbers, or other sensitive data that is not reasonably necessary for the requested IFR;

•       Safeguard credentials and access — restrict account access to authorized personnel and promptly deactivate access for those who no longer need it;

•       Maintain its own security — implement and maintain its own appropriate administrative, technical, and physical security measures to protect the Subscriber’s systems, devices, networks, accounts, and any output the Subscriber downloads, stores, or transmits outside the Services. The security of the Subscriber’s own environment is solely the Subscriber’s responsibility;

•       Conduct its own due diligence and ensure its own compliance — independently determine, through its own due diligence, whether the Services meet the Subscriber’s legal, regulatory, ethical, and professional-responsibility obligations in every jurisdiction in which the Subscriber operates. The Subscriber, and not Hey, Lexxi, is responsible for the Subscriber’s own compliance with all applicable laws, rules, and professional obligations; and

•       Notify us promptly — inform Hey, Lexxi as soon as reasonably possible if the Subscriber requires any agreement, documentation, configuration, or other accommodation (such as a BAA or DPA) for its compliance, and notify Hey, Lexxi in writing right away upon becoming aware of any issue, error, security concern, suspected unauthorized access, or potential non-compliance that Hey, Lexxi should reasonably know about.

Subscriber will not, and will not permit any third party to: (a) use the Services in violation of any law or third-party right; (b) upload malicious code or attempt to gain unauthorized access to the Services or other accounts; (c) reverse engineer, scrape, or build a competing product from the Services; (d) resell or provide the Services to third parties except to the Subscriber’s own clients in the ordinary course of the Subscriber’s legal practice; or (e) use the Services to harass, defraud, or harm others.

3.1 No Responsibility for Third-Party Arrangements

Hey, Lexxi is not a party to, and is not responsible or liable for, any agreement, contract, retainer, policy, or understanding between the Subscriber and the Subscriber’s own clients or any other third party, including employers, insurance carriers, third-party administrators (TPAs), insurance groups, insurance administrators, claims administrators, or similar parties. The Subscriber is solely responsible for its relationships, obligations, and communications with such parties, including any representations the Subscriber makes to them and any work product the Subscriber delivers to them based on output of the Services.

3.2 Subscriber’s Independent Review of Output

Although Hey, Lexxi aims for accuracy, it does not guarantee that any IFR or other output is accurate, complete, or fit for any particular purpose. It is ultimately the Subscriber’s responsibility to check, verify, proofread, and edit all output before relying on it or providing any information based on it to the Subscriber’s own clients or any third party. Output of the Services does not replace an attorney’s expertise, strategy, judgment, or advice to the attorney’s own clients, and Hey, Lexxi expects that a licensed attorney will review, proofread, and edit any output before it is used to produce a deliverable for the Subscriber’s own clients.

4. Subscriber Data; Ownership and License

As between the parties, Subscriber owns all right, title, and interest in Subscriber Data and the IFRs generated from it. Subscriber grants Hey, Lexxi a limited, non-exclusive, worldwide, royalty-free license to host, copy, transmit, process, and display Subscriber Data solely as necessary to provide, maintain, secure, and improve the Services and to comply with law.

Use for model training. Hey, Lexxi will not use the contents of Subscriber Data to train generally available machine-learning models for the benefit of other customers without Subscriber’s prior consent. Hey, Lexxi may use aggregated and de-identified data that does not identify Subscriber or any individual to operate, analyze, and improve the Services.

5. Privacy and Data Protection

Hey, Lexxi’s collection and use of personal information is described in our Privacy Policy, which is incorporated into these Terms. To the extent of any conflict between these Terms and a separately executed Data Processing Agreement or Business Associate Agreement, that separately executed agreement controls with respect to its subject matter.

5.1 HIPAA and Business Associate Agreements

Hey, Lexxi is a technology vendor and is not itself a covered entity under the Health Insurance Portability and Accountability Act (“HIPAA”). Whether Hey, Lexxi acts as a “business associate” depends entirely on the Subscriber’s role and the matter at issue — for example, certain workers’ compensation records and certain litigation contexts fall outside HIPAA, while other engagements may bring a Subscriber’s use of the Services within HIPAA’s scope.

Case-by-case BAA availability. If a Subscriber determines that a Business Associate Agreement (“BAA”) is required for its particular practice or a specific matter, the Subscriber may request one by contacting Hey, Lexxi at legal@heylexxi.com. Hey, Lexxi will evaluate each request on a case-by-case basis and, where appropriate, will enter into a mutually acceptable BAA before the Subscriber submits protected health information for which a BAA is required. Absent a fully executed BAA, Subscriber agrees not to submit protected health information to the Services in any context that would require Hey, Lexxi to act as a business associate under HIPAA.

5.2 Data Processing Agreements

Where Subscriber shares personally identifiable information with Hey, Lexxi, applicable data-protection laws may require a Data Processing Agreement (“DPA”) governing Hey, Lexxi’s processing of that information on the Subscriber’s behalf. Hey, Lexxi makes a master DPA available to Subscribers on request at legal@heylexxi.com. Once executed, the DPA forms part of these Terms.

5.3 California Privacy Laws

Hey, Lexxi is based in California and structures its initial privacy-compliance program around California law. With respect to personal information that Hey, Lexxi processes on a Subscriber’s behalf:

•       CCPA/CPRA. Under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA/CPRA”), Hey, Lexxi generally acts as a “service provider” that processes personal information only to perform the Services and pursuant to the DPA. Hey, Lexxi does not “sell” or “share” Subscriber Data as those terms are defined under the CCPA/CPRA, and does not retain, use, or disclose Subscriber Data outside the direct business relationship or for any purpose other than providing the Services, except as permitted by law.

•       CMIA. To the extent the California Confidentiality of Medical Information Act (“CMIA”) applies to medical information contained in Subscriber Data, Hey, Lexxi maintains the confidentiality of that information consistent with the CMIA and will not use or disclose it except as permitted by the Subscriber’s instructions, the applicable agreement, or law.

Hey, Lexxi actively tracks developments in California privacy law and intends to expand its compliance program to additional states as its presence in those jurisdictions grows. Subscriber remains responsible for its own obligations under the privacy and medical-records laws of every jurisdiction in which the Subscriber operates.

6. Security

Hey, Lexxi maintains a written information security program with administrative, technical, and physical safeguards designed to protect Subscriber Data against unauthorized access, use, alteration, or destruction, appropriate to the nature of the data and the risks involved. These measures include:

•       encryption of Subscriber Data in transit and at rest using industry-standard protocols;

•       role-based access controls, authentication requirements, and the principle of least privilege for personnel access;

•       logical separation of customer data and environment hardening;

•       logging and monitoring designed to detect and respond to security events; and

•       vendor diligence and contractual security commitments from subprocessors that handle Subscriber Data.

Compliance status. Hey, Lexxi is a startup and continues to mature its security program. Hey, Lexxi does not currently represent that it holds SOC 2 or any other third-party security certification or attestation. Nothing in these Terms should be read as a representation that Hey, Lexxi holds any such certification. Hey, Lexxi will describe its then-current security posture to Subscribers on reasonable request under appropriate confidentiality terms.

Security incident notification. If Hey, Lexxi becomes aware of a confirmed breach of security leading to the unauthorized access to or disclosure of Subscriber Data in Hey, Lexxi’s possession, Hey, Lexxi will notify the affected Subscriber without undue delay and consistent with applicable law and any executed BAA or DPA, and will take reasonable steps to investigate and mitigate the incident. Subscriber is responsible for any notifications it is required to make to its own clients, regulators, or affected individuals.

7. Confidentiality

Each party may receive confidential information of the other. The receiving party will use the disclosing party’s confidential information only to perform under these Terms and will protect it using at least reasonable care. Subscriber Data is the confidential information of Subscriber. These obligations do not apply to information that is or becomes public through no fault of the receiving party, was lawfully known without obligation of confidence, or is independently developed, and do not prevent disclosure required by law (with notice where permitted).

8. Third-Party Services and Subprocessors

The Services rely on third-party infrastructure, payment, and artificial-intelligence providers (“Subprocessors”) to function. Hey, Lexxi remains responsible for its Subprocessors’ processing of Subscriber Data to the extent required by the applicable agreement and law, and imposes data-protection and security obligations on Subprocessors that are no less protective than those in these Terms. A current list of Subprocessors is available on request at legal@heylexxi.com.

9. Disclaimers

The Services are provided “AS IS” and “AS AVAILABLE.” To the fullest extent permitted by law, Hey, Lexxi disclaims all warranties, whether express, implied, or statutory, including the implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement.

AI and accuracy. Output generated by the Services may rely on automated and artificial-intelligence processing and can contain errors, omissions, or inaccuracies. Hey, Lexxi does not warrant that any IFR or other output is accurate, complete, current, or fit for any particular legal use. Subscriber must independently review and verify all output before relying on it. Hey, Lexxi does not warrant that the Services will be uninterrupted, secure, or error-free.

10. Limitation of Liability

To the fullest extent permitted by law, neither party will be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, revenue, data, or goodwill, arising out of or related to the Services or these Terms, even if advised of the possibility of such damages. Hey, Lexxi’s total aggregate liability arising out of or related to these Terms will not exceed the amounts paid by Subscriber to Hey, Lexxi for the Services during the twelve (12) months immediately preceding the event giving rise to the claim. These limitations do not apply to liability that cannot be limited under applicable law.

11. Indemnification

Subscriber will defend, indemnify, and hold harmless Hey, Lexxi and its officers, employees, and agents from and against any third-party claims, losses, and expenses (including reasonable attorneys’ fees) arising out of or related to: (a) Subscriber Data, including Hey, Lexxi’s authorized processing of it; (b) Subscriber’s failure to obtain required consents or authorizations; (c) Subscriber’s violation of law, professional-responsibility rules, or these Terms; or (d) Subscriber’s use of any output of the Services. Hey, Lexxi will defend and indemnify Subscriber against third-party claims that the Services, as provided and used in accordance with these Terms, infringe such third party’s intellectual-property rights.

12. Term, Termination, and Data Return

These Terms remain in effect while Subscriber uses the Services or maintains an account. Either party may terminate for material breach that remains uncured 30 days after written notice. Subscriber may cancel its subscription at any time, effective at the end of the then-current billing period. We may suspend or terminate access immediately for non-payment, for conduct that risks harm to the Services or others, or as required by law.

Data export and deletion. Upon termination, Subscriber may request export of its Subscriber Data within 30 days. After that period, or earlier on Subscriber’s written request, Hey, Lexxi will delete or de-identify Subscriber Data in its possession, except for copies retained in routine backups (which are deleted on their ordinary cycle) or as required by law. Provisions that by their nature should survive termination will survive.

13. Changes to the Services or Terms

Hey, Lexxi may modify the Services or these Terms from time to time. For material changes, Hey, Lexxi will provide reasonable advance notice by email or in-product notice. Changes take effect on the stated effective date, and continued use after that date constitutes acceptance. If Subscriber objects to a material change, Subscriber’s exclusive remedy is to stop using the Services and cancel.

14. Governing Law and Dispute Resolution

These Terms are governed by the laws of the State of California, without regard to its conflict-of-laws rules. Subject to the arbitration provision below, the parties consent to the exclusive jurisdiction of the state and federal courts located in Riverside County, California.

Informal resolution; arbitration. The parties will first attempt in good faith to resolve any dispute informally by contacting legal@heylexxi.com. Any dispute not resolved within 60 days may, at either party’s election, be resolved by binding arbitration administered by JAMS under its applicable rules, seated in Riverside County, California. Each party waives any right to a jury trial and to participate in a class action, to the extent permitted by law. Either party may seek injunctive relief in court for misuse of intellectual property or confidential information.

15. General

These Terms, together with any executed BAA, DPA, order form, and the Privacy Policy, are the entire agreement between the parties regarding the Services and supersede prior agreements on that subject. If any provision is held unenforceable, the remaining provisions remain in effect. Failure to enforce a provision is not a waiver. Subscriber may not assign these Terms without our consent; we may assign to an affiliate or in connection with a merger or sale of assets. Neither party is liable for delays caused by events beyond its reasonable control. The parties are independent contractors.

16. Contact

Questions about these Terms, or requests regarding a BAA, DPA, privacy, security, or legal notices, should be directed to Hey, Lexxi LLC at legal@heylexxi.com.