Privacy Policy

LexBridge is a Software-as-a-Service (SaaS) platform designed for law firms and legal professionals operating in the Gulf Cooperation Council (GCC) region. Our registered office is in the UAE. If you have privacy questions, contact our Data Protection Officer at privacy@lexbridge.io.

We collect the following categories of personal data:

3. Legal Basis for Processing

• → Contract performance: to provide the LexBridge platform under our subscription agreement.
• → Legitimate interests: security monitoring, fraud prevention, and platform improvement.
• → Legal obligation: where required by UAE law, DIFC, or other applicable regulations.
• → Consent: for marketing communications and optional cookies (where required).

4. How We Use Your Data

We use personal data to:

• Provide, maintain, and improve the LexBridge platform
• Authenticate users and secure your account
• Process payments and manage subscriptions
• Send service notifications, invoices, and product updates
• Respond to support requests
• Comply with legal and regulatory obligations
• Conduct security audits and investigate breaches

5. Data Sharing & Sub-Processors

We do not sell your personal data. We may share it with:

• Cloud infrastructure providers (AWS — Middle East region, me-south-1) — hosting and storage under Data Processing Agreements
• Payment processors — for subscription billing, under PCI-DSS compliance
• Email service providers — for transactional emails only
• Legal authorities — when required by UAE law or court order
• Anthropic PBC (United States) — solely when you explicitly activate the optional AI Advisor feature and provide informed consent. Anthropic processes queries via their API under Standard Contractual Clauses. No case files, client identity documents, or KYC data are transmitted; only the text you type into the AI chat window. You may revoke consent at any time by contacting your system administrator.

All third-party processors are bound by data processing agreements and may not use your data for any purpose other than service delivery.

6. Data Retention

We retain account and matter data for the duration of your subscription plus 7 years to comply with UAE commercial record-keeping requirements. After this period, data is securely deleted or anonymised. You may request earlier deletion subject to our legal obligations.

7. Your Rights

Depending on your jurisdiction, you have the right to:

To exercise any right, email privacy@lexbridge.io. We will respond within 30 days.

8. Security

We implement encryption at rest and in transit (TLS 1.2+), role-based access control, two-factor authentication, and regular security assessments. See our Security page for full details.

9. International Data Transfers

Data is primarily stored in AWS Middle East (UAE) region. Where data is transferred outside the UAE or DIFC, we use Standard Contractual Clauses or ensure the receiving jurisdiction offers adequate data protection.

10. Cookies

We use essential session cookies required for platform operation. We do not use third-party advertising cookies. Analytics cookies (if used) are anonymised and you may opt out via your browser settings.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or an in-app notice at least 14 days before the change takes effect. Continued use constitutes acceptance.

12. Contact