Privacy policy.

Firm data. Cases, clients, documents, communications, ledger entries, and everything your firm enters or uploads. Stored in a Postgres database isolated by firm_id. Encrypted at rest and in transit.

Account data.Names, emails, roles, and last sign-in times of your firm's team members.

Usage telemetry.Page views, feature usage, and error reports, used to fix bugs and prioritize work. Never sold. Never tied to specific firm data without your firm's consent.

Billing data. Stripe handles cards directly; we receive only the customer ID and subscription status.

To deliver the product, support your firm, secure the platform, and handle billing. We do not use firm data to train AI models. AI features (chronology, lien negotiator, demand drafter) send relevant context to our AI sub-processor under an enterprise agreement that prohibits training on customer data and sets retention to response-delivery only.

We use the following sub-processors to run Lexboard:

• Supabase, database, auth, file storage. Hosted on AWS US-East.
• Vercel, application hosting, edge network, image optimization.
• Stripe, payments and subscription billing. PCI-compliant.
• Twilio, SMS delivery for client communications.
• AI sub-processor, disclosed by name on request, available in the firm-admin DPA addendum. Used only for AI features (chronology, lien negotiator, demand drafter, case analyzer).
• Resend, transactional email (account, billing, share notifications).
• Sentry, error reporting (no firm data in stack traces).

This list is updated when we add or remove a sub-processor. Material changes are emailed to firm admins 30 days in advance.

Lexboard's core inbox connects to a firm user's Gmail (via Google's Gmail API) or Microsoft 365 mailbox (via the Microsoft Graph API). This section spells out exactly what we access, why, how long we keep it, who we share it with, and how to revoke. It applies to both providers unless stated otherwise.

OAuth scopes we request. From Google, in a single consent grant when a firm connects Google Workspace: gmail.send, gmail.readonly, gmail.modify, userinfo.email, and userinfo.profile (the core inbox); calendar.events(two-way calendar sync of deadlines and appointments — we cannot see, edit, or delete your other calendars); and drive.file(store and retrieve only the case documents Lexboard creates or that you explicitly pick — we cannot see your other Drive files). Separately, and only if you choose to connect a Google Sheet as a lead source, we ask for spreadsheets.readonly at that time (incremental consent). From Microsoft: the equivalent Mail.Read, Mail.ReadWrite, Mail.Send, and User.Read. We do not request access to your Google Contacts, the ability to read files across your Drive, or any Google or Microsoft service beyond those listed here.

What we access. Email content (subject, body, attachments, headers) for every message the connected mailbox can see; label, folder, and category information; read/unread, starred, archived, and trashed state; drafts (full content, both directions); and the account profile (verified email address, display name, profile photo); your Google Calendar events (to sync deadlines and appointments two-way); the Google Drive files Lexboard creates or that you explicitly select; and the contents of any Google Sheet you connect as a lead source. We do not access: your Google Contacts, your other Drive files, passwords, or any other Google or Microsoft service.

Why we access it.

• Sync emails into Lexboard's unified inbox so attorneys see case-related correspondence in case context.
• Auto-route inbound mail to the right case via subject, sender, and header matching.
• Send case correspondence through the attorney's own Gmail / 365 mailbox so the message preserves thread continuity, the firm's professional email identity, and the firm's deliverability reputation.
• Mirror state both ways (read, star, archive, label, trash, draft) so the attorney's Gmail / Outlook stays consistent with their Lexboard view, no double-entry.
• Generate AI summaries or demand-letter content from the email body only when an attorney explicitly invokes an AI action on a specific message, and only if the firm admin has enabled AI features.

How long we retain it.While the mailbox is connected, synced data is retained according to the firm's configured retention policy (default: 7 years, the standard PI legal-hold window). When the mailbox is disconnected — by the user, a firm admin, or a Lexboard platform admin — every synced email, label, draft, and token is hard-deleted from the primary database within 30 seconds via cascade delete on the mailbox foreign key. Encrypted Supabase backups containing the data expire on the standard 7-day rolling schedule and are not individually restorable.

Who we share it with. No third party without explicit firm-admin opt-in. Specifically:

• AI sub-processor (Anthropic, US infrastructure) — only when the firm has enabled AI features and an attorney has invoked an AI action on a specific message. The email body is ephemeral to the inference call; neither Lexboard nor the AI sub-processor retains the content for training or any other downstream use, per our enterprise agreement. Firms can disable AI features in Settings, after which the AI sub-processor sees zero email data.
• Stripe — receives only firm billing details (customer ID, subscription status). Never email content.
• Supabase — the encrypted database that stores synced mail; see the sub-processor list above.
• Nobody else. We do not sell email data, share it for advertising, or use it to train AI models. This is consistent with Google's Limited Use requirements for Gmail API data.

Encryption.TLS 1.2+ in transit. AES-256 at rest in the Supabase database. OAuth refresh tokens are encrypted at rest with per-firm keys so a single token compromise cannot expose another firm's mailboxes.

Data residency. Primary storage is in US-East (AWS via Supabase). Enterprise tiers can request EU or Canada residency at contract time — email legal@lexboard.net.

How to revoke access.Any of these independently revokes Lexboard's Gmail / Microsoft 365 access and triggers a cascade delete of the synced data:

• Inside Lexboard: Settings → Integrations → Disconnect. Synced mail and tokens are deleted within 30 seconds.
• Inside Google: Google Account → Security → Third-party access → Remove Lexboard.
• Inside Microsoft: account.microsoft.com → Privacy → Apps and services → Remove Lexboard.
• Workspace / 365 admin: Admin Console → API controls → Manage third-party app access → Remove Lexboard. Revokes for the entire domain at once.
• Lexboard platform admin can force-disconnect any mailbox via /admin/platform/integrations in response to an escalation or security event.

Every revocation, whoever initiates it, is logged in our immutable platform_audit_log with actor, IP, and timestamp.

Compliance.

• Google API Services User Data Policy (Limited Use). Lexboard's use of Gmail API data complies with the Limited Use requirements: data is used only to provide and improve user-facing features, never sold, never used for advertising, never transferred except to the disclosed sub-processors above, and read by humans only with the firm's explicit consent for support, for security investigations, or to comply with law.
• SOC 2. Not yet certified. Gap analysis in progress; targeting Type 1 within 12 months of first paid customer. See /legal/security § 8.
• HIPAA. Medical-records correspondence routinely arrives via the Gmail / 365 integration in PI matters. Lexboard will sign a Business Associate Agreement when the firm's case mix implicates PHI — contact legal@lexboard.net.
• ABA Model Rule 1.6 (client confidentiality). Lexboard's privacy wall (a Postgres role separation enforced at the database level) denies platform admins read access to case content, including synced email bodies. Only the firm's own users and Lexboard's automated case-routing pipeline access email content.

Data export and deletion requests. Firm admins can self-serve a one-click export of all firm data, including synced mail, at /settings/data/export. For deletion or for individual-user export under GDPR / CCPA, email privacy@lexboard.net with subject “GDPR export” or “GDPR delete.” We respond within 30 days; exports are delivered within 60 days.

Updates to this section. Material changes to how Lexboard handles Gmail or Microsoft 365 data are emailed to firm admins at least 30 days before the change takes effect and surfaced as an in-app banner. The current policy version is tracked in platform_config.tos_version.

While your firm is a customer: data retained for as long as your firm wants it. Per-firm retention policies (medical records, intake leads, closed-case files) configurable from /admin.

On cancellation: we keep firm data for 30 days in case you change your mind, then permanent delete from primary storage. Backups expire on their own schedule (max 90 days from cancellation).

Right to delete on request: a firm admin can email privacy@lexboard.net and we'll delete sooner.

Export. Full firm export available from /admin/export as JSON + CSV. Includes documents, audit log, and ledger.

Correction.Edit anything you've entered, anytime.

Deletion. Delete cases, clients, documents from the app. Hard-delete on the audit log requires written request toprivacy@lexboard.net.

Access. Email privacy@lexboard.net for a copy of any personal information we hold about you. Response within 30 days.

Privacy questions: privacy@lexboard.net
Security incidents: security@lexboard.net
Anything else: hello@lexboard.net