Lexboard
Sign inGet started

Legal

Privacy policy.

Last updated: May 2026. Plain-English summary first, formal terms below.

Lexboard is a software tool law firms use to manage their cases. The data your firm puts into Lexboard belongs to your firm. We process it on your behalf, we don't sell it, share it, or train AI models on it.

Your firm's admin controls who at the firm sees what. Lexboard employees only access firm data when (a) you explicitly ask us to for support, or (b) we're responding to a security incident, and every such access is logged.

We use third parties to run the platform, Supabase for the database, Vercel for hosting, Stripe for payments, Twilio for SMS, an AI sub-processor for the AI features. The full list is below and kept current.

1

1. What we collect

Firm data. Cases, clients, documents, communications, ledger entries, and everything your firm enters or uploads. Stored in a Postgres database isolated by firm_id. Encrypted at rest and in transit.

Account data.Names, emails, roles, and last sign-in times of your firm's team members.

Usage telemetry.Page views, feature usage, and error reports, used to fix bugs and prioritize work. Never sold. Never tied to specific firm data without your firm's consent.

Billing data. Stripe handles cards directly; we receive only the customer ID and subscription status.

2

2. How we use it

To deliver the product, support your firm, secure the platform, and handle billing. We do not use firm data to train AI models. AI features (chronology, lien negotiator, demand drafter) send relevant context to our AI sub-processor under an enterprise agreement that prohibits training on customer data and sets retention to response-delivery only.

3

3. Sub-processors

We use the following sub-processors to run Lexboard:

  • Supabase, database, auth, file storage. Hosted on AWS US-East.
  • Vercel, application hosting, edge network, image optimization.
  • Stripe, payments and subscription billing. PCI-compliant.
  • Twilio, SMS delivery for client communications.
  • AI sub-processor, disclosed by name on request, available in the firm-admin DPA addendum. Used only for AI features (chronology, lien negotiator, demand drafter, case analyzer).
  • Resend, transactional email (account, billing, share notifications).
  • Sentry, error reporting (no firm data in stack traces).

This list is updated when we add or remove a sub-processor. Material changes are emailed to firm admins 30 days in advance.

4

4. Retention & deletion

While your firm is a customer: data retained for as long as your firm wants it. Per-firm retention policies (medical records, intake leads, closed-case files) configurable from /admin.

On cancellation: we keep firm data for 30 days in case you change your mind, then permanent delete from primary storage. Backups expire on their own schedule (max 90 days from cancellation).

Right to delete on request: a firm admin can email privacy@lexboard.net and we'll delete sooner.

5

5. Your rights

Export. Full firm export available from /admin/export as JSON + CSV. Includes documents, audit log, and ledger.

Correction.Edit anything you've entered, anytime.

Deletion. Delete cases, clients, documents from the app. Hard-delete on the audit log requires written request toprivacy@lexboard.net.

Access. Email privacy@lexboard.net for a copy of any personal information we hold about you. Response within 30 days.

6

6. Contact

Privacy questions: privacy@lexboard.net
Security incidents: security@lexboard.net
Anything else: hello@lexboard.net