Skip to main content

Privacy
Policy

Your data is yours. We collect only what is necessary to run the service, and we protect it with industry-standard encryption.

Privacy Policy for LexiSaaS

Last updated: April 2026

Who We Are

LexiSaaS is operated by LexiCo AS, a Norwegian company registered under organization number 937 155 344.

Address: Trølltørødveien 18, 3140 Nøtterøy, Norway.

Contact: post@lexico.no

What We Collect

We collect the minimum data necessary to provide and improve the service:

  • Account information — name, email address, and hashed password
  • Usage data — API request counts, token usage, model selections, and response times
  • Billing data — credit balance, transaction history, and payment method (processed by Stripe)
  • Security logs — login timestamps, IP addresses, and failed authentication attempts

We do not store the content of your AI requests or responses. Prompts and completions pass through our proxy in real time and are never logged or retained.

Provider API Keys (BYOK)

If you choose to bring your own provider API keys, they are encrypted at rest using AES-256-GCM with per-key unique nonces.

Provider keys are never stored in plaintext, never included in logs, and never accessible to LexiCo employees. Keys are decrypted only in memory at the moment of proxying your request.

Cookies

We use only essential cookies:

  • lexi_session — session authentication token (expires on browser close)
  • cookie_consent — stores your cookie preference (12 months)

We do not use tracking cookies, advertising cookies, or third-party analytics.

Third-Party Services

We share data with the following third parties only as necessary to operate the service:

  • Stripe — payment processing. Stripe receives your payment details directly; we never see or store your full card number.
  • Resend — transactional email delivery (account confirmations, password resets, billing receipts).

AI provider requests are routed through our proxy but we do not share your account data with AI providers.

Data Retention

Usage logs and security logs are automatically purged after 90 days of account inactivity.

Billing records are retained for 5 years to comply with Norwegian accounting regulations.

When you delete your account, all personal data is removed within 30 days, except where retention is required by law.

Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of access — request a copy of all personal data we hold about you
  • Right to rectification — correct inaccurate or incomplete personal data
  • Right to erasure — request deletion of your personal data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing of your personal data
  • Right to lodge a complaint — file a complaint with the Norwegian Data Protection Authority (Datatilsynet) at datatilsynet.no

To exercise any of these rights, contact us at post@lexico.no. We will respond within 30 days.

Start Saving on AI Costs Today

Free credits included. No credit card required.

Start Free View Documentation