L
Lexoni.ai
ProductPartner with us

Privacy policy

Effective 18 June 2026. Last updated 18 June 2026.

1. Who we are

Lexoni.ai (the platform) is operated by The UpCapital Global FZCO, a company headquartered in Dubai, United Arab Emirates. We provide a software-as-a-service legal operating system for law firms and in-house counsel in the GCC. References to "we", "us" and "our" mean The UpCapital Global FZCO. Contact for privacy matters: privacy@lexoni.ai.

2. The laws we follow

We process personal data in accordance with the United Arab Emirates Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the UAE PDPL), the Kingdom of Saudi Arabia Personal Data Protection Law issued under Royal Decree No. M/19 of 1443H (the KSA PDPL), and where applicable the EU General Data Protection Regulation 2016/679. When local law and these terms conflict, local law applies.

3. Data we collect

4. How we use it

5. Data residency

We pin firm data to the region of the firm's primary tenant. UAE firms' data is hosted in UAE-based infrastructure; KSA firms' data in KSA-based infrastructure. We do not move firm data across regions without a logged lawful basis. Cross-border transfers required for service operation are restricted to processors that meet the adequacy standards of UAE PDPL and KSA PDPL.

6. AI processing

The platform uses large language models (currently Anthropic Claude) to assist with drafting, retrieval and classification. Your firm's data is sent to the model only for the active query, is not used by the model provider for training, and is not retained beyond the request lifecycle except as needed for our internal audit log. We maintain an opt-out flag on every knowledge item; when set, that item never enters AI context. The ethical wall and tenant isolation are enforced before the AI sees any data.

7. Tenant isolation and ethical walls

Every query in the platform is scoped to the firm's tenant. We never expose one firm's data to another firm. Inside a firm, ethical walls are enforced at the data layer and at the AI context layer. A non-member of a wall cannot list, read, search, AI-draft from, or in any way learn about a walled matter.

8. Retention

We retain firm data for the active life of the subscription. After cancellation, the firm has 90 days to export. After 90 days, we delete the firm's production data subject to legal retention obligations. Audit logs are retained for seven years where legally required. You can request earlier deletion at any time, subject to verification.

9. Your rights

Under UAE PDPL, KSA PDPL and GDPR (where applicable), you have rights to access, correct, delete, restrict, port and object to processing of your personal data. You have the right to withdraw consent and the right to lodge a complaint with a supervisory authority. Submit data subject requests to privacy@lexoni.ai. We respond within 30 days.

10. Security

We use HMAC-signed session cookies, server-issued honeypot challenges and Cloudflare Turnstile to defend against automated abuse. Passwords are hashed with PBKDF2-SHA256. Sensitive endpoints are rate-limited. We maintain an append-only audit log of every mutation. Production access is restricted, logged and reviewed.

11. Sub-processors

We use a small set of sub-processors. Current list as of 18 June 2026:

We notify firms of changes to the sub-processor list with 30 days notice.

12. Children

The platform is not directed to children. We do not knowingly collect personal data of anyone under 18.

13. Changes

We update this policy when our practices change. Material changes are notified to the firm admin by email at least 30 days in advance. The current version is always published at https://www.lexoni.ai/privacy.

14. Contact

For privacy questions: privacy@lexoni.ai.
For everything else: ceo@theupcapital.com.
Postal address: The UpCapital Global FZCO, Dubai, United Arab Emirates.