Last updated: February 8, 2026
LEXTEUR (hereinafter "LEXTEUR") is committed to protecting the privacy and personal data of its users, in accordance with Regulation (EU) 2016/679 of April 27, 2016 (GDPR) and French Law No. 78-17 of January 6, 1978, as amended (Data Protection Act). This privacy policy describes the conditions under which your personal data is collected, processed, and protected when using the LEXTEUR service.
The data controller is Hamid Haidi. For any questions regarding the protection of your data or to exercise your rights (access, rectification, erasure, portability, objection), please contact: privacy@lexteur.com.
In providing the service, LEXTEUR collects the following categories of data, limited to what is strictly necessary (principle of data minimization, Article 5(1)(c) GDPR):
IMPORTANT: LEXTEUR does not collect, store, or have access to the content of your legal documents or your clients' personal data. All document processing (text extraction, character recognition, anonymization) is performed locally on your workstation via the desktop application. Only text previously anonymized through tokenization (replacement of identifying data with generic tokens such as [PERSON_1], [ADDRESS_1]) is transmitted to the analysis service. This mechanism ensures that data covered by attorney-client privilege is never exposed server-side.
Some of our subprocessors are established outside the European Economic Area (EEA). Data transfers to these providers are governed by standard contractual clauses (SCCs) adopted by the European Commission pursuant to Article 46(2)(c) GDPR, or by adequacy decisions where applicable (notably the EU-US Data Privacy Framework for Anthropic and Resend). You may obtain a copy of the safeguards in place by contacting privacy@lexteur.com.
LEXTEUR's architecture is designed to guarantee by design (privacy by design, Article 25 GDPR) the protection of your clients' data and your case files. Document processing is performed entirely on your workstation: (1) text extraction via embedded optical recognition (local execution), (2) named entity detection via proprietary NER engine (local execution), (3) tokenization of identifying data into pseudonymized tokens. Only the anonymized text is transmitted to the analysis API (Anthropic). This architecture ensures that no identifying data from your clients leaves your workstation, thus ensuring that data covered by attorney-client privilege is never exposed server-side.
LEXTEUR contractually ensures that each subprocessor provides sufficient guarantees regarding the implementation of appropriate technical and organizational measures, in compliance with GDPR requirements. The list of subprocessors may be updated; any material change will be notified to users.
Account data (identification, profile): retained for the duration of the contractual relationship, then deleted within five (5) years after the last account activity, in accordance with the standard civil statute of limitations (Article 2224 of the French Civil Code). This period enables LEXTEUR to respond to any contractual claim within the legal timeframe. Billing data: retained for 10 years in accordance with accounting and tax obligations (Article L.123-22 of the French Commercial Code). Connection data (technical logs): retained for 12 months in accordance with Article L.34-1 of the French Postal and Electronic Communications Code. Documents and analyses: no server-side retention of source documents — only anonymized markdowns (pseudonyms only) are kept for mobile sync and deleted within the same delay as account data. You may request early deletion of your data at any time (subject to legal retention obligations) by contacting privacy@lexteur.com.
The lexteur.com website uses two categories of cookies. Essential cookies (authentication session, theme preference light/dark, language preference FR/EN) are strictly necessary for the operation of the service and do not require your prior consent, in accordance with Article 82 of the French Data Protection Act. Anonymised audience analytics cookies (Google Analytics 4 with IP anonymisation) are only set after your explicit consent given through the dedicated banner, in accordance with the GDPR and CNIL guidelines. No advertising or profiling cookies are used. You can change your choice at any time from the cookie management banner, and your choice automatically expires after 13 months.
In accordance with the General Data Protection Regulation, you have the following rights regarding your personal data:
To exercise any of these rights, send your request along with proof of identity to: privacy@lexteur.com. We commit to responding within one month (Article 12(3) GDPR). If you experience difficulty exercising your rights, you may lodge a complaint with the French Data Protection Authority (CNIL) — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 — www.cnil.fr.
LEXTEUR implements state-of-the-art security measures (Article 32 GDPR): TLS 1.3 encryption in transit, AES-256 encryption at rest, password hashing (bcrypt), PKCE authentication, least-privilege access control, continuous monitoring, and regular auditing. For more details, see our Security page.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA): the right to know the categories and purposes of data collected, the right to deletion, and the right to non-discrimination for exercising your rights. LEXTEUR does not "sell" or "share" your personal data as defined by CCPA/CPRA. LEXTEUR does not engage in behavioral profiling for advertising purposes.
LEXTEUR is currently available to users located in the European Economic Area, Switzerland and Quebec. For users outside the EEA wishing to access the service, data transfers are governed by the mechanisms provided in Chapter V of the GDPR (standard contractual clauses or adequacy decisions depending on the country concerned). Specific rights applicable in other jurisdictions (Belgian APD, Swiss PFPDT, Luxembourg CNPD, Quebec Loi 25) are respected; a specific addendum is signed with client firms outside France where necessary.
The LEXTEUR service is intended exclusively for legal professionals who are of legal age. We do not knowingly collect personal data from individuals under 18 years of age (or the age of majority in the applicable jurisdiction). If we learn that a minor has created an account, we will immediately delete the associated data. If you become aware that a minor is using the service, please contact us at privacy@lexteur.com.
LEXTEUR reserves the right to modify this privacy policy to adapt to regulatory developments or service changes. Any material modification will be communicated to users by email or in-app notification at least 30 days before it takes effect. The date of the last update is indicated at the top of this page.