Privacy Policy

Last updated: January 19, 2026

Introduction

Lexikon ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered product intelligence platform.

By using Lexikon, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Password (securely hashed)
  • Organization name (if applicable)

Repository Data

When you connect your GitHub repositories, we access and process:

  • Repository metadata (name, description, structure)
  • Source code files for indexing and analysis
  • Documentation files (README, docs, etc.)
  • File names and directory structures

We only access repositories you explicitly authorize. We do not access private repositories without your permission, and we never modify your code or commit to your repositories.

Usage Data

We automatically collect certain information when you use Lexikon:

  • Questions you ask and conversations you have
  • Features you use and how you interact with the platform
  • Device information (browser type, operating system)
  • IP address and approximate location
  • Usage timestamps and session duration

API Keys

If you choose to bring your own API keys (for AI providers like OpenAI, Anthropic, etc.), we store these keys using industry-standard encryption. Your API keys are only used to make requests on your behalf and are never shared with third parties.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve Lexikon's services
  • Index and analyze your repositories to answer your questions
  • Generate AI-powered responses about your products
  • Process payments and manage your subscription
  • Send you important updates about the service
  • Respond to your inquiries and provide customer support
  • Detect, prevent, and address technical issues
  • Improve our AI models and algorithms (using anonymized, aggregated data only)

Data Storage and Security

We implement appropriate technical and organizational security measures to protect your data:

  • All data is encrypted in transit using TLS 1.3
  • Sensitive data (passwords, API keys) is encrypted at rest using AES-256
  • We use secure, SOC 2 compliant cloud infrastructure
  • Access to production systems is restricted and logged
  • Regular security audits and vulnerability assessments

Your repository data and embeddings are stored in isolated environments per organization. We do not share or commingle data between different customers.

Third-Party Services

We use the following third-party services to operate Lexikon:

  • GitHub - For repository access and authentication
  • Stripe - For payment processing
  • AI Providers (OpenAI, Anthropic, Google, xAI) - For generating responses
  • Cloud Infrastructure - For hosting and data storage
  • Email Service Providers - For transactional emails

Each third-party service is bound by their own privacy policies and data processing agreements. We only share the minimum data necessary for each service to function.

AI and Your Data

When you ask questions, your queries and relevant repository context are sent to AI providers to generate responses. Important notes:

  • We use AI provider APIs that do not train on your data
  • Your repository code is not used to train external AI models
  • If you use your own API keys, data goes directly to the provider under your agreement with them
  • We retain conversation history to improve your experience (you can delete this at any time)

Data Retention

We retain your data for as long as your account is active or as needed to provide services:

  • Account data: Until you delete your account
  • Repository indexes: Until you disconnect the repository or delete your account
  • Conversation history: Until you delete it or delete your account
  • Usage logs: 90 days for operational purposes
  • Backup data: Up to 30 days after deletion

Your Rights

You have the following rights regarding your data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate data
  • Deletion: Delete your account and all associated data
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain processing activities

To exercise any of these rights, contact us at privacy@lexikon.us.

International Data Transfers

Lexikon is operated from the United States. If you are located outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States where our servers are located.

For users in the European Economic Area (EEA), UK, or Switzerland, we rely on Standard Contractual Clauses approved by the European Commission to transfer data internationally.

Children's Privacy

Lexikon is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal data, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will send you an email notification.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@lexikon.us

General Inquiries: hello@lexikon.us