Privacy Policy
Effective Date: February 19, 2026
LexOculus is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) (EU) 2016/679.
1. Data Controller
LexOculus operates as the Data Controller for personal data processed through the Service.
Contact: founder@lexoculus.com
2. Information We Collect
| Category | Data Collected | Purpose |
|---|---|---|
| Account Data | Email, Name, GitHub Username | Account creation, authentication |
| Usage Data | IP address, browser type | Service improvement, security |
| Repository Data | File tree, code snippets | Compliance analysis (ephemeral) |
3. How We Use Your Data
- To provide and operate the Service.
- To generate compliance reports.
- To communicate service updates.
- To improve the Service based on aggregate, anonymized usage patterns.
4. Legal Basis (GDPR Article 6)
- Contract: Processing necessary to perform the Service you requested.
- Legitimate Interest: Security monitoring, fraud prevention.
- Consent: Where required for specific optional features.
5. Data Retention
- Account Data: Retained while your account is active. Deleted upon account deletion request.
- Scan Reports: Stored for your access history. Deleted upon account deletion.
- Source Code: NOT permanently stored. Code is processed in temporary memory during analysis and discarded immediately after report generation.
6. Third-Party Processors
| Provider Type | Purpose | Data Shared |
|---|---|---|
| Cloud Infrastructure | Hosting, CDN | All service data (encrypted) |
| Analytics | Vercel Analytics | Anonymized usage metrics (Cookie-free) |
| Database & Auth | Storage, Authentication | Account data, encrypted tokens |
| AI/ML Services | Code analysis | Anonymized snippets |
| Payment Provider | DodoPayments | Billing information, transaction history |
All sub-processors are contractually bound by Data Processing Agreements (DPAs) that ensure GDPR-compliant data handling.
7. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of Access (Art. 15): Request a copy of your personal data.
- Right to Rectification (Art. 16): Correct inaccurate data.
- Right to Erasure (Art. 17): Request deletion of your data ("Right to be Forgotten").
- Right to Data Portability (Art. 20): Receive your data in a machine-readable format.
- Right to Object (Art. 21): Object to processing based on legitimate interest.
- Right to Withdraw Consent: Where processing is based on consent, withdraw at any time.
To exercise these rights, contact: founder@lexoculus.com. We will respond within 30 days.
8. International Transfers
Data may be processed in regions outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).
9. Cookies
We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies.
10. Children's Privacy
The Service is not intended for individuals under 16 years of age. We do not knowingly collect data from children. If we become aware of such collection, we will delete the data promptly.