Privacy Policy
Last Updated: October 15, 2025
Welcome to our website. LexShift LLC (“LexShift,” “we,” “us,” or “our”) offers the industry’s first solution to unify global records retention with AI-driven compliance automation (our “Services”) for enterprise customer users (“User or Users”). We provide information about the Services through our website available at https://LexShift.com (the “Site”). For purposes of this Policy, the term User also includes visitors to our Site.
We value your privacy. This Privacy Policy explains what Personal Data (defined below) we collect in connection with or through the Site, how we use and share that data, and your choices concerning our data practices.
1. Information We Collect
When you contact us or interact with the Site, we collect information that alone or in combination with other information could be used to identify you (“Personal Data”) as follows:
1.1 Information Collected from Site Visitors
We collect information that you provide when you interact with our Site, such as when you request content, register for an event, contact our sales team, or otherwise communicate with us. Certain information about you is also logged automatically in our systems, as described in the “Information Collected Automatically” section below. The information we may collect from you is described below.
- Requesting Information or Content: We collect certain Personal Data about you if you voluntarily provide us with such information when you engage in certain activities on our Site, such as fill out web forms to ask to be contacted by our sales team or request a demo, ask to download content (such as brochures, studies or guides), register for a webcast or other event, post comments on pages or our blog, or subscribe to emailing lists. The specific Personal Data collected during these interactions will vary based on the purpose of the form or the nature of your request, but it will generally include your name, email address, and phone number (for example, we will ask you to provide your phone number if you want a member of our sales team to call you). We may also ask you for additional information to help us understand you better as a customer like your company name, or your role at your company.
- Information We Collect Through Our Social Media Pages: We maintain pages through social media services like Facebook, X (Twitter), YouTube, Instagram, and TikTok (“Social Media Pages”). We may collect Personal Data from you when you interact with our Social Media Pages.
1.2 Information Collected Automatically
When you visit our Site, we may receive certain information about your visit. For example, we may monitor the number of people that visit our Site, peak hours of visits, which page(s) are visited on our
Site, the domains our visitors come from (e.g., google.com, yahoo.com, etc.), and which browsers people use to access and visit our Site (e.g., Firefox, Microsoft Internet Explorer, etc.), broad geographical information, and Site-navigation pattern. In particular, the following information is created and automatically logged in our systems:
- Log data: Information (“log data”) that your browser automatically sends whenever you visit the Site. Log data includes your Internet Protocol (“IP”) address (so we understand which country you are connecting from when you visit the Site), browser type and settings, the date and time of your request, and how you interacted with the Site.
- Cookies and similar technologies: Please see the “Cookies and Other Technologies” section below to learn more about how we use cookies and other technologies.
- Device information: Includes name/type of the device accessing the Site, operating system, browser you are using, device settings, application IDs, unique device identifiers and crash data. Information collected may depend on the type of device you use and its settings.
- Location information: If you have enabled location services for the App on your mobile device, we may collect your precise location information based on city, state, zip code, country, latitude and longitude. We collect such location information with your consent to allow Users to share a one-time snapshot of their location. LexShift does not track or store this information. We may also derive your approximate location from the IP address of your mobile device. If you want to opt-out of the collection of your location data, please adjust the settings on your mobile device to limit the App’s access to your location data.
2. How We Use the Information
We use Personal Data for the following purposes:
- As necessary for certain legitimate business interests, which include the following:
- To respond to inquiries, comments, feedback or questions.
- To send administrative information to you, for example, information about our Services, and changes to our terms, conditions, and policies.
- To analyze Site usage so we can provide, maintain and improve the content and functionality of the Site. For example, we regularly fix bugs and other Site issues. We use cookies and similar technologies to analyze how users interact with our Site. And that analysis can help us improve the Site. If you are an individual in the European Economic Area or the United Kingdom, we will obtain your consent before using cookies and similar technologies for analytics purposes.
- For compliance with law in accordance with our legitimate business interests, including:
- To prevent fraud, criminal activity, or misuses of our Site and to ensure the security of our IT systems, architecture and networks.
- To comply with legal obligations and legal process and to protect our rights, privacy, safety or property, and/or that of our affiliates, customers, or other third parties.
- For marketing and advertising, including:
- To contact you by email to tell you about information we believe will be of interest to you, such as information about products and services, features, surveys, newsletters and upcoming events. If we do, where required by law, we will only send you such marketing information if you consent to us doing so at the time you provide us with your Personal Data. You may opt out of receiving promotional communications by following the instructions contained in each communication we send you or by contacting us as explained at the bottom of this Privacy Policy. If you opt-out from our marketing lists, you will no longer receive marketing communications, but we will continue to contact you in response to your requests.
- For interest-based advertising. We use cookies and similar technologies to engage in interest-based advertising. Please review our Cookie Policy for more information. Where required by applicable law, we will engage in interest-based advertising only with your consent.
There may be other occasions where Personal Data is processed for purposes which will be explained at that time. We will provide further notice to you of any additional processing and, if required, ask your consent to that processing.
3. Disclosure of Information
In certain circumstances, we may disclose your Personal Data to third parties, as set forth below:
- Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may disclose Personal Data to service providers, including hosting, cloud services, and other information technology services providers; email communication software providers, advertising and marketing service providers; customer relationship management, customer engagement, and customer feedback services; identity verification services; and analytics services. Pursuant to our instructions, these parties will access, process, or store Personal Data in the course of performing their duties to us.
- Advertising Partners: To assist us in marketing our products and services, we may disclose Personal Data to third-party advertising companies, including for the interest-based advertising purposes described above, that can collect information on our website through cookies and other automated technologies. Please review our Cookie Notice for more information.
- Business Transfers: If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider, Personal Data and other information may be transferred to a successor or affiliate as part of that transaction along with other assets.
- Legal Requirements: If required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, including to meet national security or law enforcement requirements, (ii) protect and defend our rights or property, (iii) prevent fraud, (iv)
act in urgent circumstances to protect the personal safety of Users of the Site, or the public, or (v) protect against legal liability.
4. Data Retention
We keep Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a legitimate business need to do so, or as required by law (e.g., for tax, legal, accounting or other purposes), whichever is the longer.
If you have elected to receive marketing communications from us, we retain information about your marketing preferences until you opt out of receiving these communications and in accordance with our policies.
To determine the appropriate retention period for your Personal Data, we will consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we use your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymize your Personal Data so that it can no longer be identifiable to you, in which case it is no longer Personal Data.
5. COPPA Notice (Children’s Privacy)
The Site and the Services are not directed to children who are under the age of 18. LexShift does not knowingly collect Personal Data from children under the age of 18 in compliance with the Children’s Privacy Protection Act (COPPA), which sets this requirement for ages 13 and under. For any questions about our children’s privacy practices please contact us Info@LexShift.com.
6. Privacy Choices
6.1 Your Right Regarding Your Data
As explained below, LexShift provides ways for you to access and delete your personal information as well as exercise applicable data rights that give you certain control over your information. Please note that we are subject to the investigatory and enforcement powers of the United States’ Federal Trade Commission (FTC).
6.2 Opt Out of Marketing Communications
You may opt out of receiving promotional communications by following the instructions contained in each communication we send you or by contacting us as explained at the bottom of this Privacy Policy. If you opt out of our marketing lists, you will no longer receive marketing communications, but we will continue to contact you regarding our Services and products and to respond to your requests.
6.3 Opt Out of Online Tracking
You can opt out of third-party cookies as described in our Cookie Policy.
6.4 Opt Out of Location Tracking
If you want to opt out of the collection of your location data, please adjust your settings in your mobile device to limit the App’s access to your location data.
6.5 General Privacy Rights
Subject to applicable law and depending on your location, you have the following general rights in relation to your Personal Data:
- Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details, such as the categories of sources of such information, the business or commercial purpose for collecting your information, and the categories of third parties with whom we shared your information. If you require additional copies, we may charge a reasonable fee. These rights, and the applicable types of data and time periods, will vary depending on the laws applicable to the state or country in which you reside.
- Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we have disclosed your Personal Data to others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you to whom we disclosed your Personal Data so you can contact them directly.
- Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent. If we have disclosed your data to others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you to whom we disclosed your Personal Data with so you can contact them directly.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it (please read below for information on your right to object). We will tell you before we lift any restriction on processing. If we have disclosed your Personal Data to others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you to whom we disclosed your Personal Data so you can contact them directly.
- Right to data portability: You have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you, and that is processed by automated means. We will give you your Personal Data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so:
- If we are relying on a legitimate interest to process your Personal Data—unless we demonstrate compelling legitimate grounds for the processing or we need to process your data in order to establish, exercise, or defend legal claims;
- If we are processing your Personal Data for direct marketing.
- Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to withdraw consent.
- Right to opt out of selling and sharing Personal Data: We use cookies and other similar technologies on our Site to help us advertise our Services on other webSite or services you visit. We share information we collect on our Site, such as information about the pages you visit and the actions you take on our Site, with advertising networks and analytics partners to support our interest-based advertising, which may qualify as a sale or sharing of Personal Data, or targeted advertising, under applicable law. You can opt-out of our use or sharing of Personal Data for these purposes by using our “Your Privacy Choices” tool in the footer of our Site.
- Right to lodge a complaint with the data protection authority: Depending on where you reside, such as if you reside in the European Economic Area or the United Kingdom, you can report concerns about our privacy practices, including the way we handled your Personal Data, to the data protection authority that is authorized to hear those concerns.
6.6 Important Information for EU and United Kingdom Users
If you are a user from the European Union or United Kingdom you should be aware that we are, at minimum, joint controllers of your information (Data Controller) under the EU General Data Protection Regulation (“GDPR”), the UK General Data Protection Regulation (“UK GDPR”), and such similar laws promulgated in the various EU countries.
When we process your information, we will only do so in the following situations:
- We have a contractual obligation.
- You have provided your consent.
- We have a legal obligation.
- We have a legitimate business interest in processing your information. For example, we may process your information to send you marketing communications, relevant content, products or event invitations, or to communicate with you about changes to our Services, and to provide, secure, or improve our Services.
You should be aware that the information that you provide to us may be transferred out of the country in which you reside to servers in a country that may not guarantee the same level of protection as the one in which you reside. We do this for a legitimate business purpose in providing the Service as permitted under UK and EU privacy laws, and therefore, specific consent is not required under the EU and UK legal schema. We will take all steps reasonably necessary to ensure that your information is treated securely in accordance with this Privacy Policy, and no transfer of your information will take place to a third party unless there are adequate controls in place to protect your information and/or you have provided contractual consent by becoming a User.
If you are a User in the European Union or United Kingdom and have a concern about our processing of personal information that we are not able to resolve, you have the right to lodge a complaint with the data privacy authority, please see: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
6.7 Important information for U.S. Residents
Various U.S. states (e.g., as of the date of this Policy, California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia) currently allow or will soon allow consumers to exercise their rights as described above in section 6.5 (General Privacy Rights).
If you are a Colorado resident, please note that we do not require or seek to process any of your sensitive personal information (defined as personal data that reveals racial or ethnic origin, religious beliefs, sexual orientation, and biometric information).
In general, we, including our vendors and service providers, collect the following California regulated categories of personal information (PI) from you:
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers. | YES |
| B. PI categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, license or state identification card number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some information included in this category may overlap with other categories. | NO |
| C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | NO |
| D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | NO |
| E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO |
| F. Internet or other similar network activity. | Browsing history, search history, information on a consumer’s interaction with webSite, services, or advertisement. | YES |
| G. Geolocation data. | Physical location or movements. | NO |
| H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | NO |
| I. Professional or employment-related information. | Current or past job history or performance evaluations. | NO |
| J. Non-public education information | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
| K. Inferences drawn from other PI. | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | NO |
Sharing Your Information for a Business Purpose
In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose with our affiliates and service providers:
- Category A: Identifiers such as real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address
- Category F: Internet or other similar network activity
Shine Your Light Law
Under California law, California residents are entitled, once per calendar year, to ask us for a notice identifying the categories of personal customer information that we share with certain third parties for the third parties’ direct marketing purposes, and providing contact information (i.e., names and addresses) for these third parties. If you are a California resident and would like a copy of this notice, please submit a written request to us via email at Info@LexShift.com. You must put the statement “Your California Privacy Rights” in your request and include your name, street address, city, state, and ZIP code. We are not responsible for notices that are not labeled or sent properly, or do not have complete information.
Opt-Out of Sale in the U.S.
We do not “sell” (as defined by the California Consumer Privacy Act and other U.S. state laws) any personal information subject to this Privacy Policy, and we do not exchange information for any type of financial incentive. Information shared with our advertisers is not considered personal information, as none of the data exchanged could lead to the identification of you as an individual (i.e., at a minimum, it is de-identified).
Please contact us at Info@LexShift.com to exercise your rights.
When you exercise your privacy rights, we may ask for specific information from you to help us confirm your identity. Depending on where you reside, you may be entitled to empower an “authorized agent” to submit requests on your behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.
Please note that in some instances, your privacy rights may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us as provided above.
7. Links to Other Websites or Services
The Services may contain links to other website or services not operated or controlled by LexShift (“Third Party Services”). The information that you share with Third Party Services will be governed by the specific privacy policies and terms of service of the Third-Party Services and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these Site. Please contact the Third-Party Services directly for information on their privacy practices and policies.
8. Security
Your use of the Site is at your own risk. We deploy measures to protect Personal Data both online and offline from loss, misuse, and unauthorized access, disclosure, alteration or destruction. For example, we use available technology and other techniques to implement systems like firewalls, and/or encryption to secure data transfers. However, no Internet or e-mail transmission is ever fully secure or error free. In particular, e-mail sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Site or e-mail. Please keep this in mind when disclosing any Personal Data to LexShift via the Internet. In addition, we are not responsible for circumvention of any privacy settings or security measures contained in the Site or third-party website.
9. Changes to the Privacy Policy
The Site, the Services, and our business may change from time to time. As a result, we may change this Privacy Policy at any time. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law.
10. Contact Us
Responsible Entity. LexShift is the data controller of the Personal Data we collect for our own businesses, as described in this Privacy Policy. LexShift is the data processor of Personal Data provided or otherwise made available to us by you through the Site.
How to Contact Us. If you have any questions about our Privacy Policy or the information practices of the Apps or our Site, please feel free to contact us at Info@LexShift.com.