Privacy Policy

Effective Date: April 14, 2026

1. Overview

Lexlint ("we," "our," or "us") operates the website lexlint.com and the Lexlint accessibility scanning service (the "Service"). This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our Service.

We are committed to protecting your privacy and handling your data in accordance with applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, Quebec's Law 25.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, organization name
  • Payment information: processed by Stripe; we do not store credit card numbers
  • Support communications: emails, chat messages, feedback
  • Website URLs you submit for scanning

2.2 Information We Collect Automatically

  • Usage data: scan frequency, feature usage, pages viewed
  • Device and browser information: browser type, operating system, screen resolution
  • IP address and approximate location (country/region level)
  • Cookies and similar technologies (see Section 6)

2.3 Information from Scanned Websites

When you scan a website, we access and process the publicly available HTML, CSS, and JavaScript of that website. We do not access authenticated or private areas unless you explicitly provide credentials. We do not intentionally collect personal information from the websites you scan.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your scans and generate compliance reports
  • Process payments and manage your subscription
  • Send you service-related communications
  • Respond to your support requests
  • Analyze usage patterns to improve the Service (in aggregate, not individually)
  • Comply with legal obligations

We do not sell your personal information. We do not use your data for advertising. We do not train AI models on your scan data or scan results.

4. Data Storage and Security

Your data is stored on servers operated by our infrastructure providers: Supabase (database and file storage), Vercel (application hosting), Stripe (payment processing, PCI DSS Level 1 certified), and Clerk (authentication, SOC 2 Type II certified).

We implement commercially reasonable security measures including encryption in transit (TLS 1.2+), encryption at rest, row-level security policies, and regular access reviews.

We retain your data for as long as your account is active. Scan results are retained for the duration of your subscription plus 90 days. After account deletion, we delete your personal data within 30 days, except where retention is required by law.

5. Data Sharing

We share your personal information only with service providers who process data on our behalf (Supabase, Vercel, Stripe, Clerk), when required by law, or in the event of a business transfer. We do not share scan results or website data with any third party.

6. Cookies and Tracking

We use only essential cookies required for the Service to function: authentication cookies and session cookies. We do not use advertising cookies, tracking pixels, or third-party analytics that track you across other websites.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your personal information, withdraw consent, or lodge a complaint with the Office of the Privacy Commissioner of Canada. To exercise any of these rights, contact us at privacy@lexlint.com. We will respond within 30 days.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States and Canada. Where such transfers occur, we ensure appropriate safeguards are in place.

9. Children's Privacy

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal information from children.

10. Additional Provisions for Quebec Residents

If you are a resident of Quebec, the following apply under Law 25: we obtain express consent before collecting personal information for purposes not described here, you have the right to data portability, and our designated privacy officer can be reached at privacy@lexlint.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days before they take effect.

12. Contact

Lexlint, Privacy Officer
Email: privacy@lexlint.com
Website: https://lexlint.com