Security & Privacy
How we protect your data and our platform.
Cloud Infrastructure
LexMT is hosted on Hetzner Cloud (Helsinki, Finland) — a European provider with high security standards and ISO 27001 certified data centres.
Encryption
All data in transit is encrypted with TLS 1.3. Passwords are stored using industry-standard secure hashing. All session cookies are protected against client-side access and transmitted over secure connections only.
Access Control
Admin dashboard protected by PIN. Rate limiting on all login endpoints. One-use tokens for account setup. Principle of least privilege throughout.
Data Privacy
Uploaded documents are processed in working memory only and never written to persistent storage. Query sessions are never used to train AI models.
Monitoring
Regular automated health checks. Automated daily backups with retention policy. Alerting on process failure. Process monitoring with automatic restart.
Compliance
We process your data in accordance with GDPR. A Data Processing Agreement is available for professional customers. We never sell your data.
Technical Controls
Security controls implemented across the platform.
Standards & Compliance
The security framework we build against.
Sub-Processors
Third-party providers we rely on to deliver the service.
| Provider | Role | Location | Legal Basis |
|---|---|---|---|
| Hetzner Online GmbH | Cloud Hosting | Finland (EU) | DPA — Art. 28 GDPR |
| Anthropic PBC | AI Model (Claude) | USA (SCCs) | DPA — SCCs |
| OpenAI LLC | AI Model (GPT-4o-mini) | USA (SCCs) | DPA — SCCs |
| Resend Inc | Transactional Email | USA (SCCs) | DPA — SCCs |
| Stripe Inc | Payment Processing | USA (SCCs) | PCI-DSS compliant |
Responsible Disclosure
If you discover a security vulnerability in LexMT, please report it responsibly to security@lex.mt.
security@lex.mtWe respond within 48 hours. Thank you.