Back to Clexto

Privacy Policy

Last updated: November 8, 2025

Data Protection at Clexto

At Clexto, keeping your data safe is our top priority. We protect the confidentiality, integrity, and availability of your information with layered technical and organizational controls.

AI and Data Use

We never train or enhance our AI models with your data, and we never sell it.Your data remains exclusively yours.

Data Security and Integrity

We apply multiple safeguards to protect data in transit, at rest, and during processing:

  • All communications are encrypted using HTTPS with TLS (TLS 1.2+) with valid digital certificates
  • Data at rest is encrypted with AES-256 and stored in encrypted cloud storage buckets
  • We don't store credit card details. Payments are handled by Stripe, a PCI DSS compliant provider
  • Access is protected by firewalls, strict network segmentation, and continuous monitoring
  • Operating systems and dependencies are hardened and patched regularly

Cloud Security

Clexto relies on trusted cloud providers with robust security and compliance controls:

  • Leading cloud platforms host our compute and networking workloads
  • Encrypted object storage for all document data
  • We leverage provider features such as encrypted storage, key management, access logging, and fine-grained IAM

You Own Your Data

All documents and extracted data you process with Clexto are yours:

  • You are the Data Controller and Clexto acts as your Data Processor, processing data only on your instructions
  • You can delete documents or your entire account at any time. Data is removed from active systems immediately
  • Configurable retention policies let you automatically delete data between 1 and 180 days
  • Data is removed from backups and logs within defined retention windows

Privacy and Confidentiality

We respect your privacy and limit access to your information:

  • We never sell, rent, or share your data without your consent
  • Access to customer data is restricted by least privilege and audited regularly
  • All employees complete security and privacy training and are bound by confidentiality obligations

Data Minimization

We collect and store only the information that is essential to deliver and improve our services. We avoid retaining data longer than necessary.

Compliance

Our practices align with leading frameworks and regulations:

  • Compliant with GDPR; Data Processing Agreements (DPAs) are available
  • International data transfers are protected using Standard Contractual Clauses (SCCs), where applicable
  • We leverage cloud providers that maintain widely recognized certifications (ISO 27001, SOC 2)
  • CCPA compliant for California residents

Monitoring and Logging

We maintain detailed logs to support security, reliability, and customer support:

  • Comprehensive internal audit logs for authentication, access, and system actions
  • Document processing activity is summarized for transparency
  • Centralized log aggregation and alerts help us detect and investigate anomalies quickly

Incident Response

We have documented incident response and escalation procedures:

  • Continuous monitoring helps us detect unusual activity
  • If a breach occurs, affected users and relevant authorities will be notified within 72 hours, where required by law

Trusted Subprocessors

We carefully select subprocessors that meet our security and privacy standards:

  • AWS — Cloud infrastructure and data storage
  • OpenAI/Anthropic — AI processing services
  • Stripe — Payment processing
  • Vercel — Web hosting and deployment

Your Rights

Depending on your location, you may have the following rights:

  • Access your personal data
  • Correct inaccurate information
  • Delete your data (right to be forgotten)
  • Data portability
  • Object to processing
  • Opt-out of data sales (we don't sell personal data)

Contact Us

Security and privacy are at the heart of everything we do. If you have any questions or need more details:

Privacy: privacy@clexto.com