Security

AI data privacy

  • LexPlay uses OpenAI's API platform for ChatGPT.
  • Your data will not be used by OpenAI to train their public model, and only your specific answers to the questions in the AI assistant are shared with the model, and you control what data you share with it.
  • Your Word docs (i.e., the agreements you would be reviewing) are not sent to Lexoo or OpenAI at any point.

Encryption and infrastructure

  • Data is encrypted at rest (AES-256) and in transit (TLS 1.2).
  • Hosting of this application (“LexPlay”) is provided by Heroku, a cloud-based platform that complies with PCI, HIPAA, ISO, and SOC.
  • Physical server security is managed by Amazon Web Services (AWS).

Product security

  • Dependency updates ensure security patches are implemented as required.
  • Vulnerability scans of the system are conducted after any significant change, to identify and resolve security vulnerabilities.
  • Automated implementation tests ensure systems adhere to relevant security standards.
  • Automated event logging tracks and records occurrences for critical systems, including associated applications, and any data affected by the events.
  • Where possible, user authentication is provided using single sign on (SSO).
  • Backend system access is restricted to a limited number of authorised users.

Organisational security

  • Lexoo’s employees, contractors and affiliates are bound by confidentiality obligations.
  • All employees are undergo security training regarding proper use of the internet and email to protect against malware, phishing, and ransomware.
  • Individuals with access to Lexoo’s systems must use multi-factor authentication (MFA) and adhere to a strict password policy.
  • Lexoo has policies in place regarding: security, vendor risk management, vulnerability identification and management, incident response, data classification, and proper use.
  • Lexoo conducts annual reviews of all security related practices and policies.

Data security

  • Lexoo conducts annual reviews of all data related processes and policies.
  • Please see the LexPlay privacy policy for information on how we collect and use data.

Contact

  • For security inquiries or to report an issue, please contact us at team@lexoo.com

Copyright © 2024 Lexoo.

Lexoo Limited is registered and incorporated in England and Wales, company registration number 08900002.

1-45 Durham Street, London SE11 5JH.  Lexoo Limited is registered as a Data Controller under the ICO: ZA073304.