Privacy Policy
Effective Date: July 4, 2026 Last Updated: July 4, 2026
This Privacy Policy describes how Timeless Technology Inc., a Delaware corporation (“DeeLexy”, “Company”, “we”, “us”, or “our”) collects, stores, uses, discloses, and otherwise processes your information when you access or use our automated, case-centric AI-powered legal professional workbench, APIs, software, and related services (collectively, the “Services”), or when you interact with us through our public website located at https://deelexy.com/ (the “Site”).
This Privacy Policy applies to individual users, law firms, corporate entities, and their authorized personnel who register an account or interact with the Services (collectively, “Users”, “Customers”, or “you”).
Please read this Privacy Policy carefully. By accessing or using the Services, you acknowledge that you have read and understood the practices described herein. If you do not agree with our policies and practices, you must immediately cease all use of our Site and Services.
1.Categories of Information We Process
To deliver our case-centric legal analysis tools and maintain the security of our platform, DeeLexy processes three distinct flows of information:
1.1.Account Data (Information You Provide to Us)
When you register, manage, or pay for an account on DeeLexy, we collect administrative and billing metadata required to maintain your professional relationship with us. This includes:
(a)Identification and Contact Data: First name and professional or corporate email address.
(b)Authentication and Credentials: Account password. If you choose to utilize upcoming federated single sign-on (SSO) features as they become available on the platform, we may collect authorized third-party identity provider metadata (e.g., Google OAuth identifiers).
(c)Billing and Transaction Metadata: Commercial purchase details, subscription parameters, and billing transaction history.
(d)Stripe Payment Processing: DeeLexy does not directly ingest, transmit, or store raw credit card numbers, expiration dates, or security codes (CVV/CVC). All payment card processing is securely handled strictly by our third-party payment processor (Stripe). To facilitate automated subscription renewals and recurring payments, we store exclusively the secure, non-sensitive API identifiers generated and provided by the payment processor (such as Stripe Customer IDs and Payment Method tokens). Any display of masked card metadata within your account dashboard (e.g., card brand or the last four digits of the card) is retrieved dynamically in real-time via secure API calls to Stripe and is not stored on DeeLexy infrastructure.
1.2.Customer Content (Inputs and Outputs)
In the course of utilizing our case-centric workflows, you submit documentation and receive automated machine-learning generations.
(a)Input Data: Case files, legal briefs, contracts, unstructured texts, search queries, prompts, and corporate metadata explicitly uploaded or ingested into the platform by or on behalf of the User.
(b)Output Data: Probabilistic text summaries, automated legal research findings, document risk extractions, and structured legal analysis returned by the AI Models via the platform workbench.
1.3.Explicit Disclosure on Sensitive Personal Data
The Company does not intentionally or purposefully solicit, request, or target the collection of sensitive personal information (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health-related information, or data concerning an individual's sex life or sexual orientation).
However, given the unstructured nature of legal documentation and user-driven prompts, you may voluntarily, inadvertently, or otherwise upload documents or transmit queries containing sensitive personal data within your Inputs to the AI. In such instances, the Company will process this information solely as an automated technical operation to render the requested Services to you.
The User acknowledges that the Company cannot pre-screen Input content and is unable to obtain explicit prior consent for such processing, as the Company is not aware in advance of the potentially sensitive nature of the information uploaded. If you inadvertently upload sensitive information, you may immediately remove it from our active servers at any time via the document management interface of the Services.
1.4.Technical Telemetry, Logs, and System Activity (Automatically Collected)
When you navigate the platform, our infrastructure automatically records functional logs and security events to ensure system integrity, execute rate-limiting, mitigate financial fraud, and prevent cyberattacks. This includes device and connection information (IP addresses, browser type, operating system), timestamp logs, transaction latency rates, and operational error payloads.
To ensure complete professional hygiene, DeeLexy enforces strict server-side and client-side log-redaction filters. Our system is architected to automatically redact and mask sensitive credentials, including authentication tokens (Authorization Bearer), API secrets, cookies, CSRF tokens, and transactional payment tokens, preventing them from being captured or stored in operational application logs.
1.5.Cookies and Automated Tracking Technologies
We use cookies, web beacons, and similar tracking technologies to operate the Site, preserve your session preferences, analyze traffic trends, and prevent unauthorized access. You have the right to modify your internet browser settings to reject the storage of cookies or alert you when cookies are being sent. Please review our dedicated Cookie Policy for exhaustive details regarding our use of these technologies and instructions on managing your tracking preferences.
2.Artificial Intelligence Processing and Technology Subprocessors
DeeLexy delivers its automated legal analysis, contextual summaries, and research tools through a proprietary orchestration platform that connects to various secure machine learning frameworks and large language models (LLMs). This section details how your Customer Content (Inputs and Outputs) is safely routed and processed.
2.1.Absolute Model Training Prohibition
DEELEXY ENFORCES A STRICT DIRECTIVE REGARDING DATA PRIVACY: WE DO NOT USE YOUR CUSTOMER CONTENT (BOTH INPUTS AND OUTPUTS) TO TRAIN, RETRAIN, FINE-TUNE, OR IMPROVE ANY PROPRIETARY OR THIRD-PARTY ARTIFICIAL INTELLIGENCE MODELS, LARGE LANGUAGE MODELS (LLMs), OR MACHINE LEARNING ALGORITHMS. Your case files, legal queries, and system-generated analyses remain strictly isolated within your dedicated case boundaries. They are never ingested into the public or shared training datasets of our technology partners, cloud infrastructure vendors, or routing gateways.
2.2.Automated Dynamic Routing and Infrastructure Intermediaries
To optimize platform latency, cost efficiency, and analytical accuracy, DeeLexy utilizes an automated dynamic routing system. Users do not select specific underlying models or providers; rather, the platform internally and programmatically determines the optimal processing path for each specific function or workload. To execute these operations ephemerally, DeeLexy engages enterprise-grade data subprocessors strictly on an as-needed basis:
- OpenAI OpCo, LLC (Enterprise API integrations for foundational language models)
- Google LLC (Direct Gemini API and Google Cloud Vertex AI infrastructure)
- Anthropic PBC (Enterprise Claude API infrastructure)
- DeepSeek Inc. (Enterprise API integrations for language models)
- OpenRouter (Secure enterprise-grade API gateway utilized as an alternative technical intermediary to orchestrate and balance automated model requests)
- Internal & Open-Source Architectures: The platform may, at its sole discretion, process computational workloads locally by deploying specialized open-source models (such as the Qwen or Mistral model families) or utilizing the Company’s proprietary in-house machine learning models hosted securely within our managed environments, without transmitting data to external artificial intelligence vendors.
Future Integration of Customer-Provided Models (BYO-LLM)
For select enterprise installations or specialized corporate accounts, the platform may support upcoming features allowing Customers to configure and connect their own organization-hosted or proprietary third-party language models via their account settings (“Bring Your Own LLM”). Where a Customer opts to route processing through a self-hosted or customer-configured external endpoint, the Customer acknowledges and agrees that DeeLexy does not control, and shall not be legally responsible for, the data retention, model training policies, or security practices enforced by that customer-managed third-party model provider.
2.4.Commercial API Privacy and Data Retention Safeguards
Whichever routing path is programmatically selected by DeeLexy (direct provider API or via secure orchestration networks like OpenRouter), all external interactions are governed strictly by enterprise-grade commercial developer agreements. These frameworks contractually mandate that:
(a)Data Isolation: Your Input payloads and resulting Output generations are processed ephemerally and are completely barred from being utilized by any vendor or intermediary for model enhancement, training, or manual human evaluation.
(b)Ephemeral Retention: Transmitted data is utilized solely to fulfill the real-time computational request and is deleted immediately upon completion, subject only to standard, secure, and limited administrative windows (typically up to 30 days) maintained by the respective providers strictly to monitor for infrastructure abuse, malicious activity, and platform safety compliance.
2.5.Core Cloud Infrastructure and Vector Databases
To maintain operational databases, secure user profiles, and enable advanced semantic search across your case-centric workflows, DeeLexy utilizes elite cloud storage and database subprocessors. All infrastructure environments are managed within highly protected data centers located in the United States:
- Google Cloud Platform (GCP) — Core cloud hosting, secure serverless application execution environments, and protected object storage.
- Qdrant Solutions GmbH (Qdrant) — High-performance vector database architecture utilized to index, store, and safely retrieve semantic vector embeddings derived from your Input data for localized case context.
Data Security, Encryption, and Lifecycle Management
DeeLexy implements commercial-grade technical, physical, and organizational measures designed to ensure the confidentiality, integrity, and robust protection of your Customer Content against unauthorized access, disclosure, or alteration.
3.1.Cryptographic Standards (Encryption in Transit and at Rest)
We enforce industry-standard cryptographic protocols across all operational and storage layers of the platform:
(a)Encryption in Transit: All data transmitted between your device, our web interfaces, and backend processing servers is encrypted using secure Transport Layer Security (TLS 1.2 or higher) protocols.
(b)Advanced Encryption at Rest: Customer Content, case documents, and database records are securely isolated and encrypted at rest using Advanced Encryption Standard with 256-bit keys (AES-256).
(c)Multi-Layered Storage Protections: Document storage buckets utilize automated server-side encryption backed by managed cloud cryptographic key infrastructure.
(d)Volatile Cache Protections: Temporary processing segments, text chunks, and runtime working files maintained within high-performance in-memory tiers are strictly encrypted. Transient information is systematically prevented from residing in unencrypted text format on persistent hardware.
3.2.Case-Centric Data Isolation Architecture
The platform is built on a strict multi-tenant isolation model designed specifically for legal and professional environments:
- Access controls are strictly verified at each step of the infrastructure lifecycle.
- Customer Content is logically and cryptographically partitioned based on individual user accounts and distinct case spaces (matters).
- The system prevents cross-contamination, ensuring that data belonging to one case space or account is entirely inaccessible to other users or unrelated system environments.
Automated Log Redaction and Data Hygiene
To minimize the risk of accidental exposure of confidential infrastructure information through diagnostic, performance monitoring, or fraud prevention tools, DeeLexy utilizes automated data hygiene controls. Our system infrastructure includes automated server-side and client-side filtering mechanisms that continuously scan platform telemetry and operational logs. These filters are configured to automatically mask, redact, or strip out sensitive credentials prior to log writing, including access tokens, authentication strings, administrative secrets, session cookies, and third-party payment transaction identifiers.
3.4.Retention, Minimization, and Definitive Deletion
We adhere to strict data minimization practices. Your Customer Content is retained only for the duration of your active subscription lifecycle to support your workspace operations.
(a)User-Initiated Removal: You may delete individual documents, legal queries, or entire case environments at any time through the platform interface. Upon execution, the metadata linkages are unlinked, and the underlying storage blocks are marked for destruction.
(b)Account Closure and Administrative Grace Period: Upon a formal request to terminate your DeeLexy Account, your data enters a standard 30-day administrative grace period (cooling-off period). During this window, active access to the platform is suspended, but data remains secured to prevent accidental loss and allow for recovery or manual data export if authorized.
(c)Definitive Purge: Upon the expiration of the 30-day grace period, DeeLexy executes an automated system purge. All primary databases, operational memory caches, semantic search indices, and backup environments containing your specific Customer Content are permanently overwritten or deleted, and the corresponding encryption keys are discarded, rendering the historical data entirely unrecoverable.
4.International Data Rights and Regulatory Compliance
DeeLexy is engineered to respect and uphold global privacy standards. Depending on your jurisdiction of residence, you possess specific statutory rights regarding the personal information we maintain.
4.1.European Global Rights (GDPR/UK GDPR Compliance)
If you are located within the European Economic Area (EEA), Switzerland, or the United Kingdom, DeeLexy acts as a Data Controller for your Account Data, and as a Data Processor for your Customer Content (Inputs and Outputs). Under the General Data Protection Regulation (GDPR), you possess the right of access, portability, rectification, erasure (“Right to be Forgotten”), and restriction of or objection to processing. We process your data based on contractual necessity, explicit consent, legal compliance, or our legitimate interest in ensuring system security.
4.2.United States Regional Rights (CCPA/CPRA and State Privacy Laws)
If you are a resident of California or states with equivalent comprehensive privacy frameworks (e.g., Delaware, Virginia, Texas), you possess the right to know and delete your personal information. DeeLexy fundamentally does not sell your personal information, nor do we share your personal information or Customer Content with third parties for cross-context behavioral or targeted advertising purposes.
4.3.Singapore Statutory Rights (PDPA Compliance)
If you are a resident of Singapore, we process your personal data in strict compliance with the Personal Data Protection Act 2012 (PDPA). You possess the right to access your personal data, request correction of inaccuracies, or withdraw your consent to our processing of your information at any time by contacting our designated privacy function.
4.4.United Arab Emirates and MENA Regional Rights (UAE PDPL Compliance)
If you are accessing the Services from the United Arab Emirates (UAE) or the wider MENA region, your personal information is processed in accordance with UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL) and, where applicable, the data protection regulations of the Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM).
- Cross-Border Transfers: You explicitly acknowledge and authorize that your Account Data and Customer Content will be transferred to and maintained on cloud servers within the United States. DeeLexy utilizes enterprise-grade technical safeguards and data transfer agreements to ensure an appropriate level of protection that complies with UAE and regional cross-border data transfer directives.
Mechanisms for Exercising Your Rights
To submit a formal data privacy request, you must contact our designated privacy team at support@deelexy.com. To protect your security and prevent unauthorized access to corporate or legal data, we implement strict verification measures: we require you to send the request from the verified primary email address associated with your DeeLexy account, and we reserve the right to request additional administrative confirmations. DeeLexy will respond to all valid, authenticated requests within thirty (30) days of receipt.
4.6.International Data Transfers
DeeLexy utilizes secure cloud infrastructure located within the United States to host and execute the platform services. If you access the Services from the European Union, United Kingdom, Singapore, UAE, or other global regions, your personal information and Account Data will be transferred to and processed in the United States. By using the platform, you acknowledge and authorize this cross-border transfer. DeeLexy ensures a lawful framework for such transfers by executing recognized data transfer safety agreements.
4.7.Privacy Policy Modifications
The Company reserves the right to amend, update, or revise this Privacy Policy at any time to reflect technical upgrades, changes to our AI routing infrastructure, or shifting global regulatory frameworks. When substantial modifications are made, we will update the “Effective Date” at the top of this document and provide a prominent notification within the platform dashboard or send a direct notice to your registered account email. Your continued use of the platform after the updated Privacy Policy becomes effective constitutes your acknowledgment of the revised practices.
DeeLexy by Timeless Technology Inc.
8 The Green Ste R
Dover, DE 19901
USA