LexGo
Home How it works Legal areas About us Blog FAQ Contacts
Login Start consultation
Italiano English Français Deutsch Español
Legal Document

Privacy Policy

Information on the processing of personal data pursuant to EU Regulation 2016/679 (GDPR)

Last updated: 20 March 2026

1. Data Controller

The Data Controller for personal data processing is:

LexGo Group
Headquarters: Rome, Italy
Email: info@lexgogroup.it
PEC: lexgo@pec.it
VAT No.: 12345678901

2. Types of Data Collected

In the course of providing its services, LexGo collects the following categories of personal data:

a) Identification and contact data

First name, last name, email address, phone number, residential/domicile address.

b) Legal case data

Description of the legal situation, area of expertise, uploaded documents, communications exchanged with the lawyer.

c) Browsing data

IP address, browser type, operating system, pages visited, time spent on site.

d) Authentication data

Login credentials, session tokens, OTP codes for two-factor verification.

3. Purposes and Legal Bases

  • Service provision (art. 6.1.b GDPR) — Case analysis, lawyer matching, case management.
  • Responding to contact requests (art. 6.1.b GDPR)
  • Legal obligations (art. 6.1.c GDPR)
  • Platform security (art. 6.1.f GDPR)
  • Service improvement (art. 6.1.f GDPR)

4. Use of Artificial Intelligence

LexGo uses an AI system to analyse the legal case, identify the area of expertise, suggest the most suitable lawyer match and generate summaries.

Important: conversations with the AI are processed in real time and are not used to train models. The user has the right to request human intervention (art. 22 GDPR).

5. Data Disclosure and Sharing

  • Lawyers in the LexGo network — limited to data necessary for the case;
  • Technology service providers — hosting, email, AI processing;
  • Competent authorities — where required by law.

Data is not shared with third parties for marketing or commercial profiling.

6. Data Transfer Outside the EU

Some data may be transferred to the United States as part of the AI service (Anthropic). Such transfers are carried out on the basis of Standard Contractual Clauses (SCC) and the EU-U.S. Data Privacy Framework.

7. Data Retention Period

  • Legal case data: duration of the case + 10 years;
  • Contact data (form): time necessary + 12 months;
  • Browsing data: maximum 6 months;
  • Authentication data: account duration + 30 days.

8. Data Subject Rights

Pursuant to arts. 15–22 of the GDPR: access, rectification, erasure, restriction, portability, objection, withdrawal of consent.

Contact: info@lexgogroup.it

Complaints: Italian Data Protection Authority

9. Security Measures

  • HTTPS/TLS
  • Passwords hashed with bcrypt
  • CSRF protection
  • Rate limiting
  • TOTP for admin access
  • Session tokens for documents
  • Regular backups

10. Changes to This Policy

The Data Controller reserves the right to make changes. The updated version will always be available on this page.