Privacy policy
This website
lexicanon.com runs no analytics, no tracking cookies, and no ad pixels. None. Our web server keeps standard technical logs (IP address, time, page requested) for security and debugging; they rotate out automatically and we don't build profiles from them.
If you book a demo or join the waitlist, we ask for your name, company, and work email, plus an optional message. We use that to reply and schedule the demo — nothing else. You will not be added to a marketing list. The confirmation email is delivered through Resend, our email provider.
The product
When you use Lexicanon with an account, we store:
- Account data — your name, email, and sign-in details (or your company's single sign-on identity).
- Meeting data — the audio you record or upload, and everything we derive from it: transcripts, summaries, decisions, and action items.
- Voice signatures (optional) — small mathematical fingerprints of a speaker's voice, used only to recognise returning speakers inside your own workspace. Workspace admins can review and delete them at any time. They never leave your workspace.
All of it is stored on our servers in Germany (Hetzner), under EU jurisdiction. Voice signatures and meeting content are strictly isolated per workspace — one customer can never see another's data.
Who processes your data
Turning audio into transcripts and summaries means sending it to AI providers for processing. On our managed Cloud plan, depending on configuration, that means:
- Transcription — Deepgram, AssemblyAI, Speechmatics, Soniox, or Microsoft Azure.
- Summarisation — Anthropic, OpenAI, or OpenRouter.
- Email — Resend (transactional mail only).
- Infrastructure — Hetzner (hosting, Germany) and Cloudflare (DNS only — it resolves our domain names and does not see your meeting content).
These providers process your data to deliver the service and for nothing else. Where a provider offers terms or settings that keep your content out of their model training, we use them — but this varies by provider, so we set out the exact, per-provider position (location, and whether each can use your data) on the Data Flows page.
On a BYOK plan, the same processing happens but under your own accounts with those providers — your agreements with them apply, and we never see or mark up your usage. On a self-hosted deployment, your meeting data never reaches us at all.
Want the full picture? See the Data flows & sub-processors page for colour-coded diagrams of every deployment mode (self-hosted, BYOK, full SaaS), container hardening details (non-root, seccomp, etc.), and the complete current sub-processor list with locations and safeguards. A standard Data Processing Agreement (DPA / Verwerkersovereenkomst) is also available.
What we never do
- We never sell your data, to anyone, for anything.
- We never show ads or share data with advertisers.
- We never use your meetings to train our own AI. For the outside services that transcribe or analyse your meetings, we use the providers' API terms that exclude training wherever the provider offers it — and we tell you the exact, per-provider position (including the few we're still tightening up) on the Data Flows page.
- Our staff don't look at your workspace content. The exceptions: you explicitly ask us to during a support request, or the law compels us.
How long we keep things
Meetings stay in your workspace until you delete them — there is no automatic expiry today. You can permanently delete any meeting yourself, and you can ask us to delete specific data at any time. If you close your account or workspace, we remove your data from our systems within 30 days. Demo-request details are kept only as long as we're actually talking to you.
Your rights
Under the GDPR you can ask us to show you the data we hold about you, correct it, export it, or delete it. Email demo@lexicanon.com and we'll handle it — no forms, no runaround. If you're not happy with how we handle it, you can complain to the Dutch data protection authority (Autoriteit Persoonsgegevens), though we'd appreciate the chance to fix it first.
Cookies
This website sets none. The app sets exactly one kind: a session cookie that keeps you signed in. That's why there is no cookie banner — there's nothing to consent to.
Changes
If we change how we handle data, we update this page and the date at the top. For meaningful changes, account holders are notified by email or in the app before the change takes effect.