LEXICANON ← Back to lexicanon.com

Privacy policy

Last updated 11 June 2026 · Lexicanon is operated by Govannon, a company based in the Netherlands.

The short version: we collect as little as we can, your meeting data belongs to you, we host it in the EU, we never sell it, and we never use your meetings to train our own AI. We also rely on a few outside services to transcribe and analyse meetings — we name every one of them, and tell you which can use your data, on the Data Flows page. You can leave with your data at any time. The rest of this page is just that, in detail.

This website

lexicanon.com runs no analytics, no tracking cookies, and no ad pixels. None. Our web server keeps standard technical logs (IP address, time, page requested) for security and debugging; they rotate out automatically and we don't build profiles from them.

If you book a demo or join the waitlist, we ask for your name, company, and work email, plus an optional message. We use that to reply and schedule the demo — nothing else. You will not be added to a marketing list. The confirmation email is delivered through Resend, our email provider.

The product

When you use Lexicanon with an account, we store:

All of it is stored on our servers in Germany (Hetzner), under EU jurisdiction. Voice signatures and meeting content are strictly isolated per workspace — one customer can never see another's data.

Who processes your data

Turning audio into transcripts and summaries means sending it to AI providers for processing. On our managed Cloud plan, depending on configuration, that means:

These providers process your data to deliver the service and for nothing else. Where a provider offers terms or settings that keep your content out of their model training, we use them — but this varies by provider, so we set out the exact, per-provider position (location, and whether each can use your data) on the Data Flows page.

On a BYOK plan, the same processing happens but under your own accounts with those providers — your agreements with them apply, and we never see or mark up your usage. On a self-hosted deployment, your meeting data never reaches us at all.

Want the full picture? See the Data flows & sub-processors page for colour-coded diagrams of every deployment mode (self-hosted, BYOK, full SaaS), container hardening details (non-root, seccomp, etc.), and the complete current sub-processor list with locations and safeguards. A standard Data Processing Agreement (DPA / Verwerkersovereenkomst) is also available.

What we never do

How long we keep things

Meetings stay in your workspace until you delete them — there is no automatic expiry today. You can permanently delete any meeting yourself, and you can ask us to delete specific data at any time. If you close your account or workspace, we remove your data from our systems within 30 days. Demo-request details are kept only as long as we're actually talking to you.

Your rights

Under the GDPR you can ask us to show you the data we hold about you, correct it, export it, or delete it. Email demo@lexicanon.com and we'll handle it — no forms, no runaround. If you're not happy with how we handle it, you can complain to the Dutch data protection authority (Autoriteit Persoonsgegevens), though we'd appreciate the chance to fix it first.

Cookies

This website sets none. The app sets exactly one kind: a session cookie that keeps you signed in. That's why there is no cookie banner — there's nothing to consent to.

Changes

If we change how we handle data, we update this page and the date at the top. For meaningful changes, account holders are notified by email or in the app before the change takes effect.