Privacy Policy

This Privacy Policy describes how Lexithm Inc. (“Lexithm,” “we,” “us,” or “our”) collects, uses, processes, and discloses information when you use our repository intelligence platform, website, and related services (collectively, the “Service”).

This Policy applies to all users of the Service, including individuals who register for an account (“Users”) and individuals whose information is processed on behalf of our Users.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any term of this Policy, you must cease using the Service immediately.

2.1 Information You Provide. We collect information you provide directly to us, including:

(a) Account registration data: name, email address, GitHub username, and authentication credentials.

(b) Profile information: role, team size, programming languages, and other details submitted during onboarding.

(c) Repository data: source code, file contents, dependency information, and metadata from repositories you import into the Service.

(d) Communications: any messages, queries, or feedback you submit through the Service, including chat messages and review requests.

2.2 Information Collected Automatically. When you access the Service, we automatically collect:

(a) Log data: IP address, browser type, operating system, referring URLs, page views, and timestamps.

(b) Usage data: features accessed, queries submitted, repository interactions, and session duration.

(c) Device data: device type, screen resolution, and unique device identifiers.

2.3 Information from Third Parties. We receive information from GitHub via OAuth authentication, including your public profile, repository list, and access tokens necessary to import and index repositories. We do not store GitHub access tokens in plain text.

We use the information we collect for the following purposes:

(a) To provide, maintain, and improve the Service, including indexing repositories, generating code analysis, and delivering chat responses.

(b) To process authentication and maintain session state.

(c) To communicate with you about the Service, including technical notices, security alerts, and support responses.

(d) To detect, prevent, and address technical issues, fraud, and abuse of the Service.

(e) To comply with legal obligations and enforce our Terms of Service.

We do not use your source code, repository contents, or chat queries to train machine learning models or for any purpose other than providing the Service to you. Code context may be transmitted to third-party LLM providers (NVIDIA NIM or OpenRouter) solely for the purpose of generating responses to your queries. These providers are contractually prohibited from using your data for their own purposes.

We retain your information for as long as your account is active or as needed to provide the Service. Repository data and indexed analysis are retained until you delete your repository or account. Chat history is retained until the associated session is deleted.

Upon account termination, we will delete or anonymize your personal information within thirty (30) days, except where retention is required by law or for legitimate business purposes such as fraud prevention.

We do not sell your personal information. We may share your information in the following circumstances:

(a) With third-party service providers who process data on our behalf (hosting, LLM inference, monitoring), subject to contractual data processing terms.

(b) If required by law, regulation, or legal process, or to protect the rights, property, or safety of Lexithm, our users, or the public.

(c) In connection with a merger, acquisition, or sale of assets, with notice to you and the opportunity to delete your data before transfer.

(d) With your consent or at your direction.

We implement industry-standard technical and organizational measures to protect your information, including encryption at rest and in transit, access controls, and regular security audits. However, no method of transmission or storage is completely secure. You use the Service at your own risk.

We maintain SOC 2-type controls and conduct annual penetration testing. Security findings from our automated analysis are made available to you within the Service.

Depending on your jurisdiction, you may have the right to:

(a) Access the personal information we hold about you.

(b) Request correction or deletion of your personal information.

(c) Object to or restrict processing of your personal information.

(d) Receive a portable copy of your data.

(e) Withdraw consent at any time where processing is based on consent.

To exercise these rights, contact us. We will respond within thirty (30) days.

Your information may be transferred to and processed in the United States and other jurisdictions where our service providers operate. We ensure appropriate safeguards are in place through Standard Contractual Clauses or equivalent transfer mechanisms where required by applicable law.

We may update this Privacy Policy from time to time. Material changes will be notified via email or through the Service at least fourteen (14) days before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

For questions about this Privacy Policy or our data practices, contact:

Dipayal, Doti