Client Data Processing Addendum

Client data

Client data may include firm contact information, website audit records, screenshots, intake notes, uploaded files, workflow maps, project records, credentials submitted through approved channels, reports, and support communications.

Processing purpose

LexAIAdvisors processes client data to evaluate requests, deliver services, administer projects, communicate with clients, generate reports, maintain records, protect systems, and improve service operations.

Confidentiality and access

• Access should be limited to people and systems with a business need for the applicable service.
• Credentials should be submitted only through approved secure workflows.
• Client confidential information should not be routed into AI tools unless the workflow has been approved and controlled.
• Clients remain responsible for determining what information may be provided and whether additional professional, client, or regulatory consent is required.

Subprocessors

LexAIAdvisors may use third-party platforms and service providers listed by category in the Third-Party Platform List. Those providers may process client data as needed to support the services.

Retention and deletion

Client data is retained as long as reasonably needed for service delivery, accounting, security, dispute resolution, legal obligations, recordkeeping, and business operations. Deletion requests may be limited by those needs.

Security controls

LexAIAdvisors uses practical administrative, technical, and access-control measures appropriate for the service, but no processing environment is guaranteed to be secure, uninterrupted, or free from unauthorized access.