Sign In Try Free
Workflow-specific products Content, decks, briefs, proposals, legal, and sales each have a clearer buying path.
Review before delivery Draft, edit, collaborate, approve, and export in the same workspace.
Security + procurement path Security policy, support, and Azure Marketplace buying are public.

Lex security and data handling

Trust facts for legal teams, with the source attached

A buyer-facing summary of Gixo's published security, AI-processing, retention, and professional-review commitments. Each claim below points to the underlying policy rather than implying an unsupported certification.

Published Gixo practices

These are application and data-handling statements published by Gixo. They are distinct from certifications held by infrastructure providers.

AI processing

No training of Gixo models

Gixo's privacy policy says customer content is not used to train Gixo models. Prompts, uploads, and related inputs may be sent to external AI providers only to generate requested outputs, using provider-specific controls that can vary by service path. Read the policy.

Encryption

Transport and storage controls

Gixo's security policy states TLS 1.3 for data in transit, AES-256 for stored data, managed cloud key services, and transparent database encryption. Read the policy.

Access

Restricted administrative access

The security policy publishes role-based access control, least privilege, multi-factor authentication for administrative access, and regular access reviews. Read the policy.

Gixo controls and provider certifications are not the same claim

Procurement teams should be able to tell which organization owns each assertion.

What Gixo publishes about its service

  • Azure-hosted infrastructure.
  • Application access, encryption, monitoring, development, and incident-response practices described in the security policy.
  • A DPA and a public subprocessor register.

What this page does not claim

Gixo's security policy attributes SOC 2 Type II and ISO 27001 certified facilities, physical controls, and related infrastructure assurances to its cloud providers. This summary does not claim that Gixo itself currently holds SOC 2 Type II or ISO 27001 certification.

The questions legal and security reviewers usually ask

Summary of published policy answers. The linked policies and applicable contract govern if this summary differs.
Buyer question Published answer Source
Is content used to train Gixo models? No. The privacy policy says Gixo does not use customer content to train Gixo models. Privacy policy
Do external AI providers receive content? They may receive prompts and related inputs to generate requested outputs. Gixo says provider-specific retention and training controls vary by provider and service path. Privacy policy and subprocessors
How is data encrypted? The security policy states TLS 1.3 in transit and AES-256 at rest. Security policy
What happens after cancellation? The privacy policy says content and account data may be retained for up to 90 days for export or reactivation, then deleted, de-identified, or retained only where needed for legal, billing, security, or backup purposes. Privacy policy
Does Lex replace legal review? No. Lex prepares work for review and does not provide legal advice, certify compliance, or replace professional review. Lex review boundary

Policy packet

Open the primary documents directly. Each policy page carries its own effective or last-updated date.

Evaluate the workflow with the review boundary visible

Start a Lex trial to inspect guided intake, drafting, deterministic Draft Checks, review, and export. Gixo does not replace legal counsel or certify compliance.