LexClock
Security Home Sign in
Legal

Privacy Policy

Effective: June 2, 2026 Last updated: June 2, 2026

The short version

  • Read-only. When you connect Gmail or Microsoft Outlook, LexClock can only read your messages. It can never send, delete, or change your email.
  • We don't keep your email. We read a message to draft one time entry, then discard the message content. We do not store message bodies or attachments.
  • Nothing is sold, and nothing trains AI. We never sell your data, never serve ads, and never let your content be used to train any AI/ML model — ours or a third party's.
  • You decide what bills. Every draft waits for your explicit approval before anything is sent to Clio.
  • You can leave instantly. Disconnect a source or delete your account at any time, and your stored data is erased.

1. Who we are

LexClock ("LexClock," "we," "us," or "our") provides an automatic legal-billing assistant that turns work you already do — such as email — into draft time entries that you review and approve, then sync to your practice-management system (for example, Clio). This Privacy Policy explains what information we collect, how we use it, when we share it, and the choices and rights you have.

This policy applies to the LexClock web application, our marketing site, and related services (collectively, the "Service"). It is operated by LexClock, Inc. If you have questions, contact us at privacy@lexclock.com.

LexClock is an independent product and is not endorsed by or affiliated with Google LLC, Microsoft Corporation, or Clio. This document is provided for transparency and is not legal advice.

2. Information we collect

Information you provide

  • Account information — your name, email address, and authentication credentials when you create a LexClock account or sign in (including via Google Sign-In).
  • Billing configuration — clients, matters, hourly rates, rounding increments, and similar settings you enter so LexClock can produce billing-ready drafts.
  • Drafts and edits — time-entry drafts you create, edit, approve, or skip.

Information from connected services (only if you connect them)

  • Google account data — see Section 4.
  • Microsoft account data — see Section 5.
  • Clio (or other billing system) data — when you connect a billing system, we exchange the matter/client and time-entry data needed to sync approved entries.

Information we collect automatically

  • Technical and usage data — IP address, browser type, device information, and basic logs used to operate, secure, and debug the Service. We use only essential cookies/local storage required for sign-in and app function; we do not use advertising or cross-site tracking cookies.

3. How we use information

We use the information above only to provide and improve features you can see and use in LexClock:

  • To read recent work activity you've connected and generate draft time entries (a duration, a plain-English description, a matter match, and a short evidence note).
  • To let you review, edit, approve, or skip each draft, and to sync approved entries to your billing system when you choose.
  • To authenticate you, secure your account, prevent abuse, provide support, and meet legal obligations.

We do not use your data for advertising, and we do not sell or rent personal information.

4. Google user data

LexClock's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

What we access

Scope requested: https://www.googleapis.com/auth/gmail.readonly (read-only Gmail access)

If you sign in with Google, we also receive your basic profile (name, email address, profile picture) via the standard openid, email, and profile scopes.

We request this scope so LexClock can read recent messages (such as messages you've sent) as evidence of billable work and draft a corresponding time entry. The access is read-only: LexClock cannot compose, send, modify, label, or delete any message.

How we use it

We read the content of a qualifying message solely to estimate the billable time and write a draft entry. The message content is processed transiently in memory and is not retained.

What we store vs. what we discard

We storeWe do not store
• The draft we generate (your duration estimate and description)
• A short evidence note that may include the recipient and the subject line of the message, plus the message's date and Gmail message ID (used to avoid duplicates)
• An encrypted Google refresh token so we can sync on your behalf until you disconnect 		• The body of any email message
• Attachments
• Your Google password
• Google access tokens (used in memory only, never written to our database)
Limited Use commitment

LexClock only uses Google user data to provide or improve the user-facing time-entry features described here. We do not transfer it except as needed to provide those features, comply with law, or protect against security threats. We do not use it for advertising. We do not allow humans to read it except where you explicitly request it, where required for security or legal reasons, or where the data has been aggregated and anonymized. We do not use Google user data to develop, improve, or train generalized or personalized AI/ML models.

Revoking access

You can disconnect Gmail from within LexClock at any time, and you can review or revoke LexClock's access directly at myaccount.google.com/permissions. When you disconnect, we delete the stored refresh token and purge associated drafts as described in Section 9.

5. Microsoft user data

If you connect a Microsoft account, LexClock uses Microsoft Graph in accordance with the Microsoft APIs Terms of Use.

Scope requested: Mail.Read (read-only access to your Outlook mail) and offline_access / User.Read for sign-in and token refresh.

We treat Microsoft mail data exactly as we treat Google data (Section 4): access is read-only; message content is processed transiently to draft a time entry and then discarded; we store only the derived draft, a minimal evidence note and metadata, and an encrypted refresh token. We never send, modify, or delete your mail; we never sell the data; and we never use it to train AI/ML models. You can revoke LexClock's access at any time at myaccount.microsoft.com or by disconnecting inside LexClock.

6. AI processing

To turn a message into a useful draft, LexClock sends the relevant message content to our AI provider, Anthropic (the Claude API), which returns a suggested duration and description. This transfer is necessary to provide the core, user-facing feature of LexClock.

  • Content sent for processing is used only to generate your draft and return it to you.
  • Our AI provider does not use this content to train or improve its models, and the content is not retained beyond what is needed to return a result.
  • We do not use your email content, drafts, or connected-account data to train any LexClock model.

7. How we share information

We do not sell personal information. We share data only with service providers ("subprocessors") that help us run the Service, under contracts that require them to protect it and use it only on our instructions:

SubprocessorPurposeData
VercelApplication hosting & serverless backendRequests, logs, data in transit
SupabaseAuthentication & encrypted databaseAccount data, drafts, encrypted tokens
AnthropicAI drafting (Claude API)Transient message content for estimation
Google / MicrosoftEmail access you authorizeOAuth tokens, read-only mail access
Clio (or your billing system)Syncing approved time entriesApproved entries you choose to send

We may also disclose information if required by law, to enforce our terms, to protect the rights, safety, and security of users or the public, or in connection with a merger, acquisition, or sale of assets (in which case we will notify you and this policy will continue to apply).

8. What we never do

  • We never send, modify, or delete your email — access is read-only.
  • We never sell or rent your personal information or client data.
  • We never use your data for advertising or cross-site tracking.
  • We never use your data to train AI/ML models, and we don't permit our subprocessors to.
  • We never let a person read your private content except where you explicitly ask us to, where required for security or law, or where the data is aggregated and anonymized.
  • We never bill anything without your explicit approval.

9. Data retention & deletion

  • Message content: not retained — discarded immediately after a draft is generated.
  • Drafts & evidence notes: retained until you approve, skip, or delete them, or until you delete your account.
  • Connection tokens: encrypted refresh tokens are kept only while a source is connected, and deleted when you disconnect.
  • Account data: retained while your account is active.

You can delete your data at any time: disconnect a source to remove its tokens and purge its drafts, or delete your account to erase your stored data. You can also email privacy@lexclock.com to request deletion. We will honor verified requests promptly, subject to any limited retention required by law.

10. Security

We protect your data with industry-standard safeguards, including encryption in transit (TLS) and at rest, encrypted storage of connection tokens, scoped access controls, the principle of least privilege, and data minimization (we request the narrowest access needed and discard message content after use). No system is perfectly secure, but we work to protect privileged information the way the legal profession expects.

11. Your rights & choices

Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of your personal information, and to object to certain processing. These may include rights under the EU/UK GDPR and the California Consumer Privacy Act (CCPA/CPRA). We do not sell or "share" personal information for cross-context behavioral advertising, and we do not discriminate against you for exercising your rights.

To exercise any right, contact privacy@lexclock.com. You may also revoke connected-account access directly through Google or Microsoft at any time, as described above.

12. International data transfers

LexClock is operated from, and stores data in, the United States. If you access the Service from outside the United States, you understand that your information will be processed in the United States and other countries where our subprocessors operate. Where required, we rely on appropriate transfer safeguards such as the European Commission's Standard Contractual Clauses.

13. Children's privacy

LexClock is a professional tool intended for use by adults. It is not directed to children under 16, and we do not knowingly collect personal information from them.

14. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you. Continued use of the Service after an update means you accept the revised policy.

15. Contact us

Questions, requests, or concerns about privacy:

LexClock, Inc.
Email: privacy@lexclock.com
Mailing address: [Registered business address — to be added]

Placeholders in brackets (registered address) should be completed before submitting for Google or Microsoft verification. Confirm the legal entity name, mailing address, and any state-specific governing-law terms with counsel.