Predictify Solutions S.L. (hereinafter, "Lexic", "we", "us", or "our"), with registered offices at Paseo de la Castellana 200, 28027, Madrid, is committed to the protection of personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Spanish Organic Law 3/2018 (LOPDGDD). This policy governs data processing for both our corporate site and the Lexic Pulse platform.
1. Data Processing Roles
To ensure transparency and compliance, we distinguish between two primary processing scenarios:
- Lexic as Data Controller: We act as the Controller when processing data from website visitors, direct business clients (corporate contact data), and newsletter subscribers to manage commercial relationships and legitimate interests.
- Lexic as Data Processor: We act as the Processor when handling "End Customer" data (interviewees) on behalf of our corporate Clients through Lexic Pulse. In this capacity, the corporate Client remains the Data Controller, responsible for establishing the legal basis (consent or legitimate interest).
2. Data Categories and Purpose
| Data Category | Purpose | Legal Basis |
|---|---|---|
| Corporate/Commercial: Name, email, company, job title. | Lead management, technical support, and contractual relationship management. | Performance of a Contract / Legitimate Interest. |
| Lexic Pulse Data: Phone numbers, voice/text responses, metadata, and transcripts. | Conducting AI-powered interviews to collect structured feedback. | Documented instructions from the Controller (Art. 28 GDPR). |
Note: Lexic.AI guarantees that we do not intentionally collect special categories of data (sensitive data) unless explicitly requested by the Client and protected under reinforced security safeguards.
3. Information Security & AI Governance
Backed by our expertise in AI, Lexic implements "security by design" through:
- EU-Based Hosting: Primary processing occurs within AWS (Europe Region) infrastructure.
- Advanced Anonymization: We utilize proprietary Python-based workflows to anonymize data sets before any model refinement or high-level analysis.
- Encryption Standards: Data is protected using AES-256 encryption at rest and TLS/SSL with end-to-end SFTP protocols in transit.
- Access Control: Strict Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) for all internal systems.
4. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described or as instructed by the Data Controller. Upon termination of services, data is either deleted or returned to the Client, except for data that must remain blocked to comply with statutory limitation periods under Spanish law.
5. International Data Transfers
Lexic does not transfer data outside the European Economic Area (EEA) by default. If a service requires a sub-processor outside the EEA, we ensure compliance through Standard Contractual Clauses (SCCs) and Supplementary Measures to guarantee an equivalent level of protection.
6. Data Subject Rights
Individuals may exercise their rights of access, rectification, erasure, objection, restriction, and data portability.
- For data processed via Lexic Pulse, we recommend contacting the company that initiated the survey (the Controller) directly.
- For any requests directed to Lexic, please contact our Data Protection Officer at dpo@lexic.ai.
Executive Summary for Lexic.AI
This unified Privacy Policy establishes Lexic.AI as a leader in AI compliance. By clearly distinguishing between Controller and Processor roles and integrating high-level security measures (such as AWS-EU hosting and automated anonymization), we provide our clients with total legal peace of mind. This document ensures that Lexic Pulse is not just a powerful research tool, but a legally fortified solution that protects both our clients' brands and their customers' privacy.