Bright Hire ATS, Inc. ("Lexiomatic," "Bright Hire," "we," "us," or "our") operates the website at lexiomatic.com (the "Site") and the Lexiomatic web application at app.lexiomatic.com (the "App," and together with the Site, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard personal information in connection with the Services, and describes the rights available to California residents under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, the "CCPA"), Cal. Civil Code §§ 1798.100–1798.199.
This Policy applies to personal information we collect from visitors to the Site and from end users of the App, including employees of our customers who interact with Lexiomatic through Slack, Microsoft Teams, Zoom Chat, email, or the App's web interface.
1. About Lexiomatic and Our Role
Lexiomatic is a business-to-business SaaS product sold to the legal departments of companies ("Customers"). Customers configure Lexiomatic by providing their internal legal policies — for example, by uploading PDF or Word documents, or by connecting Lexiomatic to designated Notion pages. Employees of the Customer ("Authorized Users") may then ask Lexiomatic questions that the AI answers by referencing those policies. Authorized Users may interact with the App through the web UI at app.lexiomatic.com or through connected channels including Slack, Microsoft Teams, Zoom Chat, and email.
When Lexiomatic processes personal information on behalf of a Customer — including Customer policies, the contents of Authorized User queries, and the AI's responses — Bright Hire acts as a service provider as defined in Cal. Civil Code § 1798.140(ag). We process such information only for the business purposes specified in our agreement with the Customer and are contractually prohibited from selling or sharing it, from retaining it for any purpose other than performing the services, and from using it outside the direct business relationship with the Customer.
When we collect personal information directly from Customers, Site visitors, or prospects (for example, to administer accounts, bill for the service, or respond to sales inquiries), we act as a business under the CCPA and this Policy governs that collection.
2. Personal Information We Collect
In the preceding twelve (12) months, we have collected the following categories of personal information:
| Statutory Category (§ 1798.140) | Examples | Sources |
|---|---|---|
| Identifiers | Name, business email address, employer, user ID, IP address, device identifiers | Directly from users; automatically from devices |
| Customer records (Cal. Civil Code § 1798.80(e)) | Billing contact information, signatory details | Directly from Customers |
| Commercial information | Subscription plan, billing history, service usage records | Directly from Customers; from our billing systems |
| Internet or other electronic network activity | Pages viewed, features used, buttons clicked, session duration, referring URLs, browser type, performance telemetry, error logs | Automatically via cookies, pixels, SDKs, and server logs |
| Professional or employment-related information | Job title, department, company affiliation | Directly from users; from Customer administrators |
| Geolocation data (non-precise) | Approximate city/region derived from IP address | Automatically |
| User-generated content submitted to the App | Text of questions asked in Slack, Teams, Zoom Chat, email, or the web UI; content of Customer policies uploaded as PDF/Word documents or synced from Notion; AI-generated responses | Directly from Authorized Users and Customers |
| Inferences | Aggregated usage patterns and product-improvement signals derived from the above | Internal analytics |
We do not knowingly collect Sensitive Personal Information as defined by Cal. Civil Code § 1798.121 (such as Social Security numbers, precise geolocation, racial or ethnic origin, union membership, health data, biometric identifiers, or the contents of mail, email, or text messages outside the Services). Customers are contractually responsible for not uploading sensitive personal information into the App. If we become aware that sensitive personal information has been submitted inadvertently, we will process it only as necessary to perform the Services and will not use it to infer characteristics about any individual.
We do not collect personal information from children under 16. The Services are not directed to consumers under 16, and we have no actual knowledge that we sell or share the personal information of consumers under 16 years of age.
3. How We Use Personal Information
We use the categories of personal information described above for the following business and commercial purposes:
- Providing, operating, and delivering the Services, including answering Authorized User questions using Customer-supplied legal policies
- Authenticating users and administering accounts, including multi-tenant access controls
- Billing Customers and processing payments
- Communicating with Customers about their accounts, service changes, and support requests
- Monitoring the App for bugs, errors, and security incidents
- Monitoring performance, uptime, latency, and infrastructure health
- Measuring which features and pages are used in order to prioritize improvements
- Conducting internal research, analytics, and product development to improve Lexiomatic
- Detecting, investigating, and preventing fraud, abuse, and unauthorized access
- Complying with applicable laws, legal process, and regulatory obligations
- Enforcing our Terms of Service and protecting our rights, property, and safety and that of our Customers and users
We do not use personal information for cross-context behavioral advertising, and we do not use personal information collected through the App to train third-party general-purpose AI models.
4. How We Disclose Personal Information
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising, as those terms are defined by the CCPA. We have not sold or shared personal information in the preceding twelve (12) months.
We disclose personal information to the following categories of recipients for business purposes only, under written contracts that restrict their use of the information to performing services on our behalf:
| Recipient Type | Data Categories Disclosed | Purpose |
|---|---|---|
| Cloud hosting and infrastructure providers | All categories | Hosting, storage, and delivery of the Services |
| AI model and inference providers | User-generated content, identifiers | Generating responses to Authorized User queries, under contractual restrictions prohibiting use of the data to train foundation models |
| Messaging platform integrations (Slack, Microsoft Teams, Zoom) | Identifiers, user-generated content | Delivering the App's functionality inside Customer-authorized chat channels |
| Email delivery providers | Identifiers, user-generated content | Sending transactional emails and processing email-based queries |
| Analytics and product-usage providers | Internet/network activity, inferences | Measuring feature usage and improving the App |
| Error monitoring and performance monitoring providers | Internet/network activity, identifiers | Detecting bugs, crashes, and performance degradation |
| Payment processors | Identifiers, commercial information | Billing and payment processing |
| Professional advisors (auditors, counsel, insurers) | As necessary | Legal, compliance, and accounting services |
| Government authorities and law enforcement | As required | Responding to lawful requests, legal process, and regulatory inquiries |
We may also disclose personal information in connection with a merger, acquisition, financing, reorganization, or sale of all or part of our business, subject to the requirements of the CCPA.
5. Retention
We retain personal information for as long as necessary to provide the Services to our Customers, to comply with our legal and contractual obligations, to resolve disputes, and to enforce our agreements. Customer policy content and user-generated content are retained according to the Customer's subscription and data-retention configuration, and are deleted or returned upon termination of the Customer agreement in accordance with our Data Processing Addendum. Operational logs, billing records, and security records are retained for the periods required by applicable law and our internal retention schedules.
6. Your California Privacy Rights
If you are a California resident, the CCPA provides you with the following rights with respect to personal information that Bright Hire collects as a business:
| Right | Statutory Basis | Description |
|---|---|---|
| Right to Know | § 1798.110 | Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business/commercial purposes, and the categories of third parties to whom we disclose it, covering the 12 months preceding your request (or longer, where applicable) |
| Right to Delete | § 1798.105 | Request deletion of personal information we have collected from you, subject to statutory exceptions (e.g., completing transactions, security, legal compliance) |
| Right to Correct | § 1798.106 | Request that we correct inaccurate personal information we maintain about you |
| Right to Opt-Out of Sale or Sharing | § 1798.120 | Opt out of the sale or sharing of your personal information. We do not sell or share personal information, so no opt-out is necessary. |
| Right to Limit Use of Sensitive Personal Information | § 1798.121 | Direct us to limit use of sensitive personal information. We do not knowingly collect sensitive personal information, so no limitation request is necessary. |
| Right to Data Portability | § 1798.110(d) | Receive a copy of your personal information in a portable, readily usable format |
| Right to Non-Discrimination | § 1798.125 | Exercise your rights without being denied service, charged a different price, or receiving a lower quality of service |
Authorized Users of the App: If you are an employee of one of our Customers and you interact with Lexiomatic through your employer, the content of your queries, your account, and related records are controlled by your employer as the Customer. We will forward requests concerning such information to the relevant Customer and will assist the Customer in fulfilling its obligations.
7. How to Exercise Your Rights
To submit a verifiable consumer request under the CCPA, please contact us:
Mail Bright Hire ATS, Inc.
Attn: Privacy
127 Kailuana Place
Kailua, HI 96734
Please include enough information for us to verify your identity and to understand and respond to your request. We will not ask you to create an account with us in order to submit a request.
Verification. We will verify your request by matching the information you provide against information we already maintain about you. For requests seeking specific pieces of personal information, we may require a higher level of verification, including a signed declaration under penalty of perjury.
Response timelines. We will acknowledge receipt of your request within ten (10) business days and will respond substantively within forty-five (45) calendar days. Where reasonably necessary, we may extend the response period by an additional forty-five (45) days and will notify you of the extension.
Authorized agents. You may designate an authorized agent to submit a request on your behalf. The agent must provide signed written permission demonstrating authority, and we may contact you directly to verify the agent's authority.
Frequency. You may make up to two (2) free Right-to-Know requests within any twelve (12) month period.
8. Cookies and Tracking Technologies
The Site and the App use cookies, pixels, SDKs, and similar technologies to authenticate users, remember preferences, measure feature usage, and monitor performance and errors. You can control cookies through your browser settings; disabling cookies may affect the functionality of the Services. We do not respond to Global Privacy Control or "Do Not Track" browser signals as an opt-out of sale/sharing because we do not sell or share personal information.
9. Data Security
We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit and at rest, multi-tenant isolation within the App, access controls, logging, and regular security reviews. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, our Services, or applicable law. If we make material changes, we will notify affected users by email, by posting a notice on the Site, or through an in-app notification, and will update the "Effective Date" at the top of this Policy. Prior versions will be archived and available on request. Your continued use of the Services after the revised Policy takes effect constitutes acceptance of the changes.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us:
127 Kailuana Place
Kailua, HI 96734
Email: privacy@lexiomatic.com
Web: lexiomatic.com