Privacy Policy
Last updated: June 12, 2026
The short version: When you fill in a prompt's variables — client names, case details, anything you type into a template — those values stay in your browser. They aren't sent to our servers when you copy a prompt or use the Chrome extension. The one exception is the .docx export feature: if you choose to export a filled prompt as a Word document, your values are sent to our servers to generate that file, and nothing more.
LexPrompt is a jurisdiction-specific AI prompt management tool for solo attorneys and small law firms, operated by Orthogonus LLC. This policy explains what data we collect, what we deliberately never collect, and the third-party services we rely on.
1. Your prompt variables stay in your browser
This is the core of how LexPrompt is built, so it comes first.
Our prompts are templates containing placeholders such as {{client_name}} or {{matter_facts}}. When you fill those placeholders in
— whether in the web app or in the Chrome extension's sidebar — the values you type stay in your browser's
memory and go only to your clipboard when you copy the finished prompt.
The assembly of your final prompt happens in client-side JavaScript. When you copy a prompt or use it through the Chrome extension, the filled values:
- are never transmitted to our servers,
- are never written to our database,
- are never recorded in our usage logs, and
- are never sent to our analytics provider.
When you use a prompt this way, the only thing we record is which prompt was used and what action you took (for example, "copied"). We do not record what you typed into it.
One exception — Word export. If you use the optional "Export to .docx" feature (available on paid plans), the values you've filled in are sent to our servers so we can generate the Word document. They are used only to build that file — they are not stored, and they are not written to our logs or analytics. Every other way of using a prompt keeps your values in the browser.
2. Information we do collect
Account information
When you create an account we collect your name and email address, which are stored in our database (hosted on Supabase) and encrypted at rest. Passwords are hashed by our authentication provider; we never see or store them in plain text.
Profile and usage data
We store your account settings, including your selected jurisdiction, and we keep usage logs that record which prompts you viewed, copied, or exported, along with the action type and source (web or extension). These logs contain no information about the contents you entered into any prompt.
Payment information
Paid plans are handled by Stripe. When you subscribe, your card details are entered directly into Stripe's checkout and are processed by Stripe — we never receive or store your full card number. We retain a Stripe customer identifier and your subscription status so we can apply the correct plan to your account.
3. Third-party services
We use a small set of established providers to run the service. Each receives only the data it needs for its function. These providers act as our service providers and process data on our behalf; they are the only parties your data is shared with.
| Service | Purpose | Data it receives |
|---|---|---|
| Supabase | Database, authentication, hosting | Account details, profile, usage logs (no variable values) |
| Stripe | Payment processing | Payment details you enter into Stripe; subscription status |
| Resend | Transactional email (verification, receipts, team invites) | Your email address and message content |
| PostHog | Product analytics | Anonymous, cookieless usage events. No PII, no jurisdiction, no variable data. |
| Sentry | Error monitoring | Technical error reports. Configured to exclude personally identifiable information. |
We do not sell your personal data, and we do not share it with third parties for advertising or for any purpose unrelated to operating LexPrompt. We may disclose data if required by law or to protect our legal rights.
4. The Chrome extension
The LexPrompt Chrome extension retrieves prompt templates from our API and injects them into supported AI tools (ChatGPT, Claude, and Gemini) at your direction. As with the web app, when you fill in a template's variables, that happens entirely within the extension in your browser — the values you enter are not sent to us.
Authentication
The extension signs you in by reading your existing LexPrompt session from lexprompt.ai. To keep you signed in
across page loads, your authentication token and connection state are stored locally in your browser using chrome.storage.local. This data stays on your device,
is not synced across browsers, and is used only to authenticate your requests to our backend so the extension
can load your prompts and bookmarks.
What the extension accesses
The extension's content scripts run only on the four supported sites — chatgpt.com (and chat.openai.com), claude.ai, and gemini.google.com — where it inserts a selected prompt into the chat input field. It does not collect your browsing history, and it does not read the contents of the pages you visit, except in the one case you explicitly trigger, described next.
Quick Save
The extension adds a right-click menu item, "Quick Save to LexPrompt." When you highlight text on a web page
and choose this option, the extension captures the text you selected so you can save it as a new prompt in your
library. This happens only when you actively select text and click that menu item — the extension does not read
or monitor page content on its own. The selected text is held locally in chrome.storage.local until you save it as a prompt,
at which point it is sent to our backend and stored in your prompt library (and cleared from local storage). If
you do not use Quick Save, no page content is ever captured.
5. Cookies
We use only the cookies required to keep you signed in. We do not use third-party advertising or tracking cookies. Our analytics are configured to run without cookies.
6. Your rights
You can exercise the following from your account settings, or by contacting us:
- Access and portability: export all of your prompts and bookmarks as a JSON file at any time.
- Deletion: delete your account from settings. Your data is permanently removed after a 90-day window.
- Correction: update your profile information directly in settings.
7. Data security
All data in transit is encrypted over HTTPS. Data at rest is encrypted by our infrastructure providers. Access to user data within the application is enforced at the database level through row-level security, so you can only reach data your account is permitted to see.
8. Children
LexPrompt is a professional tool intended for practicing attorneys and is not directed to anyone under 18. We do not knowingly collect data from children.
9. Changes to this policy
If we make material changes to how we handle your data, we will update this page and revise the date above. For significant changes affecting paid accounts, we will also notify you by email.
10. Contact
Questions about this policy or your data can be sent to support@lexprompt.ai.
LexPrompt is operated by Orthogonus LLC, 475 Wall Street, Princeton, NJ 08540, USA.