1. Who we are

Lexarius Limited is a limited liability company incorporated in the Abu Dhabi Global Market (ADGM), with commercial licence number 27782, registered office at 14th Floor, Al Khatem Tower, WeWork Hub71, ADGM, Abu Dhabi, United Arab Emirates ("Lexarius," "we," "us," "our"). We provide an AI-powered learning platform that lets you practise conversations and skills through role-play exercises with our virtual coaches, accessible at lexarius.com and at our Lexarius Learning Portal.

​

2. What this Privacy Policy covers

This Privacy Policy explains how we collect, use, share and protect personal data when:

• you visit our public website at lexarius.com;

• you create a Lexarius account and use the Lexarius Learning Portal;

• you purchase access to Licensed Content; or

• you communicate with us by email, contact form or other channels.

This Privacy Policy should be read together with our Platform Terms of Use, our Terms and Conditions of Sale, our End User Policy and our Payment Policy.

​

3. Personal data we collect

3.1 Account information. When you create an account, we collect: your name; your email address; your date of birth; your country of residence; and the password you set. We also offer you the option to share your gender — if you provide it, we use it to personalise your learning experience across supported languages and cultural contexts (including the rendering of properly-gendered language outputs); if you do not provide it, the platform defaults to gender-neutral language outputs. Where you join through your employer or other organisation, we may also collect your organisational affiliation and any campus or programme code.

3.2 Learning content you generate. When you use the Lexarius Learning Portal, we collect and store: the transcript of your role-play sessions; your written feedback and comments; your scoring outcomes; and any posts you make on the Platform. We do not record or store audio of your role-play sessions.

3.3 Payment information. When you purchase access to Licensed Content, our payment provider Stripe, Inc. collects your payment card details and processes the transaction. We do not store your payment card details. We receive only a transaction reference and the amount paid from Stripe.

3.4 Technical data. When you visit our website or use our Platform, we automatically collect: your IP address; your device type and operating system; your browser type and version; the pages or screens you view and actions you take; and the date and time of your visit.

3.5 Cookies and similar technologies. We use cookies and similar technologies on our website. See Section 11 for details.

3.6 Communications. When you contact us, we collect the contents of your message and any contact details you provide.

​

4. Why we use your personal data, and our legal basis

Create and maintain your account; authenticate you; communicate with you about your account | Account information; communications | Performance of a contract

Verify that you meet our minimum age (18+) and are not located in a comprehensively sanctioned jurisdiction | Date of birth; country of residence; technical data (IP-derived geolocation) | Legitimate interests; legal obligation (sanctions)

Provide and personalise the Lexarius Learning Portal, including the rendering of properly-gendered language outputs across supported languages and cultural contexts (where you have chosen to share your gender) | Account information (incl. gender — optional); learning content | Performance of a contract; consent (gender)

Generate feedback, scoring and progress reports for your personal review | Learning content | Performance of a contract

Where you are an Organisational User, share aggregated progress and scoring with your organisation | Account information; learning content | Performance of a contract; legitimate interests

Process payments and prevent payment fraud | Payment information (held by Stripe); technical data | Performance of a contract; legitimate interests

Improve and secure our Platform; generate aggregated and anonymised Platform Analytics | Technical data; learning content (anonymised) | Legitimate interests

Comply with our legal and regulatory obligations | All categories as required | Legal obligation

Send you marketing communications you have opted in to | Account information; communications | Consent

We do not record or store audio of your role-play sessions. We do not use your personal data to train any machine learning model in a manner that identifies you. We may access your learning content internally — on an aggregated and anonymised basis where practicable, and otherwise on a need-to-know basis under role-based access controls — to debug, quality-assure and improve the Lexarius Platform (including prompt refinement and bug investigation). Where we engage third-party model or infrastructure providers, we require contractual protections that prevent the use of your learning content to train their models.

​

5. Who we share your personal data with

We share personal data only where necessary and only with the following recipients:

• Service providers who help us run the Platform — including cloud hosting (Amazon Web Services), payment processing (Stripe, Inc.), customer support tooling, and analytics. These providers process personal data on our behalf and only on our instructions.

• Your organisation, where you are an Organisational User, in accordance with the relevant Terms of Business.

• Authorities, courts and law-enforcement agencies where we are legally required to do so.

• A successor entity in the event of a merger, acquisition, financing or sale of all or part of our business — in which case the recipient will be subject to equivalent confidentiality and data-protection obligations.

We do not sell personal data to third parties.

​

6. Data Protection Officer

We have appointed Udaya Kondameedi, our Chief Technology Officer, as our Data Protection Officer ("DPO") with responsibility for overseeing compliance with this Privacy Policy and applicable data-protection laws. You can contact our DPO at dpo@lexarius.com.

​

7. International transfers

Lexarius is incorporated in the ADGM and serves users in multiple jurisdictions. We may transfer your personal data outside your country of residence, including to the United Kingdom, the European Union, the United States, the United Arab Emirates and Singapore.

When we transfer personal data internationally, we put in place appropriate safeguards — including, where relevant, the UK International Data Transfer Agreement, EU Standard Contractual Clauses (with any UK Addendum), or equivalent safeguards under Singapore PDPA and UAE PDPL.

​

8. Retention

We retain personal data only as long as we need it for the purposes described in Section 4:

• Account information: for the duration of your account, plus up to ninety (90) days after closure to allow account recovery and to satisfy any related queries.

• Learning content (transcripts, feedback, scoring): for the duration of your account, so that you may review your learning progress. After account closure, we delete or anonymise this content within ninety (90) days, except (a) where retained in routine system backups, in which case it is cleared on the next standard backup cycle; or (b) where a longer retention is required by law (for example, for tax, audit, regulatory or dispute-resolution purposes).

• Payment records and tax documentation: seven (7) years, as required by tax and accounting law in our place of incorporation.

• Technical and security logs: twelve (12) months.

• Communications: three (3) years from the last contact.

Where we are required to retain personal data for compliance, audit or dispute-resolution purposes, we will retain only the minimum necessary and will protect it appropriately.

​

9. Your rights

Subject to applicable law, you have the following rights in relation to your personal data:

• Access — request a copy of the personal data we hold about you.

• Rectification — ask us to correct inaccurate or incomplete personal data.

• Erasure — ask us to delete personal data, in the circumstances permitted by law.

• Restriction — ask us to restrict our processing of your personal data, in the circumstances permitted by law.

• Portability — receive certain of your personal data in a structured, commonly used and machine-readable format.

• Objection — object to our processing of your personal data based on legitimate interests, including direct marketing.

• Withdrawal of consent — where we rely on your consent, withdraw it at any time without affecting the lawfulness of prior processing.

• Complaint — lodge a complaint with the data-protection authority in your jurisdiction. Singapore residents may complain to the Personal Data Protection Commission of Singapore; UK residents to the Information Commissioner's Office (ico.org.uk); EU residents to their national data-protection authority.

To exercise any of these rights, please contact us at privacy@lexarius.com or our DPO at dpo@lexarius.com. We will respond within thirty (30) days, or such shorter period required by applicable law.

​

10. Security

We protect personal data using a combination of technical and organisational measures, including encryption in transit and at rest, role-based access controls, regular security testing, and staff training. We require our service providers to maintain equivalent protections.

No system is perfectly secure. If we become aware of a personal-data breach affecting you, we will notify you and, where required, the relevant authority within the timeframes prescribed by law.

​

11. Cookies and similar technologies

We use cookies on lexarius.com and the Lexarius Learning Portal for: (a) strictly necessary purposes (authentication, security, basic functionality); (b) analytics (to measure how visitors use the site, in aggregate); and (c) marketing (where you have consented). You can manage your cookie preferences through the cookie banner that appears on your first visit, or through your browser settings. Strictly necessary cookies cannot be disabled because the site will not function without them.

​

12. Children

The Lexarius Platform is intended for users aged 18 and over. We do not knowingly collect personal data from children under 18. If you become aware that a child has provided us with personal data, please contact us at privacy@lexarius.com and we will take steps to delete the data.

​

13. Geographic availability and sanctions

The Lexarius Platform is not available to users located in certain jurisdictions. We use technical controls (including geo-blocking) and our payment provider's sanctions screening to enforce these restrictions. See our End User Policy for details.

​

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent change. Where the change is material, we will notify you by email or by prominent notice on the Platform before the change takes effect.

​

15. Contact us

For any privacy question, request or complaint:

• General privacy queries: privacy@lexarius.com

• Data Protection Officer: dpo@lexarius.com (Udaya Kondameedi)

• General contact: hello@lexarius.com

• Postal address: Lexarius Limited, 14th Floor, Al Khatem Tower, WeWork Hub71, ADGM, Abu Dhabi, United Arab Emirates.

 

LEXARIUS LIMITED, 14th Floor, Al Khatem Tower, WeWork Hub71, ADGM, Abu Dhabi, UAE, Company Reg. No: 27782