Privacy Policy — Lex Cloak
Last updated: June 16, 2026
The Short Version
Lex Cloak processes all documents on your device. We never see your files. The main personal information we receive is what Paddle (our payment processor) provides when you subscribe: your email address and subscription status. To run licensing, we also receive a device identifier, your operating system, and the app version when your subscription is checked. If you use the free scan without subscribing, we collect nothing at all.
Your Documents
Lex Cloak processes documents locally on your device. Scanning, detection, and redaction run entirely on your machine — your files are never uploaded, transmitted to us, or accessible to any third party.
While you are editing, working state lives in a temporary folder managed by your operating system. This folder is removed when you close the application. The contents are never transmitted off your device.
When you save a redacted PDF, Lex Cloak asks whether to save a session file next to it. If you choose to save, that session file lives at the location you choose — Lex Cloak does not maintain a central sessions folder, and the session file is yours to keep, move, or delete. See About Your Working Session below for the technical detail.
About Your Working Session
Lex Cloak's editing model is local-first: every document you open is processed on your machine and the working state is managed transparently.
While you are editing a document, Lex Cloak stores the working state — your match keep/exclude choices, manual redaction regions, page rotations, and OCR cache — in a temporary folder provided by your operating system. On macOS this is typically /var/folders/.../T/lexcloak-active/; on Windows it is %TEMP%\lexcloak-active\; on Linux it is $XDG_RUNTIME_DIR/lexcloak-active/ or /tmp/lexcloak-active/. This folder is removed when you close the application normally. If Lex Cloak crashes, the folder may persist until the operating system reaps it or until you choose to discard the recovery offer on next launch.
When you save a redacted PDF, Lex Cloak asks whether to save a session file next to it. The session file (extension .lexcloak.json) records your edits — match decisions, manual regions, rotations — so you can reopen the original PDF later and continue editing. The session file does not contain a copy of your PDF; it references your original by path and content hash. The session file lives at the location you choose; Lex Cloak does not maintain a central sessions folder.
Lex Cloak keeps a recent sessions list at ~/Library/Application Support/LexCloak/recent.json (analogous paths on other platforms) listing the file paths of session files you have deliberately saved. This list contains pointers only — it does not store any document content, text, or thumbnails. The list is bounded at 20 entries. Removing an entry from the list does not delete the underlying session file.
If you would like to revoke the recent-sessions list entirely, delete recent.json; if you would like to revoke a specific session file, delete it from its location like any other file on your machine.
Payment Information
All payment processing is handled by Paddle as our Merchant of Record. We never receive, store, or process your credit card number, billing address, or financial data — that information stays with Paddle and never reaches our servers.
When you subscribe, Paddle shares only your email address and subscription status with us so we can issue your license key.
Paddle operates as four affiliated controller entities, each handling customer data within its jurisdiction:
- Paddle.com Market Limited (United Kingdom)
- Paddle.com Inc. (United States)
- Paddle Payments Limited (Ireland)
- Paddle.com Canada Ltd (Canada)
For EU/EEA and UK customers, transfers from Paddle's UK or EEA entities to non-adequate jurisdictions (including the United States) are governed by Standard Contractual Clauses — Module 1 (Controller-to-Controller) per Commission Implementing Decision 2021/914, and the UK ICO's Approved Addendum, as applicable.
For full details on how Paddle handles your information across these entities, see Paddle's Privacy Notice.
License Keys
When you subscribe, we generate a license key to activate paid features. Your license key is a cryptographically signed token — it contains no personal information and cannot be used to identify you.
The application validates your license key locally (offline). A periodic network check confirms that your subscription remains active. When this check runs (on activation and on each periodic refresh), the application transmits your license key, or on refresh the email address tied to your subscription, together with a device identifier, your operating system, and the application version. We use the device identifier to show you which devices use your license and to support team and multi-device licensing. Our server stores it only as a one-way, salted hash and never stores the raw identifier. This check does not transmit your documents, the text inside them, file names, or any record of how you use the application. As with any internet request, our server receives the IP address of the connection, which we use only for security monitoring and abuse detection, not to track your activity. If the network check fails (for example, if you are offline), the application keeps working offline for up to 30 days before it needs to reach our server again.
Accounts
Lex Cloak does not have user accounts. There is no password, no profile, and no login. You download the app, and if you subscribe, you enter a license key. That's it.
Analytics and Tracking
In the Lex Cloak application: we do not use analytics, tracking pixels, cookies, or any form of telemetry. We do not track how you use the application, what documents you open, or how often you use it.
On the lexcloak.com website: we use Cloudflare Web Analytics, a cookie-free, privacy-focused analytics tool hosted by Cloudflare, Inc. It does not set cookies, does not store raw IP addresses, and does not generate persistent identifiers or fingerprints that could identify a visitor or track them across different websites. How Cloudflare handles this data is described in Cloudflare's privacy policy.
What Cloudflare Web Analytics records when you visit lexcloak.com:
- Aggregate page views, referrer source, derived country/region, browser family, and device type
- Anonymous page-load performance timings (for example, how quickly a page renders), used only to monitor and improve site speed
No analytics data is collected from the Lex Cloak desktop or iOS application — only from the marketing website.
Data We Collect
The personal information we hold is limited to:
- Email address (subscribers) — provided by Paddle when you subscribe; used to deliver your license key and communicate about your subscription.
- Subscription status (subscribers) — provided by Paddle; used to validate your license.
- Email address (iOS waitlist signups) — submitted voluntarily through the form at
lexcloak.com/ios; see "iOS Waitlist" below for details. - Voluntary feedback report contents — submitted only when you use the in-app "Report a problem" feature; see "Feedback Reports" below.
- Device and license-check data (subscribers) — a one-way (salted, irreversible) device identifier, your operating system, and the app version, recorded against your license to show which devices use your license and to support multi-device and team licensing. This contains no document content and cannot be reversed to identify your machine.
We do not sell, rent, or share your personal information with third parties for their marketing purposes. We do not use your email address for marketing unless you separately opt in to communications from us.
iOS Waitlist
If you submit your email address through the iOS waitlist form at lexcloak.com/ios, we collect:
- Email address — the address you enter so we can notify you when the iOS TestFlight beta opens.
- A hidden anti-spam field — a honeypot input that ordinary visitors leave empty; submissions where this field has been auto-filled by a bot are rejected. It does not capture any user input or browser fingerprint.
- A static source identifier — the literal string
webindicating the submission came from the website (as opposed to any future submission channel).
Waitlist entries are stored in a DynamoDB table on Lex Cloak's backend at api.lexcloak.com. We use the email address solely to send a single notification when the iOS TestFlight beta opens. We retain waitlist email addresses until the iOS launch and for a 30-day grace window afterward, unless you request earlier deletion. To request deletion before the launch, email help@lexcloak.com.
Feedback Reports
If you use the in-app "Report a problem" feature, we receive only the information you choose to submit. This is voluntary and user-initiated; no data leaves your device unless you click submit.
What we receive when you submit a report:
- The text you type describing your issue
- A short set of diagnostic fields shown to you before submission: application version, the versions of the PDF and detection libraries, operating system (including OS version), CPU count, license state, and (only if a document is open) that document's page-count range, file-size range, whether it had a native text layer, whether OCR was run, and aggregate counts of detected categories
What we do not receive:
- Your document, the text inside it, or any content from it
- File names, file paths, or file metadata
- Specific match values, character positions, or redaction details
Reports are submitted through the in-app "Report a problem" feature, which opens a report page at lexcloak.app/report with the diagnostic fields above for you to review before sending. We do not train models on feedback reports. For other questions, email help@lexcloak.com.
Data Retention
Your email address and subscription status are retained for the duration of your subscription and for a reasonable period afterward (up to 12 months) for billing records, support, and legal compliance. You may request deletion at any time by contacting us; we will delete your data within 30 days unless retention is required by law.
Document content and working state are not retained by Lex Cloak across application sessions by default. The session file you may optionally save lives at a location of your choosing and is yours to retain, move, or delete on your schedule. Lex Cloak does not back up, sync, or transmit session files. See About Your Working Session for the technical detail.
Data Breach Notification
In the unlikely event of a security incident affecting your account information (email address or subscription data), we will notify affected users within 72 hours in accordance with applicable law.
Children
There are no age restrictions for using Lex Cloak's free scanning features. Since the free tier collects no personal information of any kind, it is safe for anyone to use. Subscription purchases are subject to Paddle's terms, which require purchasers to be of legal age.
Your Rights
Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. Since we hold minimal data (email and subscription status only), these requests are straightforward. Contact us at help@lexcloak.com and we will respond within 30 days.
For EU/EEA residents (GDPR): Our lawful basis for processing your email address and subscription status is contract performance (Article 6(1)(b)) — it is necessary to fulfill your subscription. You have the right to lodge a complaint with your local data protection authority.
For California residents (CCPA): We do not sell personal information. You may request disclosure of the categories of personal information we collect (email, subscription status) and request deletion.
International Data Transfers
Lex Cloak's subscription data (email address and status) is processed in the United States. Your documents never leave your device and are not subject to any data transfer.
Payment data is processed by Paddle (our Merchant of Record) across multiple jurisdictions; see Payment Information above for the entities involved and the cross-border safeguards (Standard Contractual Clauses + UK ICO Approved Addendum) that apply.
Changes to This Policy
This policy is effective June 16, 2026.
If we change this policy, we will update this page with the new effective date. We will provide at least 30 days' notice of material changes by email (to subscribers) or on the Lex Cloak website. We are committed to local-first processing and to collecting as little personal data as we reasonably need, and that commitment guides how this policy evolves.
Contact
If you have questions about this privacy policy:
- Email: help@lexcloak.com
- Phone: (720) 336-1320
- Mailing address:
Monty Home, LLC
1500 N Grant St #7031
Denver, CO 80203