LEXSON AI PRIVACY POLICY
Lexson AI Inc. ("Lexson AI," "we," "us," "our") is a Canadian company that provides AI-powered communications and automation tools to businesses, including voice and SMS AI agents, CRM configuration, analytics, and operational support (collectively, the "Services"). This Privacy Policy explains how we collect, use, share, store, and protect personal information when you:
- visit our websites that link to this policy (the "Site");
- contact us or interact with our sales or support teams; or
- interact with a business that uses our Services (a "Client"), including receiving texts or calls handled by systems we configure on the Client's behalf.
This Privacy Policy is intended to be transparent. It does not provide legal advice and does not create obligations beyond those required by applicable law and contract.
1 OUR ROLE AND CLIENT RESPONSIBILITIES
Lexson AI provides tools and operational support. Our Clients control their own outreach campaigns.
1.1 Site visitors and direct inquiries.
When you visit our Site or contact Lexson AI directly, Lexson AI determines why and how your information is processed for our business purposes. In certain jurisdictions, this role is referred to as that of a "controller" or "business."
1.2 Consumers and leads contacted by our Clients.
When a Client uses our Services to call or text its leads or customers:
- The Client is the brand presented to recipients and determines the campaign's audience, purpose, timing, message content, and compliance posture.
- Lexson AI acts as a service provider or processor to the Client, performing technical and operational tasks under the Client's instructions.
- Consent and telemarketing compliance are the responsibility of the Client. This includes, as applicable, U.S. calling and texting rules (including the TCPA, the FTC Telemarketing Sales Rule, A2P 10DLC carrier requirements, and state-specific rules) and Canadian rules (including CASL, the National Do Not Call List, applicable CRTC requirements, and federal and provincial privacy laws).
- For access, deletion, or opt-out requests related to a specific Client's campaign, contact that business directly. Lexson AI can help route your request where feasible.
Lexson AI is not the seller of any Client's goods or services and does not initiate marketing campaigns to consumers using Client lead lists on its own behalf.
2 DEFINITIONS
"Personal Information" means information that identifies, relates to, describes, or could reasonably be linked to an identified or identifiable individual. The exact scope varies by jurisdiction.
"Client Data" means information a Client (or its end users or leads) provides or makes available through the Services, including contact details and conversation data.
"Conversation Data" includes call recordings (where enabled), call transcripts, SMS content, voicemail, interaction metadata, and opt-out signals.
"Subprocessors" means third parties we use to help provide the Services, including hosting providers, CRM platforms, messaging and telephony providers, analytics tools, and support tools.
3 INFORMATION WE COLLECT
3.1 Information you provide to Lexson AI.
- Name, business name, email address, phone number, job title.
- Communications (emails, chats, calls) with our team.
- Account and administrative details, including user roles, permissions, and support tickets.
- Billing information, including billing contact, billing address, invoices, and transaction records. Full payment card numbers are handled by our payment processors and are not stored by Lexson AI.
3.2 Information collected automatically through the Site.
- IP address, device identifiers, browser type, pages viewed, timestamps, and referral URLs.
- Cookies, pixels, local storage, and similar technologies. See Section 8.
3.3 Client Data processed through the Services.
Depending on Client configuration, we may process:
- Contact details (name, phone number, email, address), inquiry details, and appointment preferences.
- Conversation Data (SMS messages, call audio, call transcripts, voicemail).
- CRM records, tags, workflow states, scheduling outcomes, and audit logs.
- Suppression signals and opt-outs (such as STOP keywords) and do-not-contact indicators.
- Messaging identity registration information (A2P 10DLC, toll-free verification, brand registration), including legal name, DBA, address, website, EIN or BN if provided, and industry category.
3.4 Sensitive information.
Our Services are not intended for the collection of sensitive personal data such as medical records, government identifiers, or full financial account numbers. Clients should not submit sensitive personal information to the Services unless required and legally permitted, and only with appropriate safeguards in place.
4 SOURCES OF INFORMATION
We receive information from:
- You directly, through forms, emails, calls, and contracts.
- Automated technologies on the Site.
- Clients and their connected systems, including CRMs, calendars, intake forms, and lead sources.
- Service providers, including hosting, communications, analytics, security, and payment providers.
- Public business sources used for business-to-business verification.
5 HOW WE USE PERSONAL INFORMATION
5.1 Provide, maintain, and support the Services.
- Configure and operate AI agents, workflows, scheduling, routing, and analytics.
- Provide customer support and troubleshooting.
- Maintain system integrity, reliability, and performance.
5.2 Security, fraud prevention, and abuse detection.
- Detect suspicious activity, including spam, fraud, unlawful campaigns, and carrier-policy violations.
- Maintain audit logs and security monitoring.
- Enforce our policies and protect our network and customers.
5.3 Compliance and legal obligations.
- Respond to lawful requests and enforceable legal process.
- Cooperate with carriers and ecosystem partners on spam and fraud mitigation.
- Preserve records where legally required or reasonably necessary, including for disputes, investigations, and billing.
5.4 Business operations.
- Sales, onboarding, communications, billing, collections, analytics, and internal reporting.
5.5 Marketing (business-to-business).
- Send business-related updates to companies and professionals, with an opt-out option.
We do not use Client Data (consumer lead lists provided by Clients) to market Lexson AI to those consumers.
6 LEGAL BASES FOR PROCESSING
Where a legal basis is required, we process information on the basis of:
- Contract, in providing Services to Clients.
- Legitimate interests, including security, abuse prevention, and improvement of the Services.
- Consent, where required (including for cookies and certain marketing).
- Legal obligations, including accounting, tax, and lawful requests.
7 TELEMARKETING, SMS, VOICE, AND CARRIER COMPLIANCE
7.1 Clients are responsible for consent and lawful outreach.
Clients must ensure that their outreach complies with applicable laws and rules, which may include, depending on the Client's jurisdiction and campaign:
- consent requirements for calls and texts, including heightened consent requirements for marketing and automated, prerecorded, or artificial-voice communications;
- internal and national do-not-call or do-not-contact list requirements;
- identification, disclosure, and calling-time restrictions;
- distinctions between telemarketing and informational or service messages;
- carrier ecosystem requirements, including A2P 10DLC, toll-free verification, and applicable anti-spam policies.
7.2 Lexson AI is not the seller, caller, or sender of Client marketing.
Lexson AI is a technology and service provider. Clients determine the purpose and audience of outreach, approve message content, and own the customer relationship.
7.3 Opt-out and suppression support.
We may provide tools that support:
- STOP and other opt-out keyword handling;
- suppression list processing;
- business-hours rules;
- reporting and audit logs.
Clients are responsible for ensuring these tools are properly configured and legally sufficient for their use case.
7.4 Monitoring and enforcement.
To protect our platform, carrier partners, and the public, we may:
- monitor usage patterns and metadata, and where necessary sample content, to detect abuse;
- suspend, restrict, or terminate access for suspected unlawful, abusive, deceptive, or carrier-policy-violating campaigns;
- require Clients to provide documentation or attestations regarding consent, lead sourcing, and campaign practices;
- share necessary information with carriers, messaging aggregators, or compliance partners to investigate spam or abuse and protect deliverability and ecosystem integrity.
7.5 No emergency use.
Our Services are not designed for emergency services or time-critical safety communications. Clients must not use the Services for emergency calling or texting.
8 COOKIES AND SIMILAR TECHNOLOGIES
We use cookies and similar technologies for:
- Site functionality;
- analytics and performance, including tools such as Meta or Facebook pixels and similar advertising analytics where enabled;
- security and fraud prevention.
You can control cookies through your browser settings and, where available, through our cookie banner or settings.
9 HOW WE SHARE INFORMATION
9.1 Subprocessors.
We share information with vetted providers that support our operations, including:
- hosting, infrastructure, storage, and monitoring providers;
- CRM platforms and automation tools;
- telephony, messaging providers, and related ecosystem partners;
- analytics, logging, and support tools;
- payment processors and billing tools;
- security and fraud-prevention services.
Subprocessors process information only as needed to provide their services and are subject to contractual confidentiality and security obligations.
9.2 Clients.
If you interact with a Client campaign, the Client may access campaign- related data such as transcripts and appointment outcomes, because the Client operates the campaign and receives the outcomes.
9.3 Legal, safety, and compliance.
We may disclose information when we reasonably believe it is necessary to:
- comply with law or legal process;
- protect rights, safety, and security;
- investigate fraud, spam, or abuse;
- enforce contracts or policies;
- cooperate with carriers and ecosystem integrity programs.
9.4 Business transfers.
Information may be transferred in connection with a merger, acquisition, reorganization, or asset sale, subject to reasonable safeguards.
9.5 Sale or sharing of personal information.
Lexson AI does not sell personal information for monetary consideration. We do not share personal information for cross-context behavioral advertising in a way that requires opt-out under applicable U.S. state laws, except to the extent that any cookies or pixels described in Section 8 are deemed to constitute "sharing" under those laws. Where applicable, you may exercise opt-out rights as described in Sections 14 and 15.
10 DATA RETENTION
We retain information only as long as reasonably necessary for the purposes described in this policy.
- Client account and billing records: retained for the duration of the relationship and as required for accounting, tax, and dispute resolution (typically up to seven years following termination, unless a longer period is legally required).
- Security and audit logs: retained as reasonably necessary to detect abuse, investigate incidents, and enforce policies (typically up to twenty-four months).
- Client campaign data, including Conversation Data: retained according to Client instructions, system configurations, backup schedules, and legal requirements.
- Backups: data may persist in backups for a limited period before deletion or overwrite.
If we reasonably anticipate litigation, regulatory inquiry, carrier investigation, or dispute, we may preserve relevant data until the matter is resolved.
11 SECURITY
We maintain administrative, technical, and physical safeguards designed to protect information, including:
- access controls and least-privilege practices;
- encryption in transit and, where appropriate, at rest;
- monitoring and logging;
- incident response procedures and vendor management.
No system is perfectly secure, and we cannot guarantee absolute security.
12 INTERNATIONAL PROCESSING AND TRANSFERS
Lexson AI is based in Canada. Information may be processed or stored in Canada, the United States, and other locations where we or our subprocessors operate. We take steps designed to apply appropriate safeguards where required by applicable law.
13 YOUR CHOICES
13.1 Business marketing communications.
You can unsubscribe using the link in our emails or by contacting us at the address in Section 19.
13.2 Cookies.
Manage cookies through your browser settings and through on-site cookie controls where available.
13.3 Client campaign messages and calls.
- Use the opt-out method provided, such as replying STOP to a text message.
- Contact the business that contacted you for further requests.
- You may also report suspected abuse to Lexson AI using the contact details in Section 19.
14 YOUR RIGHTS
Depending on your jurisdiction and Lexson AI's role, you may have the right to:
- request access to personal information about you;
- request correction or deletion;
- restrict or object to certain processing;
- withdraw consent where processing is based on consent;
- request data portability;
- opt out of sale or sharing for cross-context behavioral advertising, where applicable;
- not be subject to discrimination for exercising your rights.
For information Lexson AI controls (Site and business operations), submit requests to the contact in Section 19. For Client campaign data, requests are typically handled by the Client; we will direct you to the Client and assist where feasible and legally appropriate.
We may need to verify your identity before responding and may decline requests where permitted by law (for example, on grounds of security, legal hold, fraud prevention, or disproportionate burden). You may also have the right to lodge a complaint with a competent data protection authority.
15 REGION-SPECIFIC DISCLOSURES
15.1 Canada.
We process personal information in accordance with applicable Canadian privacy laws, including PIPEDA and applicable provincial laws. You may request access or correction for information we control. For Client- controlled campaign data, requests are typically handled by the Client. The contact for Canadian privacy inquiries is provided in Section 19.
15.2 United States.
Certain U.S. state privacy laws (including those of California, Virginia, Colorado, Connecticut, Utah, Texas, and other states with comprehensive privacy laws) may provide additional rights, including the right to know, access, delete, correct, opt out of sale or sharing, and limit the use of sensitive personal information.
For California residents:
- Categories of personal information we may collect include identifiers, customer records, commercial information, internet or other electronic network activity information, general geolocation data, professional or employment-related information, audio recordings (where enabled by Clients), and inferences drawn from the above.
- Sources are described in Section 4.
- Business and commercial purposes are described in Section 5.
- Categories of recipients are described in Section 9.
- We do not sell personal information for monetary consideration. To the extent that cookies or pixels described in Section 8 are deemed to constitute "sharing" under California law, you may opt out through our cookie controls or by contacting us.
- Authorized agents may submit requests on your behalf with appropriate verification.
15.3 European Economic Area, United Kingdom, and other GDPR-style regimes.
Where the GDPR or a similar regime applies, the legal bases described in Section 6 apply, and you may exercise the rights described in Section 14, including the right to lodge a complaint with your supervisory authority.
16 CHILDREN
Our Site and Services are not intended for children. We do not knowingly collect personal information from children under the age of 13 (or the equivalent minimum age under applicable law in your jurisdiction). If you believe a child has provided us with personal information, contact us at the address in Section 19 and we will take reasonable steps to delete it.
17 THIRD-PARTY LINKS
Our Site may contain links to third-party websites. We are not responsible for the privacy practices of those websites. Review their privacy policies before providing personal information.
18 CHANGES TO THIS POLICY
We may update this Privacy Policy periodically. The "Last Updated" date will reflect the most recent changes. Material changes will be posted on this page and, where required by law, communicated to you directly.
19 CONTACT US
Lexson AI Inc. 520 Sixth Street Gravenhurst, Ontario, Canada P1P 1M2
General inquiries: info@lexson.ai Privacy inquiries: privacy@lexson.ai
If you believe you received an unlawful or unwanted call or text from a Client campaign that uses our Services, please include where possible:
- the phone number that contacted you;
- the date, time, and content of the message;
- the business name shown or referenced.
We will take reasonable steps to review and address suspected abuse, consistent with our role and applicable legal obligations.
APPENDIX A. CLIENT DATA PROCESSING TERMS
A.1 Processing scope. We process Client Data to provide and support the Services, follow documented Client instructions, maintain security, prevent abuse, and comply with law.
A.2 Client obligations. Clients are responsible for:
- lawful collection and use of contact data;
- obtaining and maintaining required consents and permissions;
- providing required disclosures and honoring opt-out and do-not-contact rules;
- complying with telemarketing, calling, texting, privacy, and carrier policies applicable to their campaigns.
A.3 Subprocessors. We may use subprocessors for hosting, CRM, messaging, telephony, analytics, support, billing, and security. Subprocessors are bound by confidentiality and security obligations.
A.4 Security and incidents. We maintain safeguards and incident response procedures. If we become aware of a security incident involving Client Data, we will take reasonable steps to investigate and notify impacted Clients consistent with contractual obligations and applicable law.
A.5 Data deletion or return. We support deletion or return of Client Data where feasible, subject to platform settings, backups, legal holds, and legal requirements.
APPENDIX B. ACCEPTABLE USE
To protect the public and our platform, the Services may not be used for:
- unlawful telemarketing or texting;
- contacting numbers without required consent or permission;
- misleading or deceptive practices;
- harassment, threats, discrimination, or abuse;
- circumvention of opt-outs or do-not-contact lists;
- content that violates carrier policies or applicable law.
Lexson AI may suspend or terminate Services for suspected violations of this Acceptable Use policy.