FeaturesPricingDocumentationSupport
Get Early Access
Security

Enterprise-grade security

Your notes contain your most valuable thoughts. We protect them with security built from the ground up.

Zero Trust Architecture

Lexic is built on a zero-trust security model. Every request is authenticated, every action is authorized, and every data access is logged. Multi-tenant isolation is enforced at the database level using PostgreSQL Row-Level Security—your data is physically separated, not just logically filtered.

Security Features

🔐

Row-Level Security

Database-enforced tenant isolation using PostgreSQL RLS. Your data never mixes with anyone else's—guaranteed at the database level, not just the application layer.

💾

Encryption at Rest

All data is encrypted at rest using AES-256. Database backups, file storage, and logs are all encrypted.

🔒

Encryption in Transit

All connections use TLS 1.3. API calls, web traffic, and internal service communication are encrypted end-to-end.

🛡️

OAuth Authentication

Secure OAuth 2.0 authentication with Google, GitHub, and Microsoft. Enterprise SSO (SAML 2.0, OIDC) and SCIM provisioning are on our 2026 roadmap.

📋

Audit Logging

Comprehensive audit logs track all user actions, data access, and administrative changes. Logs are immutable and retained for compliance.

🔍

Security Assessments

We follow security best practices including dependency scanning, code reviews, and infrastructure hardening. Third-party penetration testing is planned.

Compliance Readiness

📊Architecture Ready

SOC 2 Type II

Enterprise-grade architecture with audit logging, encryption, and access controls designed to support SOC 2 certification when required.

🇪🇺Architecture Ready

GDPR

Privacy-by-design architecture supporting GDPR requirements. Data processing agreements available upon request.

🇺🇸Architecture Ready

CCPA

Technical infrastructure supports CCPA requirements for data handling, access, and deletion rights.

Formal certifications will be pursued based on customer requirements.

Security Practices

Security-first development lifecycle
Automated dependency vulnerability scanning
Infrastructure-as-code with security policies
Incident response procedures documented
Secure coding guidelines enforced
Vendor security assessments

Data Handling

Data Location: All data is hosted on SOC 2 certified infrastructure (Supabase) in the United States. Contact us for specific data residency requirements.

Data Retention: Your data is retained as long as your account is active. Deleted data is purged within 30 days. Backups are retained for disaster recovery purposes.

AI Processing: Note content is processed by AI models for entity extraction and analysis. We do not use your data to train AI models. Processing data is not retained after the operation completes.

Security Questions?

For security inquiries, vulnerability reports, or to request our security documentation, contact our security team.

security@lexic.ioRequest Security Docs