Privacy Policy
Last updated: June 17, 2026
What we collect
LexTrace is privacy-first. Timer session content is not stored on our servers — it lives in your Notion database. To provide our service, we collect limited information described below.
Authentication & Notion Integration
- We use Notion OAuth for authentication.
- To enable the app to write timer data to your Notion databases, we securely store your Notion workspace ID, user ID, and access credentials.
- We also store the email address Notion provides during OAuth for account support and communications.
- Your email is encrypted at rest on our servers.
- We do not read or store the actual content of your pages or other Notion data on our servers.
Billing and Payment
- Stripe is our payment processor.
- We store your Stripe Customer ID, subscription status, and plan details to manage your account.
- Financial information (credit card numbers, bank details) is handled directly by Stripe and never stored on our servers.
- Promotion codes applied during checkout are processed through Stripe.
Account & Communications
We collect your email address to: support your account, help with setup, send billing/security/OAuth notices, and communicate important service issues.
Types of emails we may send:
- Service emails (always sent): Trial reminders, subscription confirmations, payment failure alerts, and security notices.
- Product updates (optional): Release notes and announcements.
- Onboarding tips (optional): Helpful tips to get started.
You can manage optional email preferences from Cabinet settings at any time. You will always receive required service emails about your account, billing, security, or app functionality.
Cookies & Sessions
- We use a single essential cookie to keep you signed in to the LexTrace web application.
- This cookie is a secure, HTTP-only session identifier — it does not track you across websites.
- Session identifiers are stored securely on our servers and cannot be used to reverse-engineer your account.
- Sessions expire automatically after an extended period of inactivity.
Embed (Notion Widget) Data
- LexTrace can be embedded as a widget inside Notion pages.
- When setting up the widget, a short-lived setup code is used to securely link the widget to your account.
- The widget uses secure credentials to communicate with our servers on your behalf.
- These credentials are stored securely and cannot be used to access your Notion content directly.
Technical Data
- To maintain security and functionality, we log standard connection data such as IP addresses and browser information when you use the LexTrace web application or embed.
- We may temporarily process data from Notion webhooks to provide real-time updates; this data is automatically cleaned up shortly after processing.
Data Security
- Your sensitive information (such as email addresses and access credentials) is encrypted at rest using industry-standard encryption.
- Session identifiers and authentication credentials are stored using secure, one-way cryptographic methods.
- We follow security best practices to protect your data in transit and at rest.
Data Retention & Deletion
- Sessions and authentication credentials expire automatically after extended periods of inactivity.
- Temporary data (such as setup codes and webhook events) is automatically cleaned up shortly after use.
- You can delete your account at any time from Cabinet settings. When you delete your account:
- All your data is permanently removed from our servers.
- Any active subscriptions are canceled.
- Your payment profile is removed from our payment processor.
- This action is irreversible.
Analytics
Analytics are optional. If you allow analytics, we collect anonymous usage events to improve LexTrace (for example: onboarding steps completed, feature usage, and error states).
In our analytics telemetry, we do not track session content, email addresses, or personal identifiers.
If analytics are disabled or declined, no tracking events are sent to our systems or third-party processors.
If enabled, we use a random, anonymous identifier to understand usage patterns. This identifier cannot be traced back to your account, email, or Notion data.
You can manage analytics preferences separately for the Cabinet website and the Notion widget.
Your choice
- You can enable or disable analytics at any time in Settings, separately for the Cabinet website and the Notion widget.
- We store your analytics preference so we can honor it.
Third-party processors
We use the following services to operate LexTrace:
- Stripe: Processes payments and manages subscriptions. Financial information is handled directly by Stripe.
- Resend: Delivers transactional emails on our behalf (such as trial reminders and subscription notifications).
- PostHog: Used to process anonymous usage events when you have opted in to analytics. We configure it to disable automatic capture and session recording.
- Sentry: Used for error monitoring to help us identify and fix issues. We configure it to minimize personal data.
Changes to This Policy
- We may update this Privacy Policy from time to time. If we make significant changes, we will notify you through the app or via email.
- Your continued use of LexTrace after changes are posted constitutes acceptance of the updated policy.
Contact
If you have questions about privacy, you can reach us at support.trace@playlex.io or through the support link in the app.