Compliance & Security

Data residency

Customer data for the MENA region is stored in Google Cloud's me-central1 region (Doha, Qatar). This choice keeps latency low and infrastructure close to the region we serve.

Egypt Personal Data Protection Law (151/2020)

We align our practices with the principles of Egypt's PDPL: purpose limitation, data minimization, security, and data subject rights.

• We process data only for stated, specific purposes.
• We give data subjects rights of access, correction, and deletion.
• We apply appropriate technical and organizational safeguards.

Egyptian Tax Authority e-invoicing (ETA)

Our invoice schema is designed to align with ETA's structure and required fields, in preparation for direct submission once enabled by your firm.

Technical security

• TLS 1.3 for all connections.
• Encryption at rest (AES-256) via Google Cloud infrastructure.
• Role-based access control (Owner / Admin / Lawyer / Staff).
• Tamper-evident audit logs for all sensitive operations.
• Daily backups and periodic security reviews.

Data Processing Agreement (DPA)

Enterprise customers can request a signed Data Processing Agreement. To get a copy of our DPA, write to compliance@lexaai.co.

Lawyer–client confidentiality

Data on the platform includes professional secrets. No member of Lexa's team accesses your firm's data unless you explicitly request support, for a limited time, and within an audit log.