DRAFT — NOT FOR PUBLICATION — Content under legal review (2026-04-14). Remediation in progress.
LoxMetis — Settlement Intelligence Platform

Loxmetis is built specifically for personal injury attorneys. We understand that case documents contain your clients' most sensitive information — medical records, financial details, and litigation strategy. This policy explains exactly how we handle that data.

1. What We Collect

When you use Loxmetis, we collect the following categories of data:

Your Loxmetis account itself does not require sensitive identifiers such as Social Security numbers, and we never store credit-card numbers — payments are processed by our billing provider (Stripe), which collects card details directly. The case documents you upload, however, may contain sensitive personal information about your clients (for example, a Social Security number printed on a medical bill). When our document processor detects identifiers like these, it replaces them with reversible tokens and keeps the mapping in a short-lived, access-controlled cache, so the underlying values are shown only to authorized members of that case. We collect no personal data beyond what is necessary to provide the service.

2. How We Use Your Data

Your data is used exclusively to provide the Loxmetis service to you and your organization:

We do not train AI models on your clients' confidential information, and we never let a third party train its models on your data. Your case documents, chat conversations, and client data are attorney-client privileged materials, and we never use one organization's data in a way that could expose it to another.

We use your data to deliver the service to you and your organization, which can include learning from your feedback and corrections to improve answers within your own cases. When we use customer data to improve Loxmetis more broadly — including to develop our own models, retrieval, or analytics — we do so only with data that has been de-identified (stripped of client- and matter-identifying details) and/or aggregated, never in a way that reveals one organization's information to another. We will not use your identifiable client documents to train shared models.

3. Organization Isolation

Loxmetis uses a strict multi-tenant architecture. Each law firm's data is completely isolated from every other firm's data at the database level.

This isolation is enforced at the application layer and verified through automated testing. As with any hosted service, a small number of operations staff can access the underlying infrastructure when strictly necessary to run, debug, or support the platform; such access is limited, logged, and covered by confidentiality obligations — it is not used to browse client case content.

4. AI Provider & Subprocessors

Loxmetis uses Google Gemini for AI processing:

When you send a message or upload a document, the relevant text is sent to Google's API for processing. Per Google's API Terms of Service, data sent via API calls is not used to train or improve Google's AI models. Google processes your data as a data processor on our behalf, subject to their data processing agreement.

Google Gemini is our large-language-model provider; we do not send your data to consumer AI products, and we do not share it with any AI vendor for model training. To operate the service, Loxmetis also relies on a small set of infrastructure and service providers — for hosting, document storage, email, and billing. We list every one of them, and exactly what data each receives, on our Subprocessors page.

5. Data Retention

6. Encryption

7. ABA Rule 1.6 Compliance

Loxmetis is designed specifically to meet the "reasonable efforts" standard under ABA Model Rule 1.6(c), which requires attorneys to make reasonable efforts to prevent unauthorized disclosure of client information.

Our implemented safeguards include:

We recommend that you consult your state bar's ethics guidance on cloud-based client data storage when evaluating any practice management software, including Loxmetis. Most state bars have issued guidance consistent with ABA Formal Opinion 477R (2017), which permits cloud storage when reasonable security measures are in place.

8. Where Your Data Is Stored

Loxmetis is operated from cloud infrastructure located in the United States. Your case documents, database records, and backups are stored in US data centers. If you access Loxmetis from outside the US, your data is transferred to and processed in the US.

9. Cookies, Analytics & Email

Loxmetis uses strictly necessary cookies to keep you signed in (an httpOnly session cookie and a refresh cookie) and to protect public forms from abuse. We do not use advertising cookies and we do not sell tracking data. If product analytics is enabled for your environment, it records non-identifying usage events (which features are used, errors encountered) and is configured to exclude personal information.

If you join our waitlist or opt in to product updates, we store your email address with our email provider to send those messages; every marketing email includes an unsubscribe link. The services involved are listed on our Subprocessors page.

10. Selling, Sharing & Disclosure

We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are used under the California Consumer Privacy Act (CCPA/CPRA) and similar US state privacy laws. We use your data only to provide the service, as described above. Depending on your state of residence, you may have the right to know what personal information we hold, to request its deletion, and to not be discriminated against for exercising these rights. To make a request, contact privacy@loxmetis.com.

We may, however, disclose your information in limited circumstances: to the service providers listed on our Subprocessors page who help us operate Loxmetis; when required by law or valid legal process (such as a subpoena or court order); to protect the rights, safety, or property of Loxmetis, our users, or others; or in connection with a merger, acquisition, or sale of assets (in which case we will provide notice). We do not otherwise share your case data with third parties without your consent.

11. Children's Privacy

Loxmetis is a professional tool for attorneys and is not directed to children. We do not knowingly collect personal information from anyone under 18 as an account holder. Case documents may, of course, contain information about minors who are parties to a matter; that information is handled the same way as any other sensitive case data described above.

12. Your Rights

You have the following rights with respect to your data:

To exercise any of these rights, contact privacy@loxmetis.com.

13. Changes to This Policy

If we make material changes to this privacy policy, we will notify all registered users by email at least 14 days before the changes take effect. Non-material changes (such as clarifications that do not reduce your rights) may be made without notice. The "Last updated" date at the top of this page reflects the most recent version.

Continued use of Loxmetis after the effective date of a revised policy constitutes acceptance of the updated terms.

Questions? Contact us at privacy@loxmetis.com.