Privacy Policy

Last updated: March 2026

Lekha ("we", "us", "our") operates the Lekha financial document intelligence API and website at lekhadev.com. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

1. Information We Collect

We collect only the minimum information necessary to provide our services:

  • Account information: Email address used for authentication and account management.
  • API usage logs: API key identifier, request timestamps, document types processed, response status codes, and credit consumption. These logs are used for billing, rate limiting, and service improvement.
  • Payment information: Payment details are collected and processed by Stripe. We do not store credit card numbers or bank account details on our servers.

2. Document Handling

This is the most important section of our privacy policy.

  • Documents you submit through our API are processed in memory only. They are never written to disk, never stored in a database, and never logged.
  • Document content is sent to Anthropic's Claude API for extraction. Anthropic does not use API inputs to train their models. Refer to Anthropic's Privacy Policy for their data handling practices.
  • Once extraction is complete and the structured JSON response is returned, the document data is immediately discarded from memory.
  • We do not retain, cache, or archive any document content. We have no ability to retrieve previously processed documents.

3. How We Use Your Data

  • Service delivery: To authenticate your requests, process documents, and return structured data.
  • Billing and usage: To track API credit consumption and manage your subscription.
  • Service improvement: Aggregated, anonymized usage analytics to improve extraction accuracy and API performance.
  • Communication: To send service-related notices such as usage alerts, billing updates, or policy changes.

4. Third-Party Services

We use the following third-party services to operate Lekha:

  • Supabase: Authentication and database hosting. Stores your email, API keys, and usage logs.
  • Stripe: Payment processing. Handles all billing and payment information.
  • Anthropic: AI-powered document extraction via the Claude API. Document content is sent for processing and is not retained by Anthropic.
  • Vercel: Application hosting and deployment.

Each third-party service has its own privacy policy governing their data handling practices. We encourage you to review them.

5. Data Retention

  • Account data: Retained as long as your account is active. Upon account deletion, your email and API keys are permanently removed within 30 days.
  • Usage logs: Retained for 90 days for billing reconciliation and debugging, then permanently deleted.
  • Document content: Never retained. Processed in memory only and discarded immediately after extraction.

6. Data Security

We implement industry-standard security measures to protect your data, including encrypted connections (TLS) for all API communication, hashed API keys, and access controls on our infrastructure. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. DPDP Act Compliance

Lekha is committed to compliance with India's Digital Personal Data Protection Act, 2023 (DPDP Act). In accordance with the Act:

  • We process personal data only for lawful purposes with your consent or as necessary to provide the services you have requested.
  • You have the right to access, correct, and request erasure of your personal data.
  • You have the right to nominate another individual to exercise your data rights on your behalf.
  • You have the right to withdraw consent at any time by deleting your account or contacting us.
  • We do not process children's personal data knowingly.
  • In the event of a data breach affecting your personal data, we will notify you and the relevant Data Protection Board as required by the Act.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Withdraw consent for data processing.
  • Lodge a complaint with the Data Protection Board of India if you believe your rights have been violated.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at privacy@lekhadev.com.