Lexora
Talk to us
Security & PDPL

Built for the people
who audit you.

Saudi PDPL doesn't tolerate "trust us, bro." Lexora ships with the receipts on day one — RLS enforcement, HMAC-chained audit log, per-purpose consents.

Talk to us See pricing
Six pillars

The contract we sign with you.

Pillar 01

Tenant RLS
by default.

Every tenant-owned table enforces Postgres Row-Level Security keyed on tenant_id. Each request opens a session, sets app.tenant_id from the verified JWT, and only sees rows that match. No application-level tenant filter to forget.

Pillar 02

Audit chain,
tamper-evident.

Every state-changing action writes an audit_log row whose hash chains to the previous row via HMAC-SHA256 keyed on AUDIT_CHAIN_SECRET. Tampering is detectable on export. Bundled into your audit pack PDF + JSON.

Pillar 03

PDPL consents,
per purpose.

Saudi PDPL requires explicit consent per processing purpose. Lexora records service / marketing / analytics consents at signup, exposes them in account settings, and honors withdrawal within 24h.

Pillar 04

No training
on tenant data.

We do not fine-tune any model on tenant data. Per-tenant data is RLS-isolated. The only time it crosses a provider boundary is as the prompt context for the user's own request — no caching, no logging server-side beyond the audit row.

Pillar 05

Self-audit
the source.

Every line of the audit chain implementation, RLS policy, and integration adapter is reviewable on the demo call. Enterprise customers can also run their own instance entirely off their own infrastructure.

Pillar 06

Provider failover,
deterministic stub.

Anthropic → Google → OpenAI → deterministic stub. Citations validated post-generation; disclaimer enforced on every reply. If every real provider fails, the stub keeps the surface alive — no 5xx to your users.

Roadmap

Where we are. Where we're going.

01
RLS enforcement on every tenant table
Postgres policies on users, tenants, najiz_*, lawyer_engagements, judgegpt_*, voice_*, whatsapp_messages.
Now · shipped
02
HMAC-SHA256 audit chain
Every audit_log row chains to prev_hash. AUDIT_CHAIN_SECRET keyed. Tamper-detectable on export.
Now · shipped
03
PDPL consents (service / marketing / analytics)
Per-purpose consents recorded at signup; surfaced in /me; withdrawal within 24h.
Now · shipped
04
AR/EN PDPL Readiness Scanner
Focused PDPL run on pasted policy text; SDAIA-aligned rule set.
Now · shipped
05
Pen test + remediation report
Independent black-box pen test; remediation log published.
Q2 26 · queued
06
ISO 27001 Stage 1
Information-security management certification, scope: hosted Lexora multi-tenant.
Q3 26 · queued
07
Single-tenant on-prem (Helm)
Helm chart + DR runbook + first restore drill. Available to Enterprise tier.
Q3 26 · queued
08
SOC 2 Type II
Twelve-month observation; subprocessor list and trust portal.
Q4 26 · queued

Roadmap items are commitments to the customers we're already serving, not pricing-page puffery. Anything you don't see here that you need before signing — book a 15-min call and we'll tell you straight whether it's possible.

Subprocessors

Who else touches your data.

Anthropic
LLM provider (Claude)
US
Optional
Google
LLM provider (Gemini)
US/EU
Optional
OpenAI
LLM provider (GPT) + Whisper STT
US
Optional
Meta WhatsApp Cloud API
WhatsApp channel (live mode only)
EU
Optional
MoJ Najiz Developer Platform
Case status + hearings (live mode only)
KSA
Optional
Postgres / Qdrant / Meilisearch
Self-hosted by Lexora — KSA region only
KSA
Required

Every optional subprocessor is gated by an env-var switch. Run Lexora entirely on the required column for offline / on-prem / fully-stub mode.