LexaLexa
Back to home
Data Protection

Data Protection

Your rights under Ghana's Data Protection Act 2012 (Act 843) and how Lexa fulfils its obligations as a registered data controller.

Last updated: 30 May 2026

01Overview

Lexa Labs Inc. is committed to protecting your personal data in accordance with Ghana's Data Protection Act, 2012 (Act 843) — the primary legislation governing the collection, processing, and storage of personal information in Ghana.

This page explains what the Act requires, what rights it gives you, and exactly how Lexa fulfils its obligations as a data controller.

If you are a resident of the European Union, additional rights under the GDPR may apply. Contact us for more information.

02Ghana Data Protection Act (Act 843)

The Data Protection Act 2012 regulates the processing of personal data in Ghana. It requires data controllers (like Lexa) to:

  • Collect data only for a specified, explicit, and lawful purpose
  • Ensure data is accurate, adequate, relevant, and not excessive
  • Not retain data longer than necessary
  • Take appropriate technical and organisational security measures
  • Register with the Data Protection Commission (DPC) of Ghana
  • Respect the rights of data subjects (you)

Lexa is registered with the Data Protection Commission of Ghana as a data controller.

03Your Rights as a Data Subject

Under Act 843, you have the following rights regarding your personal data:

TypeDetails
Right to AccessRequest a copy of all personal data we hold about you. We will provide this within 30 days.
Right to CorrectionRequest that inaccurate or incomplete data be corrected or updated.
Right to DeletionRequest deletion of your personal data, subject to legal retention requirements.
Right to ObjectObject to processing of your data for specific purposes, including direct marketing.
Right to PortabilityReceive your data in a structured, commonly used, machine-readable format.
Right to RestrictionRequest that we restrict processing of your data in certain circumstances.
To exercise any of these rights, email privacy@neesimera.com. We will respond within 30 days. Requests are free of charge.

04Lawful Basis for Processing

We process your personal data only where we have a lawful basis under Act 843:

TypeDetails
Contract performanceProcessing necessary to deliver the Services you signed up for (e.g., contract analysis, account management).
Legitimate interestsAnalytics and fraud prevention, where our interests don't override your rights.
Legal obligationRetaining financial records as required by Ghanaian tax law.
ConsentMarketing communications — you can withdraw consent at any time.

05AI Processing of Legal Documents

When you upload a contract for analysis, your document is processed by one or more AI providers (Groq, Google Gemini, Anthropic Claude, OpenAI). We take the following steps to protect your data:

  • Documents are transmitted over encrypted TLS connections
  • AI providers process documents for analysis only — they do not retain content beyond the request
  • We have data processing agreements with all AI providers
  • We never use your documents to train AI models
  • Analysis results are stored securely and associated only with your account
You control your documents. You can delete any uploaded contract at any time from within the platform.

06International Data Transfers

Some of our service providers are based outside Ghana (e.g., US-based AI providers). When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard contractual clauses (SCCs) with data processors
  • Data processing agreements requiring equivalent protection
  • Minimising the personal data included in AI prompts
  • Using anonymisation or pseudonymisation where possible

07Technical & Organisational Measures

We implement the following measures to protect your data:

TypeDetails
Encryption in transitTLS 1.3 for all data transmission
Encryption at restAES-256 for stored documents and databases
Access controlRole-based access; least-privilege principle
Audit loggingAll access to personal data is logged
Vulnerability managementRegular security audits and penetration testing
Incident responseData breach notification within 72 hours per best practice

08Filing a Complaint

If you believe we have not handled your personal data in accordance with Act 843, you have the right to file a complaint with:

TypeDetails
Lexa (first step)privacy@neesimera.com — we aim to resolve complaints within 30 days
Data Protection CommissionThe DPC of Ghana — www.dataprotection.gov.gh

We take all complaints seriously and will work transparently to resolve any concerns.

09Contact Our Data Protection Team

For data protection enquiries, contact our Data Protection Officer:

TypeDetails
Emailprivacy@neesimera.com
Response timeWithin 30 days of receiving your request
CompanyLexa Labs Inc., Accra, Ghana

Related legal documents

Privacy Policy

How we collect and protect your data

Terms of Service

Rules governing your use of Lexa

Cookie Policy

How we use cookies and tracking