Private Policy &

Lecxa Privacy Policy & Terms of Service

Last updated: September 1st, 2025
This document describes the policies and procedures of Lecxa Pty Ltd (ABN 56683676511) on the collection, use, and disclosure of your information when you use the Lecxa and related websites (together, the “Service” or “Sites”). It also sets out the terms governing your use of the Service.
By creating an account, accessing the Service, or using the Sites, you agree to these terms and our handling of your data in accordance with this Policy.

1. Interpretation and Definitions

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
  • Account: A unique account created for You to access our Service or parts of our Service.
  • Affiliate: Any entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
  • Application: Lecxa, the software program provided by Lecxa Pty Ltd.
  • Company (“Lecxa”, “we”, “us”, or “our”): Lecxa Pty Ltd
  • Country: Refers to New South Wales, Australia.
  • Customer Data: Business, inventory, and product data you upload to Lecxa.
  • Device: Any device that can access the Service (e.g., computer, mobile, tablet).
  • Personal Data: Any information relating to an identified or identifiable individual.
  • Service Provider: Third parties engaged to facilitate, host, or support our Service.
  • Usage Data: Data collected automatically through use of the Service (e.g., IP address, browser, pages visited).
  • You: The individual or entity using the Service.

2. Information We Collect

2.1 Personal Information You Provide

  • Account details: name, email, phone number, password
  • Company details: business name, ABN/ACN, address
  • Payment details: billing address, credit card or bank account (processed via PCI-compliant providers)

2.2 Usage and Technical Data

  • Pages viewed, actions taken, API calls, feature usage logs, chat logs
  • IP address, browser type, operating system, device identifiers
  • Cookies and analytics (e.g., Google Analytics)

2.3 Communications

  • Support tickets, email correspondence, survey responses, feedback

2.4 Company & Inventory Data

  • Stock levels, SKUs, warehouse locations
  • Product descriptions, dimensions, barcodes, supplier references
  • Shipments, receipts, adjustments, annotations
  • Backups and archives retained for recovery

2.5 Application-Specific Data

With your permission, we may collect:
  • Location data
  • Photos or files from your device

3. How We Use Your Data

We use your data to:
  • To provide and maintain our Service, including to monitor the usage of our Service.
  • To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
  • For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
  • To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
  • To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
  • To manage Your requests: To attend and manage Your requests to Us.
  • Comply with legal obligations:
  • For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
  • For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.
We may share your information:
  • With Service Providers (payments, hosting, analytics)
  • With Affiliates or business partners (to provide integrated services)
  • During business transfers (merger, sale, financing)
  • With professional advisors (lawyers, auditors)
  • With other users in public/shared areas
  • With law enforcement if legally required
  • With your consent

4. Data Retention and Backups

The Company will retain Your Personal and Account Data only for as long as is necessary for the purposes set out in this Privacy Policy (subscription length plus up to 5 years). We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
 
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

5. Data Security and Transfers

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.
Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.
We use encryption, access controls and audits to safeguard data, however, no system is completely secure - please notify us of suspected breaches.
The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

6. Your Rights

You have the right to delete, or request that we assist in deleting, the personal and account data that we have collected about you. Our Service may give you the ability to remove certain information from within the platform, however unless explicitly stated, deleting or deactivating data will not automatically remove it from the system. Such data may be retained for auditing, compliance, and reporting purposes. To request complete removal of your data, you should contact our team using the email provided below.
You may update, amend, or delete your information at any time by signing in to your account and using the account settings section to manage your personal information. You may also contact us directly to request access to, correct, or delete any personal information that you have provided. Please note that in some circumstances we may be required to retain certain information where there is a legal obligation or lawful basis to do so.
In accordance with applicable privacy laws, you have the right to access and receive a copy of your data, request corrections to any inaccuracies, request deletion of your information (subject to legal exceptions), and withdraw consent for marketing communications. We will respond to all valid requests within 30 days.

7. Accounts and Use of Service

When creating an account with Lecxa, you must ensure that all details you provide during registration are accurate, complete, and kept up to date. Supplying false or misleading information may result in restrictions on your access to the Service or termination of your account.
You are solely responsible for maintaining the confidentiality of your login credentials and for all activities that take place under your account. If you become aware of any unauthorised access or suspected breach of security, you should notify us immediately. Lecxa cannot be held liable for any loss or damage arising from your failure to safeguard your account information.
The Service must not be used for unlawful, fraudulent, or abusive purposes. Any activity that violates applicable laws, infringes the rights of others, or disrupts the integrity of the Service is strictly prohibited.
You are also prohibited from attempting to reverse-engineer, modify, interfere with, or maliciously exploit the Service. Such actions may compromise the security, performance, or reliability of the platform and may lead to suspension, termination of your account, and potential legal action.

8. Subscriptions and Payments

Lecxa may offer free trials or promotional periods; once these expire, subscription fees will apply in accordance with your selected plan. Subscription fees are charged in the currency specified at the time of purchase. Fees are billed on a recurring basis (e.g., monthly or annually) unless otherwise stated. Prices displayed on lecxa.com.au are offered to Australian customers in AUD and include 10% GST. For customers located outside Australia, prices are shown exclusive of any applicable sales taxes, which may be added at checkout where required by local laws.
We accept payments through third-party payment processors (including but not limited to Stripe). By providing payment details, you authorise us or our payment partners to process charges as required to deliver the Service. Payment information is processed securely by our payment providers. Lecxa does not store full payment card details on its own servers.
All fees are non-refundable except where required by law. Your use of a third-party payment method (such as Stripe, PayPal, or bank transfer) may also be subject to the provider’s own terms and privacy policy.

9. Service Availability & Support

  • We aim for high availability but do not guarantee uninterrupted access.
  • Features may be changed or discontinued.
  • Standard support is available via email and in-app.

10. Termination

  • You may cancel at any time via account settings.
  • Lecxa may suspend or terminate your account for breaches, misuse, or unpaid fees.
  • Upon termination, you may request a copy of your data within 30 days.

11. Intellectual Property

All Lecxa software, branding, documentation, and content are owned by Lecxa Pty Ltd or licensors. No rights are transferred to you except as expressly granted.

12. Legal Requirements and Liability

  • Lecxa may disclose Personal Data to comply with legal obligations, protect rights, or ensure safety.
  • The Service is provided “as is” and “as available”.
  • To the extent permitted by law, Lecxa excludes all implied warranties.
  • Liability is limited to the amount you paid in the 12 months prior to a claim.

13. Children’s Privacy

The Lecxa Service is not directed to or intended for use by children under the age of 16 (or under 13, where applicable under local law). We do not knowingly collect Personal Data directly from children. If you are a parent or guardian and you believe your child has provided Personal Data to us directly, please contact us and we will take steps to remove that information.
In certain cases, our customers may use Lecxa to process information about their own end users, including individuals under the age of 16, for example when synchronising order or customer records from third-party platforms such as Shopify. In such circumstances, Lecxa acts only as a data processor on behalf of the customer. The customer remains responsible for ensuring that any data about children is collected and processed lawfully, including obtaining any necessary parental consent under applicable laws.
If we become aware that we have inadvertently stored children’s data provided without appropriate consent or legal basis, we will work with the relevant customer and You to remove that information promptly. Where consent is required by law, we may require evidence that appropriate parental consent has been obtained before processing the information.

14. Cookies and Tracking

We use cookies to:
  • Maintain sessions and personalise your experience
  • Analyse usage
  • Support third-party integrations
You may disable cookies in your browser, but some features may be limited.

15. Changes to this Policy and Terms

We may update this Policy or Terms from time to time (e.g., for new features or legal changes). Updates will be posted on this page with a new “Last updated” date, and significant changes may be notified via email or in-app.

16. Governing Law

These Terms are governed by the laws of New South Wales, Australia. Disputes will be resolved in its courts.

17. Processing of Data from Your Shopify Store

 
This section applies specifically to the data we process on behalf of merchants who use the Lecxa application in connection with their Shopify store. Our handling of this data is governed by both this policy and our Data Processing Addendum with Shopify.

17.1 Information We Collect from Shopify

To provide our inventory management and fulfillment features, we must access specific data from your Shopify store when you install and use our application. This includes the following Protected Customer Data fields:
  • Customer Name
  • Customer Email
  • Customer Phone Number
  • Customer Shipping Address
  • Customer Billing Address

17.2 How We Use Shopify Data

We adhere strictly to the principles of data minimization and purpose limitation. The Protected Customer Data sourced from your Shopify store is used exclusively for the following operational purposes:
  • Customer Name and Shipping Address are used solely to generate shipping labels, packing slips, and picking lists for order fulfillment by your warehouse staff.
  • Customer Email and Phone Number are used to send automated shipping notifications to the customer on your behalf and to provide necessary contact details to shipping carriers for delivery coordination.
  • Billing Address is used to generate invoices within the Lecxa platform and to sync order data with connected third-party accounting software, such as Xero, at your direction.
Data accessed from Shopify is never used for secondary purposes, such as marketing, advertising, or data brokering.

17.3 Data Sharing with Third Parties

We do not sell or share your customers' personal data. We only share data with third-party sub-processors when it is essential to provide a core feature of our service and is done at your direction. This includes:
  • Sharing order and billing information with accounting services such as Xero to facilitate your bookkeeping and invoicing.
  • Sharing shipping details with shipping carrier services to generate labels and facilitate delivery.

17.4 Data Retention After App Uninstall

Upon uninstallation of the Lecxa application from your Shopify store, we will retain the Protected Customer Data sourced from your store for a grace period of 90 days. This allows for the restoration of your data if you choose to reinstall the app.
After this 90-day period, a background process will run to permanently delete all personally identifiable information related to your customers from our systems. This policy does not apply to your direct account information with Lecxa (the merchant), which we may retain to comply with our own legal and financial obligations.

17.5 Data Deletion Requests (GDPR & CCPA Compliance)

We are fully compliant with Shopify's data protection requirements for handling data subject rights. We automatically receive and process data deletion requests initiated via Shopify's mandatory GDPR and CCPA webhooks (customers/redact and shop/redact).
When a request is received from Shopify, the relevant customer or shop data is permanently erased from our systems in an automated fashion, ensuring your compliance with your customers' right-to-erasure requests.

17.6 Historical Reporting and Data Anonymization

We understand that maintaining accurate historical records for sales and inventory is critical for your business operations and legal obligations (e.g., tax reporting).
Our data deletion process is designed to protect your customers' privacy without compromising the integrity of your historical business data. When we receive a mandatory data deletion request from Shopify, we do not delete the entire order record. Instead, we perform an anonymization process on the relevant records within the Lecxa system.
This process involves removing or overwriting all personally identifiable information, including:
  • Customer Name
  • Email Address
  • Phone Number
  • Shipping and Billing Addresses
The non-personal transactional data, such as the order date, products sold, quantities, and transaction value, is preserved. This allows you to continue running accurate historical sales reports for accounting and business analysis while honouring the customer's data deletion request.
Please Note: This anonymization process applies to data stored within the Lecxa system. Data that has been synced to third-party services at your direction, such as Xero, is governed by that service's data retention policies and is your responsibility to manage. Lecxa cannot delete or alter data within your separate third-party accounts.
 

18. Contact Us

If you have questions about this Policy or our Terms, please contact:
Lecxa Pty Ltd
ABN 56683676511
📧 Email: info@lecxa.com.au