Private Policy

Lecxa Privacy Policy

Last updated: 1 December 2025
This Privacy Policy describes how Lecxa Pty Ltd (ABN 56683676511) (“Lecxa”, “we”, “us”, or “our”) collects, uses, discloses and protects information in connection with:
  • the Lecxa Platform (our inventory and warehouse management software, APIs and related services), and
  • our websites, including lecxa.com.au and any related pages or subdomains (together, the Services).
By using the Services, creating an account, or otherwise interacting with us, you agree to this Privacy Policy. For the terms governing your use of the Lecxa Platform, please refer to our Terms & Conditions.

1. Who we are

Lecxa is an Australian company providing inventory and warehouse management software for businesses.
  • Company: Lecxa Pty Ltd
  • Country of establishment: Australia (New South Wales)
If you have any questions about this Policy or how we handle personal data, you can contact us at:
📧 Email: privacy@lecxa.com.au

2. The types of data we collect

2.1 Account & contact information

When you sign up, contact us, or otherwise interact with us, we may collect:
  • Name
  • Email address
  • Phone number
  • Job title / role
  • Company name
  • Business postal address
  • Marketing and communication preferences

2.2 Business & operations data (Customer Data)

When you use the Lecxa Platform, you or your team may upload, enter or sync a wide range of operational data. This can include:
  • Customer information
    • Contact names
    • Emails and phone numbers
    • Addresses and delivery details
  • Supplier information
    • Supplier names and contact details
    • Currencies
    • Addresses
  • Product & inventory information
    • Product names, SKUs, barcodes
    • Descriptions, categories and attributes
    • Dimensions, weights and packaging information
    • Cost prices and selling prices
    • Stock levels and warehouse locations
  • Order & transaction data
    • Sales orders, invoices and credit notes
    • Purchase orders, supplier bills and returns
    • Shipments, receipts, stock adjustments and stocktakes
    • Serial numbers, batch / lot details where configured
  • Integration data
    • Data synced from third-party systems you connect (for example: Shopify orders, Xero invoices, payment references, etc.)
We refer to this collectively as Customer Data. You remain the owner of your Customer Data (see also your Terms & Conditions). Lecxa processes this data to provide, support and improve the Services.

2.3 Usage, technical & analytics data

When you visit our websites or use the Lecxa Platform, we automatically collect certain technical data, such as:
  • IP address and approximate location
  • Browser type and version
  • Device type and operating system
  • Pages viewed, buttons clicked, features used
  • Dates, times and duration of sessions
  • Error and performance logs
Some of this information is collected using cookies and similar technologies (see section 7 below).
We may use third-party analytics tools (for example, web analytics and product analytics providers) to help us understand how the Services are used so we can improve them.

2.4 Communications with us

When you interact with us, we may collect:
  • Support requests
  • Emails you send us
  • Chat messages (in-app or on our site)
  • Survey responses, feedback, and product reviews
  • Records of phone or video calls where applicable
We use this information to respond to you, improve support, and develop the product.

2.5 Payment & billing information

Lecxa does not store or directly process full credit card numbers.
If you choose to pay for the Services by card or other online methods:
  • Your card details are entered into and processed by a secure third-party payment gateway (for example, Stripe or another PCI-DSS compliant provider).
  • Those card details are not stored on Lecxa’s database and cannot be viewed by Lecxa staff.
  • Lecxa may receive and store limited billing information, such as:
    • billing contact details
    • billing address
    • the last few digits of a card, card type and expiry month/year
    • payment status, invoice history and transaction IDs
We use this billing information for invoicing, account management and fraud prevention.

3. How we collect data

3.1 Information you provide directly

For example, when you:
  • register for a Lecxa account
  • start a free trial or request a demo
  • configure locations, products, customers or suppliers
  • connect third-party systems (e.g. Shopify, Xero)
  • fill in forms, respond to surveys or promotions
  • contact us for support or sales
You don’t have to provide all requested information, but if you choose not to, some parts of the Services may not work as expected.

3.2 Information collected automatically

We collect some information automatically when you:
  • browse our website
  • log into or use the Lecxa Platform
  • interact with in-app features
This includes usage, technical and analytics data as described in section 2.3. We use cookies, log files and similar technologies for this purpose.

3.3 Information from third parties

We may receive information about you and your business from:
  • third-party services you choose to connect (e.g. Shopify, Xero)
  • public sources (for example, if we verify a business registration or ABN)
  • partners and resellers assisting with onboarding or support
  • marketing and research providers (for example, to enrich or validate contact details)
When third-party systems are involved, your use of those systems is also governed by their own privacy policies.

4. Legal bases for processing (where applicable)

Where privacy laws require a legal basis, we typically rely on:
  • Contract: to provide you with the Services you have requested under our Terms & Conditions.
  • Legitimate interests: to operate, improve and secure our Services, to communicate with you about them, and to manage our business, where these interests are not overridden by your rights.
  • Consent: for certain marketing activities, cookies or optional features where required by law.
  • Legal obligations: where we need to keep certain records or disclose information to comply with applicable laws.

5. How we use your data

We use personal data and Customer Data for the following purposes:

5.1 To provide and operate the Lecxa Platform

  • setting up and administering your account
  • hosting and storing your Customer Data
  • executing workflows such as stock movements, order processing and reporting
  • maintaining integrations (e.g. Shopify, Xero, shipping providers)

5.2 To support you

  • providing help via email, in-app chat or other channels
  • investigating and resolving technical issues or bugs
  • training and onboarding support (directly or via trusted partners)

5.3 To improve and develop the Services

  • understanding how features are used
  • troubleshooting performance and stability issues
  • developing new features, workflows and integrations
  • running experiments and pilots (e.g. beta features)
Where possible, we use aggregated or anonymised data for product improvement and analytics.

5.4 To communicate with you

We use your contact details to:
  • send operational and service-related messages (e.g. account notices, security alerts, billing info, feature changes)
  • respond to your questions and support requests
  • send surveys and gather feedback about the Services
You cannot opt out of essential operational communications (e.g. security alerts, important service changes), because they are necessary to run the platform safely.

5.5 Marketing communications

With your consent where required, we may send you:
  • updates about Lecxa features and improvements
  • invitations to webinars, training or events
  • information about related services we think may interest you
You can opt out of marketing emails at any time by:
  • clicking the unsubscribe link in the email, or
  • emailing us at privacy@lecxa.com.au.

5.6 Security, fraud prevention and compliance

We may use data to:
  • protect accounts and Customer Data
  • detect, investigate and prevent fraud, abuse or security incidents
  • enforce our Terms & Conditions and other agreements
  • comply with legal obligations, regulatory requests and court orders

5.7 Analytics and aggregated reporting

We may analyse data (including usage and Customer Data) to produce aggregated, de-identified statistics, such as:
  • total stock movements by industry
  • feature adoption trends
  • system performance metrics
These aggregated insights do not identify individual users or businesses.
For data originating from Shopify, we only process data in ways that are necessary to our application, and do not use Shopify customer data for cross-merchant analytics or unrelated purposes.

6. How we share your data

We do not sell your personal data or Customer Data.
We may share data in the following limited circumstances:

6.1 Service providers (sub-processors)

We use carefully selected third-party providers to help us deliver the Services, for example:
  • hosting and cloud infrastructure
  • data storage and backups
  • payment gateways
  • email and communications services
  • analytics and error-monitoring tools
  • professional advisors (e.g. lawyers, accountants)
These providers only process data on our instructions and are bound by confidentiality and security obligations.

6.2 Integrations you choose to connect

When you connect Lecxa to third-party services such as Shopify, Xero, shipping carriers or others, we may share relevant data with them at your direction to enable the integration (for example, syncing orders, invoices or shipping details).
Those services are operated by third parties and governed by their own terms and privacy policies.

6.3 Business transfers

If Lecxa is involved in a merger, acquisition, restructuring, or sale of some or all of its assets, data may be transferred as part of that transaction, subject to confidentiality.

6.4 Legal and safety reasons

We may disclose information to third parties (including law enforcement or regulators) if we reasonably believe that disclosure is:
  • required by law, regulation or court order
  • necessary to protect the rights, property or safety of Lecxa, our customers or the public
  • necessary to detect, prevent or address potential fraud, security or technical issues

6.5 With your consent

We may share your information with other third parties where you have given us clear consent to do so.

7. Cookies, tracking and analytics

We use cookies and similar technologies to:
  • keep you signed in and maintain sessions
  • remember preferences and improve your experience
  • analyse how our website and Platform are used
  • support marketing and advertising (where permitted)
You can usually control cookies through your browser settings, including blocking or deleting them. However, blocking certain cookies may impact how the Services function.
Where required by law, we will ask for your consent before setting non-essential cookies.

8. International transfers

Lecxa uses cloud infrastructure and service providers that may be located in Australia, and potentially other countries.
This means your information may be stored or processed in jurisdictions with different data protection laws. Regardless of location, we take reasonable steps to ensure that:
  • data is protected by appropriate contractual and technical safeguards, and
  • any third party handling personal data on our behalf is required to protect it to a similar standard.
If you do not wish your information to be stored or processed outside your country, you should not use the Services.

9. Data security

We take reasonable technical and organisational measures to protect your information, including:
  • secure data centres and cloud infrastructure
  • encryption in transit (e.g. HTTPS/TLS)
  • access controls and role-based permissions
  • regular backups
  • monitoring and logging of key systems
  • staff access limited to what is necessary for their role
No system can be 100% secure. If you believe your account or data may have been compromised, please contact us immediately at privacy@lecxa.com.au.
You are responsible for:
  • keeping your password and login details safe
  • using strong passwords and enabling additional security controls where offered
  • notifying us promptly if you suspect unauthorised access to your account

10. Data retention

We keep personal data and Customer Data for as long as necessary to:
  • provide the Services
  • comply with legal, tax or accounting requirements
  • resolve disputes and enforce agreements
In general:
  • account and billing records are retained for the period required under applicable laws (for example, record-keeping obligations);
  • Customer Data in your account is retained while your subscription is active;
  • following cancellation or expiry, data may be retained for a limited period (for example, to allow reactivation or export) before being deleted or anonymised in line with our internal retention policies.
Specific retention rules may apply to data received from platforms like Shopify (see Section 12).
You may request deletion of certain data (see your rights in Section 11), subject to legal and contractual limits.

11. Your rights

Depending on where you are located and which laws apply, you may have rights regarding your personal data, including to:
  • Access: request confirmation that we process your personal data and receive a copy.
  • Correct: ask us to correct inaccurate or incomplete personal data.
  • Delete: request deletion of personal data, subject to legal or contractual obligations to retain it.
  • Restrict: ask us to limit how we process your personal data in certain circumstances.
  • Object: object to certain types of processing, including direct marketing.
  • Withdraw consent: where processing is based on consent, withdraw that consent at any time (this won’t affect processing that has already occurred).
You can exercise many of these rights by:
  • updating your details within your Lecxa account; or
  • emailing us at privacy@lecxa.com.au.
We may need to verify your identity before fulfilling your request. We will respond within a reasonable timeframe and within any period required by law.
If you are unhappy with how we handle your personal data, you can also lodge a complaint with your local data protection authority. In Australia, this is the Office of the Australian Information Commissioner (OAIC).

12. Processing of data from your Shopify store

This section applies if you use Lecxa with your Shopify store.

12.1 Information we receive from Shopify

To provide Lecxa’s inventory and fulfilment features, we access certain data from your Shopify store when you install and use our app, including Protected Customer Data such as:
  • customer name
  • customer email
  • customer phone number
  • shipping address
  • billing address
  • order details and line items

12.2 How we use Shopify data

We use Shopify-sourced data only to provide Lecxa’s services to you, for example:
  • generating picking lists, packing slips and shipping labels
  • helping your team fulfil orders and manage inventory
  • sending shipping or fulfilment notifications (where configured)
  • syncing financial records with accounting tools (e.g. Xero) at your direction
We do not use your Shopify customer data for unrelated marketing or data brokering.

12.3 Sharing Shopify data with third parties

We may share Shopify-derived data with:
  • accounting systems (e.g. Xero), where you have chosen to connect them
  • shipping carriers and logistics tools, to generate labels or book shipments
  • our hosting, infrastructure and support providers, as necessary to operate the Services
We do not sell or rent your customers’ personal information.

12.4 Retention after app uninstall

If you uninstall the Lecxa app from your Shopify store:
  • we retain Shopify-sourced personal data for a limited grace period (for example, up to 90 days) to allow you to reinstall or request exports;
  • after that period, we run processes to delete or anonymise personal data relating to your Shopify customers from our systems, subject to any legal obligations to retain certain records.
Your own Lecxa account information (as a merchant) may be retained for longer to comply with our legal and financial obligations.

12.5 Data deletion requests (GDPR / CCPA and Shopify webhooks)

We support Shopify’s mandatory data protection webhooks (such as customers/redact and shop/redact). When we receive a deletion request from Shopify:
  • we locate the relevant records in Lecxa;
  • we either delete or anonymise personal identifiers (name, email, phone, addresses) while retaining non-personal transactional data (order totals, dates, products, etc.) for your reporting and compliance.
Data synced from Lecxa into your own third-party accounts (for example, Xero) is governed by those services’ policies and your configuration. Lecxa cannot directly delete data in your separate accounts.

13. Children’s privacy

The Services are not intended for use by children under the age of 16 (or the relevant minimum age in your jurisdiction). We do not knowingly collect personal data directly from children.
In some cases, your own systems may contain data about your customers’ end users (including minors) which is synced to Lecxa (for example, via Shopify). In those cases, Lecxa processes that information purely as a data processor on your behalf. You are responsible for ensuring any such data is collected and used lawfully, including obtaining parental consent where required.
If you believe we have collected personal data from a child contrary to this section, please contact us at privacy@lecxa.com.au so we can investigate and take appropriate action.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time (for example, to reflect new features, integrations or legal requirements).
  • When we make changes, we will post the updated Policy on our website with a new “Last updated” date.
  • For significant changes, we may also notify you via email or in-app notification.
Your continued use of the Services after an update means you accept the revised Policy.

15. Contacting us and complaints

If you have any questions, requests or complaints about this Privacy Policy or how we handle personal data, please contact our Privacy Officer:
📧 Email: privacy@lecxa.com.au
Please provide as much detail as you can. We will:
  • acknowledge receipt of your query or complaint within a reasonable time, and
  • investigate and aim to respond or resolve it within 30 days or as required by law.
If you are not satisfied with our response, you may lodge a complaint with the relevant privacy regulator in your jurisdiction.

16. Data Processing Addendum (DPA)

If your organisation requires a Data Processing Addendum for compliance (for example under GDPR), please contact us at privacy@lecxa.com.au to request a copy or to arrange execution.