Privacy Statement

Last Updated: October 17, 2025

Costa Consulting Group LLC (DBA Lexora Labs) (“Lexora”, “we”, “us”, “our”) is committed to protecting your privacy. This Privacy Statement explains how we collect, use, disclose, transfer, and safeguard your personal data in connection with your use of the website lexoralabs.com (the “Site”), our services (such as strategic audits, newsletters, consulting), and other interactions with us.

1. Data Controller & Legal Entity

The data controller for the personal data collected under this Statement is:
Costa Consulting Group LLC (DBA Lexora Labs)
Mailing address: 1630 S Delaware St Unit 5192, San Mateo, CA 94402
Contact email: hello@lexoralabs.com

2. Scope & Applicability

This Privacy Statement applies to:

  • Visitors to our Site
  • Individuals who sign up for services, newsletters, audits, or other offerings
  • Individuals who communicate with us
  • The processing of personal data in the context of delivering our services

It does not apply to websites or services operated by others where we have no control; those may have their own privacy policies.

3. Personal Data We Collect

3.1 Information You Provide

We collect data you voluntarily submit, including:

  • Your name, email address, company name, title/role
  • Other information you provide when you request a strategic audit or other service
  • Content and metadata from communications (emails, messages)
  • Inputs or content you provide that might be processed via AI models (e.g., Claude, ChatGPT)

3.2 Automatically Collected / Technical Data

When you visit the Site, we (and our service providers) automatically collect:

  • IP address, device type, browser, operating system
  • Page views, session lengths, referring URL, click interactions
  • Cookies, tracking IDs, analytics data
  • Locale / language preferences, performance metrics

3.3 From Third Parties & Integrations

We integrate tools such as n8n, AI model providers, mailing systems (e.g. “Kit”), and analytics vendors. These third parties may provide us with:

  • Enriched metadata
  • Email validation or engagement metrics
  • Correlated usage or behavioral data

We may combine or correlate that data with data we collect ourselves.

4. Purposes of Processing & Legal Basis

We process personal data to support a number of functions. The legal basis for each depends on jurisdiction and context (e.g. consent, legitimate interest, contractual necessity, legal obligation). Here are typical purposes:

  • Delivering services: responding to your inquiries, audits, consulting
  • Communications & marketing: newsletters, promotional content, updates
  • Analysis & improvement: understanding how our Site and services are used
  • Personalization: tailoring content, offers, or user experience
  • Security & fraud prevention: ensuring integrity and protection of data
  • Legal compliance & business operations: recordkeeping, audits, accounting
  • Internal uses: planning, optimization, internal analytics

Where required (e.g. in the EU), we will seek your consent for certain uses (such as profiling, automated decision-making, or marketing).

5. Disclosure & Sharing of Personal Data

5.1 Recipients / Categories of Processors

We may share personal data with:

  • Service providers (AI providers, email/marketing platforms, analytics vendors, hosting / infrastructure, integration tools)
  • Legal, accounting, or compliance advisors
  • Affiliates, successors, or in connection with business transactions
  • Other parties when you have given explicit consent

We require that these parties adhere to confidentiality, security, and applicable privacy laws.

5.2 International Transfers & Safeguards

As a globally accessible service, your data might be transferred to, stored, or processed in the U.S. or other jurisdictions. By using our Site or services, you consent to such transfers.

Where required by law (for example, transfers from the EU/UK), we’ll implement standard contractual clauses or other appropriate safeguards.

6. Cookies & Similar Tracking

We and our third-party partners use cookies, web beacons, local storage, pixels, and similar tools to:

  • Maintain site functionality and user sessions
  • Perform analytics and usage measurement (e.g. via Google Analytics)
  • Enable personalization and marketing
  • Store consent and preferences

You can reject or disable cookies through your browser settings. Be aware that some parts of the Site may not work properly if cookies are blocked. In jurisdictions requiring explicit consent (e.g. EU), we will present a banner or consent UI so you can choose which cookie categories to accept.

7. Data Retention

We retain personal data in line with business needs and legal obligations. Our general practices are:

  • Leads / Contact Data: Up to 3 years from last activity
  • Analytics / Logs: Only aggregated (no individual-level retention)
  • Communications & Support Records: Retained as needed based on the engagement’s nature

8. Your Rights & Choices

Depending on your location, you may have rights to:

  • Access the personal data we hold about you
  • Request correction or update of inaccurate or incomplete data
  • Request deletion or erasure (to the extent permissible)
  • Restrict or object to certain processing
  • Withdraw consent (for processing based on consent)
  • Request portability (receive data in a machine-readable format)
  • Opt-out of marketing or promotional communications

To exercise these rights, contact us at hello@lexoralabs.com. We may require verification of identity before fulfilling requests. Legal or contractual obligations may limit what we can delete or modify. If you are in California, you may also have rights under the CCPA/CPRA (such as the right to opt-out of “sale” or “sharing” of personal info, non-discrimination for exercising rights, etc.).

9. Security Measures

We employ reasonable technical and organizational security measures to protect your personal data, including:

  • Encryption in transit (TLS)
  • Access controls and role-based permissions
  • Periodic security audits / vulnerability assessments
  • Contractual obligations on vendors to maintain security

Although we strive for strong protection, no system is perfect. In the event of a breach affecting your data, we will notify you and relevant authorities as required by applicable law, and take mitigative actions.

10. Children’s Privacy

We do not knowingly collect personal information from minors under the minimum age defined by applicable laws (e.g. under 13 in the U.S.). If we learn we have inadvertently collected such data, we will take steps to delete it.

11. Changes to This Statement

We may update this Privacy Statement periodically (e.g. when we integrate new tools, change practices, or to address legal updates). We’ll post the revised version on the Site with an updated “Last Updated” date. If changes are material, we may provide more prominent notice (e.g. via email). Continued use of the Site or services after changes are posted constitutes acceptance of the updated Statement.

12. Contact & Data Protection Correspondence

If you have questions, concerns, or wish to make a data access / deletion request, contact:

Costa Consulting Group LLC (DBA Lexora Labs)
Mailing address: 1630 S Delaware St Unit 5192, San Mateo, CA 94402
Email: hello@lexoralabs.com