Privacy Policy
Effective date: 26 May 2026
This Privacy Policy explains how Opiniões Diligentes – Consultoria Estratégica, Lda (a sociedade por quotas incorporated under Portuguese law), trading as "Lexstream" ("Lexstream", "we", "us", "our"), collects, uses, shares and protects personal data when you use our website at lexstream.io, the Lexstream Academy learning platform (currently at academy.lexstream.io), and related services (together, the "Services").
We are committed to processing personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and applicable national data protection law.
Scope note: Our separate product LexLens (lexlens.io and the LexLens mobile app) is governed by its own privacy policy. This Policy does not cover third-party websites we link to.
1. WHO WE ARE (DATA CONTROLLER)
The data controller responsible for your personal data is:
Entity: Opiniões Diligentes – Consultoria Estratégica, Lda
Legal form: Sociedade por quotas (Lda.), incorporated under Portuguese law
Registered address: Alameda Dom Afonso Henriques, N.º 19, 1.º Dto, 1900-179 Lisboa, Portugal
NIPC / VAT number: 516025660
Contact for privacy matters: info@lexstream.io
If you have any question about this Policy or how we handle your data, contact us at info@lexstream.io.
2. THE PERSONAL DATA WE COLLECT
We collect the following categories of personal data:
a. Account and registration data. When you create an account or register for the Academy, we collect your name, email address, password (stored in hashed form), and, where you choose to provide them, your telephone number, postal address, country, date of birth, profile photo/avatar, company name and size, profession, website, university and graduation year.
b. Social login data. If you sign in using Google, Facebook, LinkedIn, Apple or X (Twitter), we receive basic profile information (such as your name and email) from that provider in accordance with the permissions you grant. We do not receive your password for those services.
c. Learning and usage data. Course enrolments, progress and completion, quiz and assessment results, certificates, content you view, and your interactions with videos, podcasts and interactive activities.
d. Payment data. Where you purchase a paid course or subscription, payment is processed by our third-party payment provider [PAYMENT PROVIDER, e.g. Stripe]. We receive confirmation of payment and limited transaction details; we do not collect or store full payment card numbers.
e. Communications and support data. The content of emails, support requests and any correspondence you send us, and your marketing preferences.
f. User-generated content. Comments, posts, uploads or other content you submit within community or course features, where available.
g. Technical and device data (collected automatically). IP address, browser type and version, operating system, device identifiers, referring URLs, pages viewed, and cookie and similar-technology data (see Section 6).
We do not intentionally collect special categories of data (e.g. health, political opinions). Please do not submit such data through free-text fields.
3. HOW WE COLLECT PERSONAL DATA
We collect data: (i) directly from you when you register, complete forms, purchase, communicate with us or use the Services; (ii) automatically through cookies and similar technologies; and (iii) from third parties, such as social login providers when you choose to use them.
4. WHY WE PROCESS YOUR DATA, AND OUR LEGAL BASES
We process personal data only where we have a lawful basis under Article 6 GDPR:
- Creating and managing your account; providing the Academy and Services; delivering courses and certificates — Performance of a contract (Art. 6(1)(b)).
- Processing payments and managing subscriptions — Performance of a contract (Art. 6(1)(b)).
- Sending service and transactional emails (e.g. account, security, course updates) — Performance of a contract / legitimate interests (Art. 6(1)(b),(f)).
- Sending marketing communications and newsletters — Consent (Art. 6(1)(a)), withdrawable at any time.
- Analytics, securing and improving the Services, preventing fraud and abuse — Legitimate interests (Art. 6(1)(f)).
- Non-essential cookies and similar tracking — Consent (Art. 6(1)(a)).
- Complying with legal, tax and accounting obligations — Legal obligation (Art. 6(1)(c)).
Where we rely on legitimate interests, we have assessed that these are not overridden by your rights and freedoms; you may object as described in Section 9.
5. MARKETING COMMUNICATIONS
We send marketing emails only where you have opted in. Every marketing email contains an unsubscribe link, and you can withdraw consent at any time by clicking it or contacting us. Withdrawing consent does not affect service or transactional messages necessary to operate your account.
6. COOKIES AND SIMILAR TECHNOLOGIES
We use cookies and similar technologies for functional, preference, statistical and marketing purposes. Non-essential cookies are set only with your consent, which you give and manage through our cookie consent banner. For full details of the cookies we use and how to control them, see our Cookie Policy at lexstream.io/cookie-policy-eu/.
7. WHO WE SHARE YOUR DATA WITH
We do not sell your personal data. We share it only with the following categories of recipients, who act as our processors under written agreements and only on our instructions:
- Learning platform hosting: LearnWorlds, which hosts the Lexstream Academy.
- Email and communications: Google (Google Workspace), MailerSend, MailerLite and Mailgun, for transactional and marketing email.
- Content and media: Synthesia (AI avatar/video generation) and embedded media providers such as Spotify.
- Infrastructure and security: Cloudflare (DNS, content delivery and security) and our website hosting provider.
- Payments: [PAYMENT PROVIDER, e.g. Stripe].
- Authentication: Google, Meta (Facebook), LinkedIn, Apple and X, where you use social login.
- Professional advisers and authorities: legal, accounting and tax advisers, and public authorities where required by law.
We may also disclose data where necessary to comply with a legal obligation, enforce our terms, or protect our rights, users or the public. If our business is reorganised, merged or sold, data may be transferred to the relevant successor, subject to this Policy.
8. INTERNATIONAL TRANSFERS
Some of our processors are located outside the European Economic Area (EEA), including in the United Kingdom and the United States. Where we transfer personal data outside the EEA, we rely on an appropriate safeguard under Chapter V GDPR — typically a European Commission adequacy decision (e.g. the UK adequacy decision, or the EU–US Data Privacy Framework where the recipient is certified) or Standard Contractual Clauses with supplementary measures as needed. You may request more information about these safeguards at info@lexstream.io.
9. YOUR RIGHTS
Subject to the conditions in the GDPR, you have the right to:
- Access your personal data and obtain a copy — free of charge.
- Rectify inaccurate or incomplete data.
- Erase your data ("right to be forgotten").
- Restrict processing in certain circumstances.
- Object to processing based on legitimate interests, and to direct marketing at any time.
- Data portability — receive your data in a structured, commonly used, machine-readable format.
- Withdraw consent at any time, without affecting prior lawful processing.
- Lodge a complaint with a supervisory authority.
To exercise any right, contact info@lexstream.io. We will respond within one month, as required by Article 12 GDPR. We may need to verify your identity first. You can also access and update much of your account data directly within your Academy profile.
Supervisory authority. As we are established in Portugal, our lead supervisory authority is the Comissão Nacional de Proteção de Dados (CNPD) — www.cnpd.pt. You may lodge a complaint with the CNPD, or with the supervisory authority in your own country of residence or workplace.
10. HOW LONG WE KEEP YOUR DATA
We retain personal data only as long as necessary for the purposes set out in this Policy:
- Account data: for as long as your account is active, and for a reasonable period afterwards in case you reactivate.
- Learning records and certificates: for the period needed to evidence completion, or as agreed with institutional clients.
- Payment and accounting records: for the period required by applicable tax and accounting law (typically up to 10 years).
- Marketing data: until you withdraw consent or object.
When data is no longer needed, we securely delete or anonymise it.
11. SECURITY
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure — including encryption in transit, access controls, hashed passwords and vetted processors. No system is perfectly secure, but we work to protect your data and will notify you and the relevant authority of a personal data breach where legally required.
12. AUTOMATED DECISION-MAKING
We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. Our AI tools are used to generate and translate learning content (e.g. avatars, podcasts), not to make decisions about individual users.
13. CHILDREN
The Services are intended for professionals, institutions and adult learners. They are not directed at children, and we do not knowingly collect data from anyone below the minimum age for valid consent in their country (between 13 and 16 under the GDPR). If you believe a child has provided us data, contact us and we will delete it.
14. CHANGES TO THIS POLICY
We may update this Policy from time to time. The "Effective date" and "Version" above will reflect the latest revision. For material changes, we will provide a more prominent notice (e.g. by email or an on-site notice). Continued use of the Services after an update constitutes acknowledgement of the revised Policy, but does not substitute for any consent the law requires us to obtain afresh.
15. CONTACT
Opiniões Diligentes – Consultoria Estratégica, Lda (trading as Lexstream)
Alameda Dom Afonso Henriques, N.º 19, 1.º Dto, 1900-179 Lisboa, Portugal
NIPC 516025660
Email: info@lexstream.io
© Lexstream 2026
This Privacy Policy explains how Opiniões Diligentes – Consultoria Estratégica, Lda (a sociedade por quotas incorporated under Portuguese law), trading as "Lexstream" ("Lexstream", "we", "us", "our"), collects, uses, shares and protects personal data when you use our website at lexstream.io, the Lexstream Academy learning platform (currently at academy.lexstream.io), and related services (together, the "Services").
We are committed to processing personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and applicable national data protection law.
Scope note: Our separate product LexLens (lexlens.io and the LexLens mobile app) is governed by its own privacy policy. This Policy does not cover third-party websites we link to.
1. WHO WE ARE (DATA CONTROLLER)
The data controller responsible for your personal data is:
Entity: Opiniões Diligentes – Consultoria Estratégica, Lda
Legal form: Sociedade por quotas (Lda.), incorporated under Portuguese law
Registered address: Alameda Dom Afonso Henriques, N.º 19, 1.º Dto, 1900-179 Lisboa, Portugal
NIPC / VAT number: 516025660
Contact for privacy matters: info@lexstream.io
If you have any question about this Policy or how we handle your data, contact us at info@lexstream.io.
2. THE PERSONAL DATA WE COLLECT
We collect the following categories of personal data:
a. Account and registration data. When you create an account or register for the Academy, we collect your name, email address, password (stored in hashed form), and, where you choose to provide them, your telephone number, postal address, country, date of birth, profile photo/avatar, company name and size, profession, website, university and graduation year.
b. Social login data. If you sign in using Google, Facebook, LinkedIn, Apple or X (Twitter), we receive basic profile information (such as your name and email) from that provider in accordance with the permissions you grant. We do not receive your password for those services.
c. Learning and usage data. Course enrolments, progress and completion, quiz and assessment results, certificates, content you view, and your interactions with videos, podcasts and interactive activities.
d. Payment data. Where you purchase a paid course or subscription, payment is processed by our third-party payment provider [PAYMENT PROVIDER, e.g. Stripe]. We receive confirmation of payment and limited transaction details; we do not collect or store full payment card numbers.
e. Communications and support data. The content of emails, support requests and any correspondence you send us, and your marketing preferences.
f. User-generated content. Comments, posts, uploads or other content you submit within community or course features, where available.
g. Technical and device data (collected automatically). IP address, browser type and version, operating system, device identifiers, referring URLs, pages viewed, and cookie and similar-technology data (see Section 6).
We do not intentionally collect special categories of data (e.g. health, political opinions). Please do not submit such data through free-text fields.
3. HOW WE COLLECT PERSONAL DATA
We collect data: (i) directly from you when you register, complete forms, purchase, communicate with us or use the Services; (ii) automatically through cookies and similar technologies; and (iii) from third parties, such as social login providers when you choose to use them.
4. WHY WE PROCESS YOUR DATA, AND OUR LEGAL BASES
We process personal data only where we have a lawful basis under Article 6 GDPR:
- Creating and managing your account; providing the Academy and Services; delivering courses and certificates — Performance of a contract (Art. 6(1)(b)).
- Processing payments and managing subscriptions — Performance of a contract (Art. 6(1)(b)).
- Sending service and transactional emails (e.g. account, security, course updates) — Performance of a contract / legitimate interests (Art. 6(1)(b),(f)).
- Sending marketing communications and newsletters — Consent (Art. 6(1)(a)), withdrawable at any time.
- Analytics, securing and improving the Services, preventing fraud and abuse — Legitimate interests (Art. 6(1)(f)).
- Non-essential cookies and similar tracking — Consent (Art. 6(1)(a)).
- Complying with legal, tax and accounting obligations — Legal obligation (Art. 6(1)(c)).
Where we rely on legitimate interests, we have assessed that these are not overridden by your rights and freedoms; you may object as described in Section 9.
5. MARKETING COMMUNICATIONS
We send marketing emails only where you have opted in. Every marketing email contains an unsubscribe link, and you can withdraw consent at any time by clicking it or contacting us. Withdrawing consent does not affect service or transactional messages necessary to operate your account.
6. COOKIES AND SIMILAR TECHNOLOGIES
We use cookies and similar technologies for functional, preference, statistical and marketing purposes. Non-essential cookies are set only with your consent, which you give and manage through our cookie consent banner. For full details of the cookies we use and how to control them, see our Cookie Policy at lexstream.io/cookie-policy-eu/.
7. WHO WE SHARE YOUR DATA WITH
We do not sell your personal data. We share it only with the following categories of recipients, who act as our processors under written agreements and only on our instructions:
- Learning platform hosting: LearnWorlds, which hosts the Lexstream Academy.
- Email and communications: Google (Google Workspace), MailerSend, MailerLite and Mailgun, for transactional and marketing email.
- Content and media: Synthesia (AI avatar/video generation) and embedded media providers such as Spotify.
- Infrastructure and security: Cloudflare (DNS, content delivery and security) and our website hosting provider.
- Payments: [PAYMENT PROVIDER, e.g. Stripe].
- Authentication: Google, Meta (Facebook), LinkedIn, Apple and X, where you use social login.
- Professional advisers and authorities: legal, accounting and tax advisers, and public authorities where required by law.
We may also disclose data where necessary to comply with a legal obligation, enforce our terms, or protect our rights, users or the public. If our business is reorganised, merged or sold, data may be transferred to the relevant successor, subject to this Policy.
8. INTERNATIONAL TRANSFERS
Some of our processors are located outside the European Economic Area (EEA), including in the United Kingdom and the United States. Where we transfer personal data outside the EEA, we rely on an appropriate safeguard under Chapter V GDPR — typically a European Commission adequacy decision (e.g. the UK adequacy decision, or the EU–US Data Privacy Framework where the recipient is certified) or Standard Contractual Clauses with supplementary measures as needed. You may request more information about these safeguards at info@lexstream.io.
9. YOUR RIGHTS
Subject to the conditions in the GDPR, you have the right to:
- Access your personal data and obtain a copy — free of charge.
- Rectify inaccurate or incomplete data.
- Erase your data ("right to be forgotten").
- Restrict processing in certain circumstances.
- Object to processing based on legitimate interests, and to direct marketing at any time.
- Data portability — receive your data in a structured, commonly used, machine-readable format.
- Withdraw consent at any time, without affecting prior lawful processing.
- Lodge a complaint with a supervisory authority.
To exercise any right, contact info@lexstream.io. We will respond within one month, as required by Article 12 GDPR. We may need to verify your identity first. You can also access and update much of your account data directly within your Academy profile.
Supervisory authority. As we are established in Portugal, our lead supervisory authority is the Comissão Nacional de Proteção de Dados (CNPD) — www.cnpd.pt. You may lodge a complaint with the CNPD, or with the supervisory authority in your own country of residence or workplace.
10. HOW LONG WE KEEP YOUR DATA
We retain personal data only as long as necessary for the purposes set out in this Policy:
- Account data: for as long as your account is active, and for a reasonable period afterwards in case you reactivate.
- Learning records and certificates: for the period needed to evidence completion, or as agreed with institutional clients.
- Payment and accounting records: for the period required by applicable tax and accounting law (typically up to 10 years).
- Marketing data: until you withdraw consent or object.
When data is no longer needed, we securely delete or anonymise it.
11. SECURITY
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure — including encryption in transit, access controls, hashed passwords and vetted processors. No system is perfectly secure, but we work to protect your data and will notify you and the relevant authority of a personal data breach where legally required.
12. AUTOMATED DECISION-MAKING
We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. Our AI tools are used to generate and translate learning content (e.g. avatars, podcasts), not to make decisions about individual users.
13. CHILDREN
The Services are intended for professionals, institutions and adult learners. They are not directed at children, and we do not knowingly collect data from anyone below the minimum age for valid consent in their country (between 13 and 16 under the GDPR). If you believe a child has provided us data, contact us and we will delete it.
14. CHANGES TO THIS POLICY
We may update this Policy from time to time. The "Effective date" and "Version" above will reflect the latest revision. For material changes, we will provide a more prominent notice (e.g. by email or an on-site notice). Continued use of the Services after an update constitutes acknowledgement of the revised Policy, but does not substitute for any consent the law requires us to obtain afresh.
15. CONTACT
Opiniões Diligentes – Consultoria Estratégica, Lda (trading as Lexstream)
Alameda Dom Afonso Henriques, N.º 19, 1.º Dto, 1900-179 Lisboa, Portugal
NIPC 516025660
Email: info@lexstream.io
© Lexstream 2026
Who are we?
Learning & Development deserves to shine. Lexstream uses AI to transform traditional knowledge formats into videos, podcasts and experiences people actually want to learn from.
Lexstream © 2026