Privacy Policy

Last updated: 28 May 2026

1. Who we are

Lexablocks is a free side project that breaks Japanese sentences into clickable grammar blocks. It is operated by Pure Bluff, based in the United Arab Emirates. For any data-related question, email us at the address on the contact page.

2. What we collect

  • Sentences you submit.When you paste a sentence into the tool, the text is sent to our server and to the AI provider listed below. We store the resulting explanation in a cache keyed by a SHA-256 hash of (sentence + model + prompt version), so identical sentences don't re-call the AI. The cache row contains no user identifier.
  • A hashed form of your IP address. To prevent abuse and keep the service free, we count how many sentences each visitor sends per day. Before storing anything, the IP is combined with a server-side secret salt and run through SHA-256. The result is pseudonymous and not by itself enough to identify you. We do not store your raw IP.
  • Nothing else. No accounts. No cookies. No tracking pixels. No browser fingerprinting. No analytics that identify individuals. We do not host a contact form on the site — to reach us you email us directly from your own mail client, so the contents of that email go through your own email provider, not ours.

3. Why we collect it

Both categories above are collected on the basis of our legitimate interest in operating the service (UAE PDPL Article 5):

  • Hashed IP: daily rate limiting (capped at 50 sentences per day per visitor) and basic abuse prevention.
  • Cached sentences: to reduce duplicate calls to the AI provider, which makes the service faster and lets us continue to offer it free.

4. Third parties involved

We use a small number of trusted infrastructure providers. Each is the minimum needed to run the site:

  • Groq, Inc. (United States) — AI provider. Receives the sentence text you submit to generate an explanation.
  • Neon, Inc. (United States, on AWS) — Postgres database hosting. Stores the cache and the hashed rate-limit counters with encryption at rest (AES-256) and in transit (TLS 1.2+).
  • Vercel, Inc. (United States) — application hosting and CDN. Sees your raw IP at the network edge for routing, but does not retain it on our behalf.

5. Cross-border transfer

All three providers above process data in the United States. Under UAE PDPL Article 22, we rely on each provider's Data Processing Agreement (DPA) — which contains contractual safeguards equivalent to standard contractual clauses — together with your consent (acknowledged by your use of the service) as the legal basis for these transfers.

6. How long we keep it

  • Cache entries: retained while the cache key remains valid (i.e. until the model or prompt version changes). Content is addressed only by a SHA-256 hash, with no user identifier attached.
  • Rate-limit rows: automatically deleted seven days after they are created. The cleanup happens inside the database on every rate-limit write, so no scheduler is required.
  • Emails you send us: retained in our mailbox for as long as needed to respond and to keep a normal correspondence history. You can ask us to delete prior correspondence at any time.

7. Your rights under PDPL

You have the right to:

  • Access information about how we process your data.
  • Request rectification of inaccurate data.
  • Request erasure of your data.
  • Restrict or object to processing.
  • Request data portability.
  • Withdraw consent at any time.

Because we do not collect any identifying data, most of these rights are satisfied simply by you ceasing to use the service. To exercise any right, email us using the address on the contact page.

8. Children

Lexablocks is intended for users aged 13 and over. We do not knowingly collect data from anyone under 13. If you believe we have inadvertently done so, please reach us via the contact page and we will delete it.

9. Security

All traffic to the site is served over HTTPS. The database is encrypted at rest. IP addresses are hashed with a server-side salt before any write. We store no passwords and no payment information — there is intentionally very little data to protect.

10. Changes to this policy

If we materially change how we handle data, we will update this page and surface a notice in the application. The "Last updated" date at the top of this page tells you when the policy last changed.

11. Contact

Privacy questions, data requests, or anything else: email us using the address on the contact page.