Security & trust

Built for the ethical and regulatory weight of legal practice.

Legal AI+ treats client data the way a law firm should — encrypted, isolated, audited, and never used to train public models.

AES-256 encryption at rest

All client data, documents, and AI artifacts are encrypted at rest with AES-256, including database fields and file storage.

TLS 1.3 in transit

Every request between your firm, our infrastructure, and supporting services uses modern TLS with strong cipher suites only.

Tenant isolation

Every law firm is its own logical tenant. Row-level security policies enforce isolation at the database layer — not in application code.

Private AI inference

AI runs against gateway-mediated models with no public API training feedback. Your client data is never used to improve third-party models.

Zero-trust access control

Roles (Admin, Attorney, Paralegal, Client) gate every action. Privileged actions require step-up authentication and are written to a tamper-evident audit log.

Per-file audit trail

Every document upload, view, download, and share event is logged with actor, timestamp, IP, and user agent.

MFA enforced

Multi-factor authentication is required for all staff accounts. Enterprise plans support SSO/SAML and SCIM provisioning.

Compliance-aligned

Architecture aligned with GDPR, CCPA, and HIPAA principles. BAA available on Enterprise plans. US-based cloud regions only.

The private AI promise

Your client data does not train public models.

Every AI task in Legal AI+ — form drafting, summarization, risk scoring, compliance monitoring — runs through a gateway that explicitly disables training feedback to upstream model providers.

Predictive scoring uses a per-tenant statistical layer trained only on your firm's own historical case outcomes. There is no cross-tenant data sharing of any kind.

Attorneys can review the input snapshot used for any AI artifact, see which model produced it, and reject the output before a client sees a single character.

Security questions before procurement?

We share our SOC 2 Type II readiness report, BAA template, data-flow diagrams, and penetration-test summaries under NDA with prospects.