LawyerDesk — Empowering Legal Excellence

Security

Our approach to protecting matter data, credentials, and infrastructure.

Last updated April 18, 2026

01Our principles

Three commitments shape every design decision:

  • Confidentiality first. Attorney-client privilege isn't a feature flag.
  • Least privilege. People and services see only what they need.
  • Assume breach. We build so that compromise of one layer doesn't cascade.

02Encryption

Data is encrypted in transit with TLS 1.3 and at rest with AES-256. Enterprise customers can bring their own keys via AWS KMS, Azure Key Vault, or GCP KMS with customer-managed rotation.

03Tenant isolation

Each customer tenant runs in its own logical boundary with per-tenant keys. Queries and prompts never cross tenants. Model inference happens in isolated pods; no cross-tenant caching, no shared embeddings.

04Certifications and audits

FrameworkStatusDetail
DPDP Act (India)AlignedIndia data residency by default
SOC 2 Type IIControls aligned; audit in progressRoadmap on request
ISO 27001Controls alignedRoadmap on request
GDPRAligned (DPA available)For customers with EU data subjects

We describe our posture precisely: where an external audit or certification is complete, we say certified; until then, we say aligned. Ask security@lawyerdesk.ai for the current status of any framework.

05Access controls

SAML SSO, SCIM provisioning, role-based access control, IP allow-listing, and mandatory MFA for all LawyerDesk employees. Break-glass access to customer data is audited end-to-end and requires customer approval for enterprise tenants.

06Testing and disclosure

Third-party penetration tests twice a year. Continuous vulnerability scanning. We welcome responsible disclosure at security@lawyerdesk.ai with a 90-day coordinated-disclosure window.

07Incident response

Incidents are triaged within one hour, investigated by a dedicated security team, and customers are notified within 72 hours of confirmation in line with GDPR/DPDP. Post-incident reports are delivered to affected customers within 30 days.

Questions about this document?

Our legal team responds within two business days. Enterprise customers can reach their dedicated counsel through the support portal.