Security & Compliance

Enterprise-Grade Security for Legal Work

ISO 27001 certified. GDPR compliant. Your client data is never used to train AI models.

ISO 27001
Certified
ISO 42001
AI Management
SOC 2 Type II
In Progress
GDPR
Compliant

How We Protect Your Data

AES-256 Encryption at Rest

All stored data is encrypted with AES-256, the gold standard used by governments and financial institutions worldwide.

TLS 1.2+ Encryption in Transit

Every data transmission is secured with TLS 1.2 or higher, preventing interception during transfer.

Enterprise-Grade Cloud Infrastructure

Hosted on industry-leading cloud infrastructure with 99.9% uptime SLA and built-in redundancy.

Client Data Isolation

Your data is never shared across tenants. Strict logical isolation ensures complete separation between organisations.

Zero-Training Policy

Your data is never used to train AI models. Period. Your confidential information stays confidential.

Certifications & Standards

ISO 27001

Information Security Management System

Certified to the international standard for information security management, demonstrating our commitment to protecting client data through systematic risk management.

ISO 42001

AI Management System

Certified to the international standard for responsible AI management, ensuring our AI systems are developed and deployed ethically and transparently.

SOC 2 Type II

Service Organization Controls

SOC 2 Type II certification is currently in progress and expected soon. This will provide independent verification of our security, availability, and confidentiality controls.

GDPR

EU Data Protection

Full compliance with the General Data Protection Regulation, including data minimisation, purpose limitation, lawful processing, and data subject rights.

Infrastructure & Access Control

  • Role-based access control (RBAC)
  • SSO / SAML support
  • Comprehensive audit logging
  • Regular penetration testing
  • Documented incident response procedures

Need a Data Processing Agreement?

We provide Data Processing Agreements to meet your regulatory and compliance requirements. Contact us to request a DPA tailored to your organisation.

Contact Us for DPA

Security FAQ

No. Lexi never uses your client data to train AI models. Your data is encrypted, isolated, and used only to serve your firm.

Yes. Lexi is fully GDPR compliant with data processing agreements available on request.

Your data is stored in enterprise-grade cloud infrastructure with AES-256 encryption at rest and TLS 1.2+ encryption in transit.

Lexi has documented incident response procedures including immediate containment, investigation, notification within required timeframes, and remediation.

Yes. Contact us at hi@getlexi.io to request a DPA.

Lexi holds ISO 27001 and ISO 42001 certifications, is GDPR compliant, and SOC 2 Type II certification is in progress.

Ready to see how Lexi protects your practice?

Schedule a call to learn about our security infrastructure and how Lexi keeps your client data safe.

Schedule a Call