Zum Inhalt springen
LexLogik

Action bar for IT & compliance

⚖️ DPA template (Art. 28 GDPR)

Review note: This document summarises the technical and organisational measures (TOMs) of the LexLogik platform. To simplify your due diligence, you have direct access above to the printable fact sheet and the current DPA template including technical annexes.

Security & compliance

Technical data sheet: Data security & infrastructure

LexLogik – The sovereign solution for holders of professional secrecy

Video soon

A short overview matching this whitepaper — content to follow.

Security & infrastructure — video to follow

1. Quick check for IT review

  • Cloud model: 100% private cloud (no use of US hyperscalers such as AWS/Azure/Google).
  • Encryption: TLS 1.3 (in transit) / AES-256 (data at rest and session partitions).
  • Storage paradigm: Zero-retention (no persistent storage of content data).
  • AI infrastructure: Local inference on our own hardware (no third-party APIs / no OpenAI).
  • Server locations: Nuremberg & Falkenstein, Germany.
  • Compliance: Fully aligned with § 43e BRAO & Art. 28 GDPR.

2. Hosting & digital sovereignty

LexLogik is designed for full independence from non-European jurisdictions (excluding the US Cloud Act).

  • Infrastructure: Operation on dedicated hardware in German high-security data centres (partner: Hetzner Online GmbH).
  • Certification: The data centre infrastructure is certified to ISO 27001.
  • Network security: Multi-tier firewall architecture. Administrative access only via encrypted VPN tunnels and multi-factor authentication (MFA).

3. The LexLogik data cycle (zero-retention)

Our architecture is designed to minimise the risk of data theft by technically avoiding persistent storage.

  • Transport: End-to-end encryption via TLS 1.3.
  • Processing: Document optimisation and text extraction run in volatile RAM instances or on temporarily encrypted session partitions.
  • Automated purge: Immediately after processing completes and the download is provided, source file and result are deleted without recovery. No backups of client data are created.
  • Metadata separation: Content data is strictly separated from administrative metadata (e.g. timestamps for audit logging).

4. Sovereign AI architecture (no-API policy)

Unlike standard solutions, LexLogik does not transfer data to external AI providers.

  • Local model hosting: Our dual OCR engines and legal AI run as containerised instances directly on our hardware in Germany.
  • No AI training: Customer data is never used to train or improve AI models. All models are statically pre-trained.

5. Compliance & legal framework

LexLogik is built for holders of professional secrecy to reduce the risk of organisational fault for law firm partners.

  • § 43e BRAO: Technical safeguards support compliance with attorney confidentiality when engaging service providers.
  • Staff compliance: All staff with system administration access are contractually bound to data secrecy and the special duties under StPO/BRAO.

Contact for technical enquiries

Clemens Schmid

Email: info@lexlogik.com

Website: lexlogik.com

Document ID:
LX-SEC-2026-V2.2
As of:
March 2026
Applies to:
All current instances (Counsel, Professional, Enterprise)

Back to Security & compliance