Technical data sheet: Data security & infrastructure

1. Quick check for IT review

• Cloud model: 100% private cloud (no use of US hyperscalers such as AWS/Azure/Google).
• Encryption: TLS 1.3 (in transit) / AES-256 (data at rest and session partitions).
• Storage paradigm: Zero-retention (no persistent storage of content data).
• AI infrastructure: Local inference on our own hardware (no third-party APIs / no OpenAI).
• Server locations: Nuremberg & Falkenstein, Germany.
• Compliance: Aligned with the EU GDPR and Irish solicitor confidentiality.

2. Hosting & digital sovereignty

LexLogik is designed to keep core processing outside the direct scope of non-European jurisdictions, specifically reducing exposure to the US CLOUD Act.

• Infrastructure: Operation on dedicated hardware in German high-security data centres (partner: Hetzner Online GmbH).
• Certification (hosting): The data centres we use from hosting partner Hetzner Online GmbH are certified to ISO 27001.
• Network security: Multi-tier firewall architecture. Administrative access only via encrypted VPN tunnels and multi-factor authentication (MFA).

3. The LexLogik data cycle (zero-retention)

Our architecture is designed to minimise the risk of data theft by technically avoiding persistent storage.

• Transport: End-to-end encryption via TLS 1.3.
• Processing: Document optimisation and text extraction run in volatile RAM instances or on temporarily encrypted session partitions.
• Automated purge: Immediately after processing completes and the download is provided, source file and result are deleted without recovery. No backups of client data are created.
• Metadata separation: Content data is strictly separated from administrative metadata (e.g. timestamps for audit logging).

4. Sovereign AI architecture (no-API policy)

Unlike standard solutions, LexLogik does not transfer data to external AI providers.

• Local model hosting: Our dual OCR engines and legal AI run as containerised instances directly on our hardware in Germany.
• No AI training: Customer data is never used to train or improve AI models. All models are statically pre-trained.

5. Compliance & legal framework

LexLogik is built for holders of professional secrecy to reduce the risk of organisational fault for law firm partners.

• Solicitors Acts & LPP: Technical safeguards support solicitors' confidentiality and Legal Professional Privilege when engaging service providers.
• Staff compliance: All staff with system administration access are contractually bound to data secrecy and the special duties applicable to handling privileged legal material.

6. Client isolation & logical separation

• Tenant isolation: Processing runs in strictly isolated container instances. Data paths for different users can never mix at the technical level.
• Logical access control: Access to processing resources is governed by a granular permission model based on least privilege.

7. Availability & resilience

• Redundancy: Using Nuremberg and Falkenstein sites provides geographic redundancy. If one site fails, the service remains available via the other.
• DDoS protection: The infrastructure is shielded by specialised scrubbing centres against distributed denial-of-service attacks to keep the service reliably reachable for firm operations.

8. Incident management & auditing

• Incident response: There is a defined process to identify, report, and remediate security incidents in line with Art. 33 GDPR.
• Logging: System events (logins, API calls) are recorded in an audit-ready way to deter abuse. Important: these logs contain only technical metadata - never content data from your documents.

9. Zero-access policy for support

• Administrative exclusion: Our staff have no technical insight into volatile session content during processing. Support access to user accounts happens only after explicit customer approval and is fully documented.