Technical data sheet: Data security & infrastructure for UK solicitors

1. Quick Check for IT & Compliance Review

• Cloud Model: 100% Private Cloud (Zero exposure to US hyperscalers like AWS, Azure, or Google Cloud).
• Encryption: TLS 1.3 (in transit) / AES-256 (data at rest and session partitions).
• Storage Paradigm: Zero-Retention (No persistent storage of client document content).
• AI Infrastructure: Local inference on dedicated hardware (No third-party APIs / No OpenAI / No data leakage).
• Server Locations: Germany (EEA) - fully compliant with the UK Adequacy Regulations.
• Compliance: Fully aligned with SRA Standards and Regulations & UK GDPR.

2. Hosting & Data Sovereignty

LexLogik is engineered for total independence from non-European jurisdictions, specifically mitigating risks associated with the US Cloud Act.

• Infrastructure: Operation on dedicated, bare-metal hardware in high-security data centres (Partner: Hetzner Online GmbH).
• Certification: Data centres are certified to ISO 27001 standards.
• Network Security: Multi-tier firewall architecture. Administrative access is restricted via encrypted VPN tunnels and mandatory Multi-Factor Authentication (MFA).
• UK Adequacy: Data processing in Germany is covered by the UK's Adequacy Decision, ensuring seamless compliance with UK GDPR for cross-border data flows.

3. The LexLogik Data Cycle (Zero-Retention)

Our architecture is designed to protect Legal Professional Privilege (LPP) by technically avoiding any persistent storage of sensitive content.

• Transport: End-to-end encryption via TLS 1.3.
• Processing: Document optimisation and text extraction occur in volatile RAM instances or temporarily encrypted session partitions.
• Automated Purge: Immediately after processing is complete and the download is provided, the source file and result are deleted permanently. No backups of client data are ever created.
• Metadata Separation: Content data is strictly isolated from administrative metadata (e.g., timestamps for audit logging).

4. Sovereign AI Architecture (No-API Policy)

Unlike most "Legal AI" tools, LexLogik does not transfer your data to external providers.

• Local Model Hosting: Our dual OCR engines and Legal AI run as containerised instances directly on our sovereign hardware.
• No AI Training: Your firm's data is never used to train or improve AI models. All models are statically pre-trained and operate in a "black box" environment.

5. Compliance & SRA Framework

LexLogik is built to help Solicitors meet their professional obligations and reduce the risk of regulatory breaches.

• SRA Code of Conduct: Our technical safeguards directly support compliance with Paragraph 6.3 (Confidentiality) and Paragraph 7.1 (Management of the firm) of the SRA Code of Conduct.
• Staff Compliance: All staff with system access are contractually bound by strict confidentiality agreements, mirroring the duties required for handling privileged legal material.

6. Client Isolation & Logical Separation

• Tenant Isolation: Every processing task runs in a strictly isolated container. Data paths for different users can never overlap at a technical level.
• Least Privilege: Access to processing resources is governed by a granular permission model based on the "Least Privilege" principle.

7. Availability & Resilience

• Redundancy: Geographic redundancy across multiple high-security sites ensures that the service remains available even during localised infrastructure failures.
• DDoS Protection: Our infrastructure is shielded by specialised scrubbing centres to ensure your firm's operations are never interrupted by cyberattacks.

8. Incident Management & Auditing

• Incident Response: Defined processes are in place to identify and remediate security incidents in line with Art. 33 UK GDPR.
• Audit-Ready Logging: System events (logins, API calls) are recorded for audit purposes. Important: These logs contain only technical metadata - never the content of your documents.

9. Zero-Access Policy

• Administrative Exclusion: LexLogik staff have no technical way to view the content of your sessions during processing.
• Documented Support: Support access to user accounts only occurs after explicit client approval and is fully logged for your firm's internal audit trail.