Last updated: January 2025
Legora is committed to maintaining the highest standards of security for our platform, our customers, and their data. We understand that legal professionals handle some of the most sensitive information in the world, and we take that responsibility seriously.
Legora holds the following certifications: ISO 42001 (AI Governance), ISO 27001 (Information Security Management), and SOC 2 Type 2 (Security, Availability, and Confidentiality). We operate under GDPR and are committed to rigorous data protection standards.
All data transmitted to and from Legora is encrypted using TLS 1.3. All data stored within our systems is encrypted at rest using AES-256 encryption. Encryption keys are managed using industry best practices and rotated regularly.
Access to customer data is restricted on a strict need-to-know basis. We implement role-based access controls, multi-factor authentication for all internal systems, and maintain comprehensive access logs with quarterly reviews.
Customer documents and data are never used to train, fine-tune, or improve our AI models. Data processed by Legora is used solely to deliver the requested functionality to the customer. We apply strict data minimisation principles.
Legora's infrastructure is hosted on enterprise-grade cloud providers with physical security controls, redundancy, and disaster recovery. We conduct regular penetration testing and vulnerability assessments by independent third-party security firms.
We maintain a documented incident response plan with defined roles and escalation paths. In the event of a security incident affecting customer data, we commit to notifying affected customers promptly and in accordance with applicable legal requirements, including GDPR 72-hour notification.
All third-party vendors who may have access to customer data are subject to rigorous security assessments before engagement and ongoing monitoring. We maintain a register of all subprocessors available to customers on request.
If you believe you have found a security vulnerability in Legora's systems, please report it to security@legorai.com. We are committed to working with security researchers to address valid vulnerabilities promptly and responsibly.
For security-related questions, please contact our security team at security@legorai.com.