Trust Center

Enterprise Trust, Security, and Compliance Transparency

Everything you need to evaluate Legalithm: security practices, compliance attestations, availability, and AI governance transparency.

SOC 2 Type II audited

ISO 27001 certified

At-a-glance

• EU data residency + redundancy in Frankfurt & Dublin
• 99.95% uptime SLA backed by global CDN
• Independent audits performed annually

Contact

• Security: security@legalithm.com
• Privacy & DPO: dpo@legalithm.com
• Bug bounty: HackerOne program

Security

Encryption, network architecture, incident response, and penetration testing cadence.

View details →

Compliance

SOC 2 Type II, ISO 27001, GDPR, EU AI Act, and CCPA documentation.

View details →

Availability

Service status, disaster recovery, uptime guarantees, and infrastructure locations.

View details →

AI Transparency

Model governance, EU AI Act risk classifications, human oversight, and evaluation.

View details →

Privacy & DSAR

Data processing, retention, DSAR workflow, and data subject rights commitments.

View details →

Legal & Policies

Master Agreements, DPA, cookie policy, accessibility, and regulatory disclosures.

View details →

Security Controls

Legalithm is architected with defense in depth across infrastructure, access management, monitoring, and secure SDLC to safeguard customer data.

Encryption Everywhere

TLS 1.3 in transit, AES-256 at rest
Key rotation via AWS KMS
Field-level encryption for PII

Network Architecture

Isolated VPC with private subnets
Zero-trust access and MFA enforced
WAF and DDoS protection through AWS Shield

Security Operations

24/7 monitoring with PagerDuty on-call
Quarterly penetration tests by CREST-certified partner
Annual incident response tabletop exercises

Bug Bounty & Responsible Disclosure

Public program on HackerOne
Response SLA < 24 hours for high severity
security@legalithm.com for disclosures

Compliance & Certifications

Download validation reports, attestations, and regulatory documentation to streamline your vendor evaluation process.

SOC 2 Type II

Jan 2025

Independent audit covering Security, Availability, and Confidentiality.

View documentation →

ISO/IEC 27001:2022

Sep 2024

Certified information security management system.

View documentation →

GDPR Art. 28 DPA

Updated Jan 2025

Data Processing Agreement aligned with SCCs and ISO-27701 controls.

View documentation →

EU AI Act Readiness

Updated Feb 2025

Risk classification methodology and conformity assessment toolkit.

View documentation →

AI Transparency & EU AI Act Compliance

Legalithm documents AI system lifecycle governance to meet EU AI Act obligations for risk management, logging, transparency, and human oversight.

Model Inventory & Risk Classification

AI
High-risk systems: automated DPIA scoring, AI control mapping.
AI
Limited risk systems: conversational compliance coach.
AI
Minimal risk systems: anonymized benchmarking insights.

Read full AI transparency report →

Human Oversight & Evaluation

AI
Every AI output requires human review prior to enforcement.
AI
Regular bias and drift assessments with documented evidence.
AI
Incident response playbooks aligned to EU AI Act Articles 65-67.

Read full AI transparency report →

Transparency & Documentation

AI
Model cards published quarterly with training data lineage.
AI
Independent TIRM (Technical Impact Risk Model) evaluations.
AI
AI usage disclosures embedded across the product experience.

Read full AI transparency report →