SECURITY & PRIVACY
Every architecture decision in LexAudit was made with attorney-client privilege and professional responsibility in mind. Here is exactly how your data is handled.
LexAudit never stores the actual text of your documents or AI outputs. Only metadata is logged: which tool was used, a summary of the prompt, what human edits were made, and who reviewed it. Your documents stay on your systems. Attorney-client privilege is preserved by architecture, not by policy.
Every firm's data is isolated at the database layer using Supabase Row-Level Security (RLS). Firm A cannot access Firm B's data under any circumstance — not even with a valid login token. This is enforced at the Postgres level, not the application layer.
Every compliance certificate is hashed using SHA-256 at the moment of generation. The hash is stored alongside the certificate. Any modification to the certificate after generation will produce a different hash — making tampering immediately detectable.
LexAudit runs on Vercel (frontend) and Supabase (database/auth). Both are SOC 2 Type II certified. Data is encrypted at rest (AES-256) and in transit (TLS 1.3). Supabase is GDPR-compliant and provides EU data residency options on request.
LexAudit is a web application — no browser extension, no DMS integration, no API connection to Harvey, Legora, or any other AI tool. You log entries manually. This means no data flows between LexAudit and any third-party AI system. Nothing for your IT department to review.
You own your data. Export all matters, logs, and certificates at any time in JSON or CSV format. Request complete account deletion and all associated data is purged within 30 days. We do not sell, license, or share your data with any third party.
QUESTIONS ABOUT SECURITY?
We're happy to discuss our architecture with your IT team or security counsel.
ai.leadx10@gmail.com