Skip to main content

LEGAL

Security

Effective2026-05-05Versionv1.0JurisdictionMulti-jurisdiction

1. Approach

Lawnise treats security as a continuously documented posture, not a one-time certification. Every material control is documented in the methodology document, reviewed on a fixed cadence, and revised against operational reality. Material revisions are versioned, dated, and attributed.

The Trust Center publishes the documented posture for procurement review. The detail below summarises the principles; the methodology document carries the operational specifics.

2. Data at rest

Customer data, workspace configuration, and captured AI engine responses are stored in managed databases and object storage operated by our cloud subprocessors. Encryption at rest is provided by the underlying managed services and documented in the methodology.

  • Customer data and workspace configuration in managed databases
  • Captured AI engine responses in object storage with retention applied per workspace mode
  • Encryption-at-rest provided by the underlying managed services

3. Data in transit

All traffic to the platform and to our published APIs is delivered over encrypted transport. Internal service-to-service traffic between platform components is encrypted in transit as documented in the methodology.

4. Access control

Access to production systems is limited to a narrow set of operational roles, gated by directory-based authentication and reviewed on a fixed cadence. Privileged operations are audit-logged. Customer-facing platform access is gated by the workspace's authentication configuration.

  • Production access limited to a narrow operational role set
  • Directory-based authentication for operational access
  • Privileged operations audit-logged
  • Customer-facing access gated by workspace authentication configuration

5. Incident response

Security incidents that affect customer data are handled under a documented response plan that includes triage, containment, customer notification, and post-incident review. The plan, the notification thresholds, and the review cadence are documented in the methodology.

Customers under written order forms receive incident notice in the manner described in the order form. For other customers, notice is sent to the workspace owner's registered email address.

6. Documented posture

What is collected, where it is processed, how long it is retained, who reviews it, and how incidents are handled — these are published in the Trust Center and revised on the same cadence as the methodology document.

7. Contact

For security questions or to report a suspected vulnerability, contact security@lawnise.com. We aim to acknowledge reports within two working days.

DOCUMENT HISTORY

Changelog

1 version · last updated 2026-05-05
v1.02026-05-05Initial publication.

RELATED LEGAL DOCUMENTS

Terms of ServicePrivacy PolicySubprocessorsCookie PolicyAcceptable Use Policy

Start with what fits.

Talk to our team about Public AI governance for your sector — sign up free to see what AI says about your brand, or book a briefing for a working session.

Sign Up Free

100 visibility checks per month. No credit card.

Book Briefing

For procurement and Enterprise scope.