Skip to content
EdgeLex

Security, privacy & AI governance

Built so your firm keeps control.

EdgeLex is the authority layer. Your firm owns identity, permissions, data, and the audit trail. The AI works under your policy — never around it.

Data sovereignty

  • Deploy in EdgeLex's cloud, your private cloud, or fully self-hosted — your choice.
  • Wherever it runs, your data stays under your firm's governance; self-host to keep it entirely in your own infrastructure.
  • No mandatory third-party access to case data.
  • Per-firm isolation: each firm is a separate identity realm, with queries scoped per firm at the data layer — no cross-tenant bleed.

AI governance

  • Three-layer model policy (platform → firm → user) with default-deny: no model runs unless explicitly allowed.
  • Local or frontier models — the firm chooses; bring-your-own-key with encrypted credential storage.
  • Mutation safety: a routing layer blocks underpowered models from destructive actions (send, delete, file, approve).
  • Evidence grounding: answers must be grounded in your data and cite sources; ungrounded answers are blocked.
  • Approval gates on high-impact actions.
  • Full cost & token attribution by firm, user, model, and matter — no opaque AI spend.

Access & identity

  • Standard identity provider (OpenID Connect) with per-firm realms.
  • Role-based access control; configurable session limits and timeouts.
  • Optional IP binding; MFA gating for sensitive actions like signing.

Encryption & credentials

  • Sensitive credentials encrypted with AES-256-GCM (authenticated encryption), with per-credential IVs.
  • Firms can hold their own keys (BYOK).

Audit & accountability

  • Comprehensive activity, security-event, and AI-decision logging in a dedicated log store.
  • Before / after state on writes; correlation IDs throughout.
  • Signature evidence chains and document freeze-on-signature.

Compliance posture

EdgeLex provides the controls firms need to support their SOC 2, GDPR, and ABA-aligned obligations: data residency, encryption, granular access control, comprehensive audit logging, and legal-hold and retention features. Self-hosting means your data-handling stays under your governance.

EdgeLex provides controls designed to support these frameworks; it does not itself hold these certifications.

EdgeLex vs. black-box cloud legal AI

An honest, dimension-by-dimension comparison.

Compared against the category of cloud legal AI on dimensions you can verify — not a characterization of any one product. Where a specific vendor offers a private deployment, that's to their credit.

DimensionEdgeLexTypical cloud legal AI
Self-hosting option YesVaries
Data locality (firm-controlled) YesVaries
Model choice (local + frontier) YesVaries
Per-firm isolation YesVaries
AI governance policy (default-deny) YesVaries
Audit & cost attribution YesVaries
Evidence-grounded answers YesVaries

Bring your security questionnaire.

We'll walk your team through the architecture, the audit model, and self-hosting.