LawFuzeICO registered
For SolicitorsMethodologyTrustPricing
Sign inRequest access→
Enterprise Security

Controls the COLP
can sign off

Microsoft Azure UK South for primary storage, AES-256 at rest via Azure Key Vault, TLS 1.3 in transit, role-based access under UK GDPR Art 28/32, and an append-only matter-level audit trail. The full posture — live controls and roadmap items — is set out below without spin.

Request beta access ▶ Watch Demo
UK GDPR aligned
IDTA-backed sub-processors
Human review
AES-256 at rest
TLS 1.3 in transit
RBAC
Audit log
SRA-aligned
Security Capabilities

The controls, named

AES-256 at rest, TLS 1.3 in transit

Customer data is encrypted at rest with AES-256 via Azure Key Vault and in transit with TLS 1.3. Encryption is performed by Microsoft Azure managed services under their published attestations.

Primary storage in Microsoft Azure UK South

Databases, document storage and backups sit in Microsoft Azure UK South. AI processing today uses named sub-processors in the EU and US; where a jurisdiction is outside the UK/EEA we are actively executing ICO International Data Transfer Agreements (IDTAs) and publishing the signed Transfer Risk Assessments in our compliance pack. Until those IDTAs are complete, firms holding personal or client-privileged data should treat this as an in-progress control — the current status of each sub-processor is listed in the privacy notice below and refreshed weekly.

Role-based access control

Three fully-shipped firm-facing access tiers (Admin, Solicitor, Staff). Client portal and Guest tier scaffolded today with the full client UI landing at public launch (1 Sep 2026). Four SRA compliance designations (COLP, COFA, Barrister, CILEX Legal Executive) on top — each wired into the permissions JWT and gated behind mandatory MFA. Per-matter confidentiality walls enforced at the database layer.

Immutable audit trails

Every access, edit, AI generation, and supervising-solicitor approval is logged with a timestamp, actor and reason. Audit records are retained to the SRA's six-year minimum.

Human-review path on every AI output

Under the Data (Use and Access) Act 2025, every AI-assisted output can be escalated to a human solicitor with a single click. Reviews are SLA-tracked and surfaced in the audit log.

Penetration testing (roadmap)

A CREST-registered penetration test is scheduled before the first paid customer goes live. Remediation items and retest results will be published in the security changelog.

Compliance Roadmap

Where we are, honestly

This grid shows every compliance programme we care about and its current status. Items marked In progress or Planned are not current certifications — we publish certificate references only once an accredited body has issued them.

UK GDPR aligned

Live

Processing personal data in accordance with UK GDPR and the Data Protection Act 2018: lawfulness, data minimisation, purpose limitation, right to erasure, and data subject rights.

ICO data-protection fee

In progress

Registration of LawFuze AI Systems Ltd with the Information Commissioner's Office is in progress. The registration reference will be published here and in the footer once issued.

Cyber Essentials Plus

In progress

Cyber Essentials Plus v3.3 application is in progress. This certification requires hands-on technical verification including mandatory MFA, patch management and asset discipline.

ISO 27001

Planned (2026)

Information security management system implementation is on the 2026 roadmap. No ISO 27001 certificate is in force today — any future certificate reference will be published on this page.

SOC 2 Type II

Planned

SOC 2 Type II is on our compliance roadmap. Planned reports are tracked internally; no attestation exists at present and nothing on this page should be read as an existing SOC 2 claim.

AES-256
Encryption at rest
TLS 1.3
Transport layer
Azure UK South
Primary region
3 + 4
Live tiers + SRA designations

Brief your COLP, then join the beta

Five-firm closed beta · free until 1 September 2026. Client data stays in Azure UK South under UK GDPR with a matter-level audit trail.

Request beta access

See It In Action

How Enterprise Security works

Walk through the key workflows — from your dashboard, in real time.

01

Configure role-based access

Set permissions across fee-earner, supervisor, COLP, staff and client roles with per-matter confidentiality walls.

02

Enable MFA

Protect accounts with TOTP authenticator apps or SMS. Backup codes included; MFA is mandatory for COLP and supervisor roles.

03

Audit-log every action

Append-only matter-level audit log retains every prompt, response, edit and approval for the SRA's six-year minimum.

Request beta accessBook a Live Demo
LawFuze

An AI co-worker for UK solicitors — research and drafting support, supervised by the solicitor on the file. Hosted in Microsoft Azure UK South.

Product

  • Chat AI
  • Document Intelligence
  • Matter Management
  • Time & Billing
  • Compliance & Audit
  • Security
  • Legal Research (Phase 2)
  • Judge Intelligence (Phase 2)
  • War Room (Phase 2)
  • Methodology

Company

  • About
  • For Solicitors
  • Request beta access
  • Contact

Trust & Legal

  • Trust Center
  • Privacy Policy
  • Sub-processors
  • Terms of Service
  • Acceptable Use
  • DPA Template
  • Beta Agreement
  • Complaints
  • Cookies
  • Accessibility
  • DPO
  • Disclaimers
AI Disclaimer

LawFuze provides AI tools that support qualified legal professionals with research and drafting. AI outputs are not legal advice. Every AI output carries a confidence indicator and source citations, and must be reviewed by a qualified solicitor before reliance. The supervising solicitor — not the AI — remains responsible to the client under the SRA Code of Conduct.

Regulatory Notice

LawFuze is a technology platform and is not a law firm. We do not provide legal advice or legal services. Solicitors using LawFuze remain individually responsible for compliance with the SRA Standards and Regulations and the SRA Code of Conduct. Use of AI tools does not diminish a solicitor's duty to their clients or professional obligations.

Data Protection

LawFuze processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Customer data is stored in the UK on Microsoft Azure (UK South region). AI inference uses named sub-processors in the EU and US; where data flows outside the UK/EEA we rely on ICO International Data Transfer Agreements (IDTAs) supported by published Transfer Risk Assessments — treat IDTA execution as an in-progress control until each is signed and filed. The current sub-processor list and IDTA status of each is published on our sub-processor register. For data subject rights including access, rectification, erasure, and portability, contact legal@lawfuze.com.

Security & Compliance Roadmap
ICO controller registration· LiveUK GDPR aligned· LiveDPIA + ROPA published· Livelegislation.gov.uk + TNA Find Case Law (OGL v3.0, read use)· LiveCyber Essentials Plus· In progressComputational Analysis Licence (case law AI/vector use)· In progressPII / Cyber / D&O insurance· In progressISO 27001· On roadmapSOC 2 Type II· On roadmap

Certifications in progress or on the roadmap are not current attestations. We publish certificate references only once an accredited body has issued them.

© 2026 LawFuze Ltd. All rights reserved.

Registered in England & Wales • Company No. 16800372 • Registered Office: 4 Enriqueta Rylands Close, Stretford, Manchester, M32 0NW

Founded by Sake Nagarjuna Naidu — built in Manchester for UK solicitors.

ICO controller registration ZC147676 (14 May 2026 — 13 May 2027) — listed on the Trust Center. VAT registration in progress; reference will be added on receipt.

Data Protection Officer: dpo@lawfuze.com · Security: security@lawfuze.com · Complaints: /complaints