Skip to main content
LawFuzeICO registered
For SolicitorsMethodologyTrustPricing
Sign inRequest access→

Trust Center

What we hold, what we're earning, what we don't claim

The live state of every regulatory, security and contractual control LawFuze relies on — what's in place today, what's in flight, and what isn't ours to claim yet. Nothing on this page is a claim we couldn't substantiate to a regulator or an insurer this afternoon.

Last updated: 17 May 2026·Next review: 17 August 2026

Company & registrations

ItemStatusReference
Companies HouseRegistered, England & Wales16800372
Registered officeLive4 Enriqueta Rylands Close, Stretford, Manchester, M32 0NW
ICO controller registrationLiveRegistered 14 May 2026 (reference ZC147676) — expires 13 May 2027, listed on the ICO public register
VAT registrationIn progress (HMRC)Number added on receipt
Director ID verification (ECCTA 2023)In progressAwaiting Companies House WebFiling auth code

ICO registration number: ZC147676— registered 14 May 2026, expires 13 May 2027. Data Protection Officer: dpo@lawfuze.com.

Data residency & hosting

  • Primary cloud: Microsoft Azure UK South (London). AWS is not used.
  • Secrets management: Azure Key Vault, environment-scoped service principals.
  • Backups: daily encrypted Postgres backups to Azure Blob with 30-day retention; quarterly restore tests.
  • AI inference: Anthropic EU (Frankfurt) endpoint requested; Azure OpenAI UK South. No US sub-processors for judgment content or personal data once both endpoints are confirmed.

Certifications & controls

ControlStatusEvidence
UK GDPR alignmentLivePublished Privacy Policy, ROPA, LIAs
DPIA (Art 35 UK GDPR)LiveRisk matrix + mitigations, signed by DPO
ROPA (Art 30 UK GDPR)LiveOne row per processing activity, lawful basis recorded
Append-only audit logLiveDB-level triggers block UPDATE/DELETE; 6-year retention
Cyber Essentials PlusIn progressIASME assessor booking by Phase 2
Computational Analysis Licence (case law)In progressSubmitted to The National Archives; ~2–12 weeks
PII / Cyber / D&O insuranceIn progressBroker enquiry with Hiscox / Markel / Beazley
CREST pen testPlanned (Phase 2)Booked for July 2026
WCAG 2.2 AA conformancePlanned (Phase 2)Audit + remediation before public launch
ISO 27001On roadmapTargeted post-launch
SOC 2 Type IIOn roadmapTargeted post-launch

Security contacts

  • Data Protection Officer: dpo@lawfuze.com
  • Security disclosures: security@lawfuze.com
  • UK GDPR data subject requests: legal@lawfuze.com
  • Breach reporting (24/7): security@lawfuze.com — we acknowledge within 4 hours, ICO notification within 72 hours where required.

Honest disclaimers

Certifications listed as in progress or on roadmap are not current attestations. We publish certificate references only once an accredited body has issued them. Beta tier customers should treat the platform as an active test environment until 1 September 2026.

UK regulatory and case-law context

LawFuze's posture is shaped by three live UK regulatory signals that every solicitor evaluating an AI tool should be aware of:

  • Data (Use and Access) Act 2025, Section 80— replaced the previous UK GDPR Article 22 framework on 1 January 2026, inserting Articles 22A–D. The live statutory phrase is "meaningful human involvement in significant decisions". LawFuze's supervisor-review queue is the implementation pathway for solicitors relying on AI outputs in client work. (legislation.gov.uk)
  • Garfield AI — SRA authorisation, May 2025 — the SRA authorised the first wholly-AI legal services firm after an eight-month review focused on hallucination mitigation and human oversight. LawFuze tracks the same standards (refusal-first prompts, audit-logged supervisor sign-off, no unsupervised client communication). (sra.org.uk)
  • Ayinde v Haringey London Borough Council [2025] EWHC 1383 (Admin) — the High Court made a wasted-costs order against legal representatives who relied on fabricated AI-generated case citations, with referrals to the SRA and the BSB. Cited here so firms understand the disciplinary reality of unverified AI output. LawFuze's citation-verification + refusal architecture is designed precisely so a supervising solicitor never finds themselves on the wrong side of an Ayinde-style order.

Bar Council guidance on generative AI for the bar was updated in November 2025 and is consistent with the SRA position.

Related

  • Privacy Policy
  • Sub-processors
  • Compliance
  • Methodology
  • DPO disclosure
LawFuze

An AI co-worker for UK solicitors — research and drafting support, supervised by the solicitor on the file. Hosted in Microsoft Azure UK South.

Product

  • Chat AI
  • Document Intelligence
  • Matter Management
  • Time & Billing
  • Compliance & Audit
  • Security
  • Legal Research (Phase 2)
  • Judge Intelligence (Phase 2)
  • War Room (Phase 2)
  • Methodology

Company

  • About
  • For Solicitors
  • Request beta access
  • Contact

Trust & Legal

  • Trust Center
  • Privacy Policy
  • Sub-processors
  • Terms of Service
  • Acceptable Use
  • DPA Template
  • Beta Agreement
  • Complaints
  • Cookies
  • Accessibility
  • DPO
  • Disclaimers
AI Disclaimer

LawFuze provides AI tools that support qualified legal professionals with research and drafting. AI outputs are not legal advice. Every AI output carries a confidence indicator and source citations, and must be reviewed by a qualified solicitor before reliance. The supervising solicitor — not the AI — remains responsible to the client under the SRA Code of Conduct.

Regulatory Notice

LawFuze is a technology platform and is not a law firm. We do not provide legal advice or legal services. Solicitors using LawFuze remain individually responsible for compliance with the SRA Standards and Regulations and the SRA Code of Conduct. Use of AI tools does not diminish a solicitor's duty to their clients or professional obligations.

Data Protection

LawFuze processes personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Customer data is stored in the UK on Microsoft Azure (UK South region). AI inference uses named sub-processors in the EU and US; where data flows outside the UK/EEA we rely on ICO International Data Transfer Agreements (IDTAs) supported by published Transfer Risk Assessments — treat IDTA execution as an in-progress control until each is signed and filed. The current sub-processor list and IDTA status of each is published on our sub-processor register. For data subject rights including access, rectification, erasure, and portability, contact legal@lawfuze.com.

Security & Compliance Roadmap
ICO controller registration· LiveUK GDPR aligned· LiveDPIA + ROPA published· Livelegislation.gov.uk + TNA Find Case Law (OGL v3.0, read use)· LiveCyber Essentials Plus· In progressComputational Analysis Licence (case law AI/search index use)· In progressPII / Cyber / D&O insurance· In progressISO 27001· On roadmapSOC 2 Type II· On roadmap

Certifications in progress or on the roadmap are not current attestations. We publish certificate references only once an accredited body has issued them.

© 2026 LawFuze Ltd. All rights reserved.

Registered in England & Wales • Company No. 16800372 • Registered Office: 4 Enriqueta Rylands Close, Stretford, Manchester, M32 0NW

Founded by Sake Nagarjuna Naidu — built in Manchester for UK solicitors.

ICO controller registration ZC147676 (14 May 2026 — 13 May 2027) — listed on the Trust Center. VAT registration in progress; reference will be added on receipt.

Data Protection Officer: dpo@lawfuze.com · Security: security@lawfuze.com · Complaints: /complaints