Security & Compliance

How LexaRED protects your firm's data

اقرأ بالعربية →

Legal data is among the most sensitive information in the world. LexaRED is built from the ground up with security as a core architectural principle — not a feature added after the fact. Here is exactly how your firm's data is protected.

Data Isolation
Every firm operates in a completely isolated database environment. No cross-tenant data access is architecturally possible. Your cases, clients, and documents are never accessible to other firms on the platform.
Encryption
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Passwords are hashed using bcrypt with per-user salts. API access requires signed JWT tokens with short expiry windows.
Daily Backups
Automated encrypted backups run every 24 hours and are stored at a separate physical location. You never need to manage backups manually. In the event of hardware failure, your data remains fully intact and recoverable.
Immutable Audit Log
Every create, update, and delete action across the platform is recorded in a tamper-evident audit log with timestamp, user identity, and affected record. Audit entries marked as tamper-evident cannot be deleted by any user including administrators.
99.9% Uptime
LexaRED guarantees 99.9% availability, 24 hours a day, 7 days a week, through redundant infrastructure and servers. Planned maintenance windows are notified in advance. Your firm's operations are never unexpectedly interrupted.
Role-Based Access
Every user operates under a defined role — Admin, Lawyer, Staff, or View-Only. Access to cases, financials, HR records, and system settings is governed by role permissions. Administrators control who sees what across the entire platform.
Full Data Export
You own your data entirely. All cases, clients, documents, financial records, and HR data can be exported at any time in standard formats. You are never locked in. Export is available on demand with no restrictions.
AI Data Privacy
LexaRED does not use any client data, case data, or firm data to train AI models. AI features call external model APIs with data processed in transit only. No firm data is retained by AI providers beyond the scope of the individual request.

Frequently Asked Security Questions

QWhere is client data hosted?
All LexaRED client data is hosted on enterprise-grade cloud infrastructure with geographic redundancy. Each firm's data is stored in an isolated database environment — no shared storage with other firms.
QDoes LexaRED support Arabic workflows natively?
Yes. Arabic is built into the platform at the architecture level — not a translation layer. The full interface, AI responses, document generation, invoices, and WhatsApp notifications all operate natively in Arabic with proper RTL layout and formal Modern Standard Arabic.
QIs client data used to train AI models?
No. LexaRED does not use any client, case, or firm data to train AI models. AI calls are stateless — data is processed in transit and not retained by AI model providers.
QCan I export all my data?
Yes. Full data export is available at any time with no restrictions. All cases, clients, documents, invoices, payroll records, and audit logs can be exported in standard formats.
QWhat happens to my data when the contract ends?
Your data remains accessible for 90 days after termination so you can export everything. After 90 days, all data including backups is permanently and irrevocably deleted from LexaRED servers. You can also request immediate deletion at any time by contacting support@lexared.legal.
QIs the audit log immutable?
Yes. Audit log entries flagged as tamper-evident cannot be deleted or modified by any user, including system administrators. Every action is recorded with timestamp, user identity, entity type, and entity ID.
QWhat AI model providers does LexaRED use?
LexaRED uses Google Gemini for AI legal Q&A and document generation. Model calls are made via the official API with no persistent storage of firm data on Google's side beyond the scope of the individual request.
QWhat is the disaster recovery policy?
LexaRED performs daily encrypted backups to a geographically separate location. In the event of infrastructure failure, recovery procedures are initiated immediately. Planned interruptions are notified in advance. Unplanned interruptions are addressed with the goal of restoring service within hours.
QDoes LexaRED support SSO or enterprise authentication?
LexaRED uses JWT-based authentication with secure session management. Enterprise SSO integration is available on the Counsel plan. Contact our team at info@lexared.legal to discuss your authentication requirements.
QCan workflows be customized without coding?
Yes. Case stages, document categories, task priorities, duty types, incentive structures, and WhatsApp notification events are all configurable through the admin interface without any coding or technical knowledge.

Have a specific security question?

Our team responds to all security and compliance enquiries within one business day.

Contact Our Team →