Security

Built for the discretion a law firm requires.

A management-layer product holds a privileged view of your firm. We treat that responsibility with the seriousness it deserves.

Encryption

/01

Everything encrypted — in transit and at rest.

TLS 1.3 on every connection. AES-256 encryption at rest for application data and backups. Key management on hardware-backed KMS with strict role separation.

Access control

/02

Least privilege, by default.

Role-based access for partners, department heads and fee earners. Single sign-on (SAML / OIDC) available on request. Optional IP allow-listing for partner accounts.

Hosting

/03

UK-hosted. UK-residency.

Hosted on ISO 27001-certified infrastructure in the United Kingdom. Your firm's data does not leave the UK without your explicit written instruction.

Audit

/04

Every action, recorded.

Append-only audit trail of every read and write. Exportable on demand. Designed to satisfy SRA supervision and internal compliance reviews.

Backups

/05

Continuous, tested, restorable.

Point-in-time recovery up to 30 days. Quarterly restore drills. Encrypted off-site backups retained per your data retention policy.

Incident response

/06

Defined, rehearsed, transparent.

24-hour notification commitment for any confirmed incident affecting your firm's data, with a written root-cause analysis within 10 working days.

Compliance posture

Aligned with the standards your regulator expects.

UK GDPR

Full compliance, UK data residency

ISO 27001

Hosted on certified infrastructure

SOC 2 Type II

Under preparation, 2026

Cyber Essentials Plus

Held by One Rule Ltd

SRA principles

Designed around solicitor obligations

Penetration testing

Annually, by an independent firm

A full security pack — including our DPA, sub-processor list and latest penetration test summary — is available to evaluating firms under NDA.

Request the security pack