Last Updated: May 2026
At Legal Hub, absolute data sovereignty is not a feature; it is the core premise of our architecture. We employ military-grade encryption (AES-256 at rest, TLS 1.3 in transit) for all firm and client data. We do not aggregate, sell, or analyze your proprietary matter data for any external purpose. Your firm's data remains under your absolute cryptographic control.
Our platform is fully compliant with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and stringent global legal sector compliance mandates including SOC 2 Type II and ISO 27001. Firms can choose their data residency regions (e.g., EU, US, UK, Middle East) to satisfy local bar association requirements.
We only collect the operational metadata strictly necessary to provision your tenant node, process payments, and authenticate your users. All client documents, financial ledgers, and case strategies uploaded into your instance are logically isolated.
Zero third-party access is granted to your tenant database without your explicit authorization. Integrations (e.g., Office365, internal accounting suites) operate via highly scoped, revokable OAuth tokens governed entirely by your Firm Admin.
For complete legal documentation, Data Processing Agreements (DPAs), or specific audit reports, please contact our Legal Engineering team.
compliance@legalhub.com →