Security is not a deployment flag or a checkbox exercise. It is architecture, certifications, defence in depth, and responsible disclosure discipline. Everything below is audited. Everything below is live.
International and Indian security, privacy and AI governance frameworks. Annual audit where applicable, continuous posture management always.
Information security management. Certified across operations. Annual surveillance audits.
Privacy information management. In audit for Q3 2026 certification.
Trust services criteria audit. Window active, report expected Q3 2026.
Full alignment with India Digital Personal Data Protection Act 2023 and rules thereunder.
General Data Protection Regulation. EU representative appointed. Adequacy maintained.
Audited by CERT-In empaneled security auditors. Incident reporting protocols in place.
AI Risk Management Framework. Internal compliance posture mapped across Govern, Map, Measure, Manage.
Candidate status for Mode D, DGX Spark cryptographic module certification.
Every input and every output passes through all four layers. Failure of any layer opens a ticket, not a breach.
Five commitments that govern how customer content moves through Lexlegis.ai. These are contractual, not aspirational.
Your uploaded documents, queries and outputs never enter training corpora for shared models. Fine tuning on your data, if offered, happens only under a signed DPA and only inside your deployment boundary.
Mode A data is in India. Mode B is on L&T Vyoma sovereign cloud. Mode C is in your chosen region. Modes D and E are on your premises. Residency is architecture, not a flag.
We retain customer content only as long as required to service the account. Retention windows are configurable to zero on Enterprise and on Modes D, E.
All customer data is exportable at any time in standard formats. On termination, data is returned or destroyed at customer election, with attestation.
We operate a coordinated disclosure programme for security researchers. Acknowledgement within 24 hours, triage within 72, fix or mitigation within defined SLAs by severity.
Include steps to reproduce, affected component, and your preferred credit (if any). PGP key available on request. We do not pursue researchers acting in good faith.
We acknowledge within 24 hours, triage within 72, and close or mitigate per severity SLAs. Credit is public in our security advisories where researchers permit.
Start a free trial of Ask, Interact and Draft, no credit card required. MIRA early access is open now, request a slot and a specialist will reach out within one working day.