Security & privacy

Built like a vault. Audited like a process.

Family-law evidence is the most sensitive kind of personal data. We treat it accordingly: UK-hosted, encrypted end to end, isolated per case, and provably deletable.

The five guarantees

1. UK data residency

All evidence storage and processing happens on UK-based infrastructure (London region). No data transit outside the UK except as required for the customer's own export download.

2. Encryption everywhere

TLS 1.3 in transit. AES-256-GCM at rest. Per-case data encryption keys derived from a customer-scoped master key. Keys rotated quarterly.

3. Per-case isolation

Each case lives in its own logical silo. Cross-case data sharing requires an explicit, audited link. Our internal staff cannot read case data without an audit-logged elevation.

4. Deletion with receipt

One-click case deletion. We return a signed deletion tombstone (with timestamp, case ID hash, and bytes deleted) you can attach to a witness statement if needed. Deletion propagates to backups within 7 days.

5. Audit log per case

Every upload, transformation, export and access logged. You can request the audit log for any case at any time. We use it to debug; you use it to verify chain of custody.

6. Quote-grounded outputs

Every AI conclusion is footnoted to the source line, message or transcript span it was derived from. We don't ask you to trust a black box; we show you the evidence behind every claim.

Compliance posture

GDPR & UK GDPR

We are a data processor for our customers (and a data controller for our own account/billing data). Standard processor terms available as a Data Processing Agreement (DPA) on request. We do not use customer evidence to train models, full stop.

Legal professional privilege

Where LegallyHeard is engaged by a solicitor for the purposes of a specific matter, we operate as part of the solicitor's evidence-handling workflow and observe the same privilege constraints. Where engaged direct by an individual, we are not subject to LPP, though our staff are bound by NDAs.

What we do NOT do

We don't sell anonymised data. We don't run analytics on the content of customer evidence. We don't use customer chat for model training, ever. We don't share data with third parties except infrastructure providers (UK-hosted) under sub-processor agreements.

Sub-processors

A current list of sub-processors (cloud hosting, transcription provider, payment processor, support tooling) is maintained at /cookies (placeholder while in pre-launch) and is available on request. Any change triggers a 30-day notice period.

Threat model: what we worry about

"What if a court orders you to hand over my case data?"

We will respond to lawful UK court orders. We will notify you immediately unless the order itself prevents notification. Our argument in any such request will always be to push for the narrowest possible disclosure scope.

"What if your servers are seized?"

Per-case encryption keys are not stored on the same machines as the data. Seizure of storage without a corresponding key-server seizure yields encrypted blobs.

"What if a LegallyHeard employee tries to read my case?"

All access is audit-logged. Reading a case without an explicit support ticket reference triggers an alarm to the security officer. Any unauthorised read is a dismissable offence and would be reported to the ICO.

"What if my ex-partner is also a customer?"

Per-case isolation. The fact that two customer accounts exist on the platform is not visible to either of them. Case data cannot leak between accounts.

"What about model providers, do they see my data?"

Where a third-party model is used (e.g. for transcription), we use enterprise endpoints that contractually prohibit data retention and training use. We will publish a list of model providers and their data-use commitments before general release.

"What if I want to delete and you've already used my data for an export?"

Deletion removes the source data. Exports you've already downloaded remain yours; our copy is removed within 7 days (including backups). You can re-export at any point during your subscription.

Want the DPA, sub-processor list, or pen-test summary?

We'll send the latest versions on request. Firms can also request a 30-minute call with the security officer to walk through the model before signing.