Your security is our priority
LawY keeps your client data safe with world-class security and data privacy measures.
Privacy & Confidentiality by Design
LawY is built on a foundation of privacy and confidentiality because in legal work, trust isn't optional. Every interaction on LawY is protected by design. Your client information stays confidential, your work stays yours, and your firm's data stays ring-fenced no matter how you use the platform.
Safeguarding your data is fundamental to what we do. Our privacy-by-design approach means we're committed to continually improving the security of the platform, so you can focus on what matters most: serving your clients with confidence.
Data encryption
All data is encrypted in transit using TLS 1.2 or higher, and at rest using AES-256, keeping your client information secure at every step.
Quality monitoring
Our operations team monitors verified answers for quality without compromising confidentiality.
No training on your data
LawY does not use your conversations or documents to train AI models. Your inputs stay yours.
PII protection
Our system is designed to identify and automatically remove personally identifiable information before it is processed with multiple safeguards in place.
Confidential submissions
When using verification, Verifiers never see who submitted the question or which firm it came from. Your anonymity is protected by design.
Data segregation
Your data is logically and physically separated from other users. Only you and your colleagues can access your firm's work.
FAQs
Find answers to common questions about LawY’s access, verification, privacy, and features.
It's common for staff in the same firm to have separate Cloud Storage Provider (CSP) accounts. In most cases though, there's still a shared root folder structure controlled by IT or a managing partner and if your team shares an email domain, that structure almost certainly exists. There are two ways to get everyone set up in LawY.
Option 1: Quick and simple
The first user to sign up invites all other staff members to LawY. Each staff member then shares their relevant matter folders with that first user via their CSP. That first user can then connect those folders to LawY either manually or automatically.
Option 2: Cleaner for larger teams
A user invites an admin or IT account that has access to the firm's root files. That admin then either selects which existing matter folders to add to LawY, or all staff share their relevant matter folders directly with the admin account. As new matters are added, staff share them with the admin account and LawY automatically detects and ingests them.
LawY provides two main ways to use the platform:
- Research: conducting legal research using external legal databases and resources.
- Internal matter analysis: analysing files stored within your connected external storage (from cloud storage providers).
Internal Matter Analysis & storage access
Once you connect your external storage to LawY, access to your file content is rare, limited to a small number of authorised personnel, and governed by strict policy and technical controls
When may staff access file content?
Very limited staff may need to access file content only in specific circumstances:
- When legally required.
- When necessary to ensure systems and features work as designed (such as debugging, search relevance, or feature development).
- To enforce our Terms of Service and Acceptable Use policies.
What controls are in place?
Multiple controls prevent arbitrary access, including:
- Restricted production access.
- Recorded approvals and justifications for certain types of access.
- Limiting file storage environments to a small number of engineers responsible for core services.
These access policies are similar to those employed by major cloud storage providers and represent industry-standard practices.
For more detailed information about our infrastructure provider's security practices, visit the Corto Trust Centre:
Research Features
For information about how LawY handles data in Research, visit our Trust Centre:
What data do we access from your connected storage?
When you connect external storage to LawY, we do not access client details for legal research purposes. We only access matter names and practice area information to ensure research is appropriately targeted.
How are LLMs used and is my data protected?
LawY utilises large language models (LLMs) through corporate arrangements with providers such as OpenAI and Google Gemini. User prompts are sent in real time to the LLM via closed-loop, secure transmission, and responses are returned without being logged or reused for model training.
Key data protection commitments:
- Zero Data Retention. (ZDR) our corporate accounts ensure that data submitted via the API is not used for training or fine-tuning, and we have Zero Data Retention policies in place with the foundation models we use.
- Transactional processing only. data is processed transactionally and not retained after processing, preserving privacy and preventing data leakage. We do not automatically pull data from users or third-party systems.
- Low risk profile our closed-loop model and absence of background data harvesting maintains a low risk profile.
- User control users have complete control over what information is shared. When users add conversation or matter details, this data is scrubbed of any personally identifiable information (PII), with appropriate placeholders used. Users have full editing capabilities across all details.
- Double-masked verification our verification service uses a double-masked system where verifiers cannot see user identity and users cannot see verifier identity. Verifications are only undertaken by qualified lawyers bound by professional duties of confidentiality.
- Internal AI governance LawY operates under internal guidelines governing AI usage and data privacy.
