Security, privacy & AI governance
Built so your firm keeps control.
EdgeLex is the authority layer. Your firm owns identity, permissions, data, and the audit trail. The AI works under your policy — never around it.
Data sovereignty
- Deploy in EdgeLex's cloud, your private cloud, or fully self-hosted — your choice.
- Wherever it runs, your data stays under your firm's governance; self-host to keep it entirely in your own infrastructure.
- No mandatory third-party access to case data.
- Per-firm isolation: each firm is a separate identity realm, with queries scoped per firm at the data layer — no cross-tenant bleed.
AI governance
- Three-layer model policy (platform → firm → user) with default-deny: no model runs unless explicitly allowed.
- Local or frontier models — the firm chooses; bring-your-own-key with encrypted credential storage.
- Mutation safety: a routing layer blocks underpowered models from destructive actions (send, delete, file, approve).
- Evidence grounding: answers must be grounded in your data and cite sources; ungrounded answers are blocked.
- Approval gates on high-impact actions.
- Full cost & token attribution by firm, user, model, and matter — no opaque AI spend.
Access & identity
- Standard identity provider (OpenID Connect) with per-firm realms.
- Role-based access control; configurable session limits and timeouts.
- Optional IP binding; MFA gating for sensitive actions like signing.
Encryption & credentials
- Sensitive credentials encrypted with AES-256-GCM (authenticated encryption), with per-credential IVs.
- Firms can hold their own keys (BYOK).
Audit & accountability
- Comprehensive activity, security-event, and AI-decision logging in a dedicated log store.
- Before / after state on writes; correlation IDs throughout.
- Signature evidence chains and document freeze-on-signature.
Compliance posture
EdgeLex provides the controls firms need to support their SOC 2, GDPR, and ABA-aligned obligations: data residency, encryption, granular access control, comprehensive audit logging, and legal-hold and retention features. Self-hosting means your data-handling stays under your governance.
EdgeLex provides controls designed to support these frameworks; it does not itself hold these certifications.
EdgeLex vs. black-box cloud legal AI
An honest, dimension-by-dimension comparison.
Compared against the category of cloud legal AI on dimensions you can verify — not a characterization of any one product. Where a specific vendor offers a private deployment, that's to their credit.
| Dimension | EdgeLex | Typical cloud legal AI |
|---|---|---|
| Self-hosting option | Yes | Varies |
| Data locality (firm-controlled) | Yes | Varies |
| Model choice (local + frontier) | Yes | Varies |
| Per-firm isolation | Yes | Varies |
| AI governance policy (default-deny) | Yes | Varies |
| Audit & cost attribution | Yes | Varies |
| Evidence-grounded answers | Yes | Varies |
Bring your security questionnaire.
We'll walk your team through the architecture, the audit model, and self-hosting.