Security

We are committed to protecting the confidentiality, integrity, and availability of information entrusted to us. Below outlines the principles and controls that govern how we safeguard data in our software, infrastructure, and business processes.

Our Security Commitments

Data Residency

Client data is primarily hosted in your firm's selected region. AU/NZ firms are hosted on AWS Asia-Pacific (Sydney), while the UK, IE, US, and CA each have dedicated regional infrastructure. Some AI features, including Matter AI, may transfer limited client data to the US for processing by AI service providers. Client data is not used to train AI.

Encryption

All client data is protected at every layer in transit, at rest, and in use. Industry-standard encryption safeguards your data wherever it moves or lives, and encryption keys are tightly managed with strict access controls and periodic rotation.  

Identity and Access Management

Role-based access controls, mandatory multi-factor authentication for privileged access, OAuth 2.0 for secure authorisation, and periodic access reviews ensure only the right people can reach the right data.

No AI Model Training Your Data

Client matter data is not used to train third-party AI foundation models without your explicit consent. LEAP AI features are designed for data minimisation, consistent with GDPR Article 25 and law firm professional obligations.

24/7 Monitoring & Incident Response

Continuous infrastructure and application monitoring with anomaly detection, centralised logging, and defined escalation paths. Documented incident procedures cover identification through recovery with client notification obligations met.

Business Continuity and Resilience

High-availability architecture across multiple AWS availability zones. Defined RTOs and RPOs for critical services. Encrypted, regularly tested backups alongside annual Disaster Recovery (DR) and Business Continuity Plan (BCP) tests ensure data can be recovered when it matters most.

Explore the LEAP Trust Centre

Looking for more information? Visit the LEAP Trust Centre for comprehensive details on our security, compliance, and privacy practices.

Compliance Across Your Region

GDPR compliance with DPAs and SCCs in place for UK and EU clients. Privacy Act and PIPEDA obligations met in Australia, New Zealand, Canada, and Ireland.

LEAP Secruity_NIST

NIST SP 800-61

Details
security stylised

PIPEDA

Details
LEAP Secruity_ UK

UK Cyber Essentials

Details
Asset 13

Safeguarding Sensitive Data

The gold standard for security compliance for SaaS companies. LEAP internal security controls underwent a rigorous and independent audit which verified that LEAP operates per industry standards. This attests to our unwavering commitment to holding the highest standards for security and confidentiality in safeguarding our users’ data.

FAQs

These FAQ answers the most common security, privacy, and compliance questions we receive from law firms, sales and procurement reviewers.

Answers are aligned with SOC 2 Type 2 attestation, ISO 27001 is in progress, privacy obligations, and the controls published at our Trust Center.

If you have any questions please contact Trust at LEAP Legal Software: trust@leaplegalsoftware.com