We are committed to protecting the confidentiality, integrity, and availability of information entrusted to us. Below outlines the principles and controls that govern how we safeguard data in our software, infrastructure, and business processes.
Client data is primarily hosted in your firm's selected region. AU/NZ firms are hosted on AWS Asia-Pacific (Sydney), while the UK, IE, US, and CA each have dedicated regional infrastructure. Some AI features, including Matter AI, may transfer limited client data to the US for processing by AI service providers. Client data is not used to train AI.
All client data is protected at every layer in transit, at rest, and in use. Industry-standard encryption safeguards your data wherever it moves or lives, and encryption keys are tightly managed with strict access controls and periodic rotation.
Role-based access controls, mandatory multi-factor authentication for privileged access, OAuth 2.0 for secure authorisation, and periodic access reviews ensure only the right people can reach the right data.
Client matter data is not used to train third-party AI foundation models without your explicit consent. LEAP AI features are designed for data minimisation, consistent with GDPR Article 25 and law firm professional obligations.
Continuous infrastructure and application monitoring with anomaly detection, centralised logging, and defined escalation paths. Documented incident procedures cover identification through recovery with client notification obligations met.
High-availability architecture across multiple AWS availability zones. Defined RTOs and RPOs for critical services. Encrypted, regularly tested backups alongside annual Disaster Recovery (DR) and Business Continuity Plan (BCP) tests ensure data can be recovered when it matters most.
Explore the LEAP Trust Centre
Looking for more information? Visit the LEAP Trust Centre for comprehensive details on our security, compliance, and privacy practices.
GDPR compliance with DPAs and SCCs in place for UK and EU clients. Privacy Act and PIPEDA obligations met in Australia, New Zealand, Canada, and Ireland.
:quality(82))
The gold standard for security compliance for SaaS companies. LEAP internal security controls underwent a rigorous and independent audit which verified that LEAP operates per industry standards. This attests to our unwavering commitment to holding the highest standards for security and confidentiality in safeguarding our users’ data.
These FAQ answers the most common security, privacy, and compliance questions we receive from law firms, sales and procurement reviewers.
Answers are aligned with SOC 2 Type 2 attestation, ISO 27001 is in progress, privacy obligations, and the controls published at our Trust Center.
If you have any questions please contact Trust at LEAP Legal Software: trust@leaplegalsoftware.com