Client confidentiality is not a feature — it is the foundation. Every architectural decision starts with the question: what would happen if this data were exposed?
Activity logs are AES-256 encrypted on the device before they leave it. Data is encrypted in transit via TLS 1.3 and at rest in all storage layers.
All processing and storage takes place exclusively in UK data centres. Your data physically never leaves the United Kingdom.
The desktop agent captures only activity metadata — window titles, document names, calendar events. Never keystrokes, screenshots, or file contents.
Role-based access by default. Fee earners see only their own data. Admins see firm-wide summaries. No cross-firm data access is architecturally possible.
A full Data Processing Agreement is provided to every client on day one — not on request. You have what you need for your own GDPR compliance records from the start.
In the event of a security incident affecting your data, we notify you within 72 hours in accordance with Article 33 of UK GDPR — no exceptions.
The agent is designed around a single principle: it should know that you were working, and roughly on what, without ever knowing the substance of what you did.
Activity logs are encrypted on-device using AES-256 before transmission begins. The encryption key is derived per-firm — Draftsheet ai staff have no ability to decrypt raw logs. Only your firm holds the key that can read your data.
All network communication uses TLS 1.3. Data at rest in our infrastructure is encrypted at the storage layer using AES-256. Database backups are encrypted with separate keys and stored in isolated access zones.
Our infrastructure runs on UK-based cloud providers. Production systems are isolated from staging and development environments at the network level. No developer has standing access to production data — access requires a formal request, approval, and is fully logged.
The agent is distributed as a signed executable for Mac and Windows. Code signing certificates are verified on install — the agent cannot be modified or replaced without invalidating the signature. IT departments can verify the signature hash before deployment.
The agent communicates only with Draftsheet ai's designated API endpoints. It does not open any inbound ports and cannot be used as a vector for external access to the lawyer's machine.
Our infrastructure sub-processors hold the following independent certifications:
We maintain a documented security incident response plan. In the event of an incident:
Our incident response procedure is available in full to your Data Protection Officer on request.
If you discover a security vulnerability in our platform, we ask that you contact us privately at [email protected] before any public disclosure. We will acknowledge your report within 24 hours and aim to resolve confirmed issues within 30 days.
