Lexivo
Sign in
LEX-2026 · The Security Brief

Security, by construction.

§I

Built on a privileged-by-default architecture

How the system is put together — the controls that don't require trusting us, they require checking us.

§I.a

Per-tenant data isolation

Every firm's data is strictly isolated. No shared tables, no shared AI context. One tenant cannot read another's anything.

§I.b

Encryption at rest and in transit

AES-256 for data at rest. TLS 1.3 in transit. Keys are rotated regularly and stored in a managed KMS.

§I.c

Role-based access control

Granular roles for partners, senior lawyers, associates, paralegals, and accountants — enforced at the API layer, not just the UI.

§I.d

Enforced MFA and session hygiene

Firms can require MFA for all users. Sessions are device-aware and can be revoked at any time.

Start a free trialTalk to security
§II

Aligned with the standards your clients expect

Lexivo is built against these control frameworks. Attestation is in progress; in-region hosting and bespoke DPAs are available to Enterprise tenants.

§II.a

SOC 2 Type II

Controls aligned to Trust Services Criteria for security, availability, and confidentiality.

§II.b

ISO 27001

Information security management aligned to ISO/IEC 27001.

§II.c

GDPR

DPA available. Right-to-erasure, export, and audit tooling is built in.

§II.d

HIPAA-ready controls

Encryption, access controls, and audit logging meet HIPAA technical safeguards for firms serving healthcare clients.

Frameworks listed reflect controls the platform is designed against. External attestation status is available on request.

Start a free trialTalk to security
§III

Every action, accounted for

An immutable audit log records every access, edit, share, and export across your firm. Search, filter, and export audit trails for compliance reviews or incident response.

  • §III.aWho did what, when, and from which device
  • §III.bExportable to CSV for legal hold or review
  • §III.cRetained for the lifetime of your tenancy
  • §IV.aExport your entire firm's data at any time
  • §IV.bDeletion on request, within contract terms
  • §IV.cConfigurable retention per matter type
§IV

Your data, your rules

Lexivo is a data processor for your firm. You decide what gets stored, who can access it, and when it leaves.

Security questions?

Our security team is happy to walk you through architecture, sub-processors, pen-test reports, and enterprise controls.

Contact securityStart a free trial
Fin.
Security & compliance — in-region hosting, audit logs, encrypted data · Lexivo