LexCor is built from first principles for criminal defence work. Privately deployed AI, UK-hosted infrastructure, and structural governance enforced in the system — not hoped to be followed.
"Your client's most sensitive disclosures, your strategy, your work product — none of it should pass through a public AI service. LexCor was designed from day one so it never has to."— LexCor founding principle
The security model is built into the system — not described in a document and hoped to be followed.
LexCor runs on self-hosted AI models inside your infrastructure. No case data is processed by OpenAI, Anthropic, Google or any public AI provider. Your data stays inside your environment.
All data is encrypted in transit and at rest. Encryption is not optional or configurable — it applies to everything, everywhere, by default, using current cryptographic standards.
Each firm's deployment is structurally isolated. There is no shared infrastructure between tenants at the data or model layer — another firm's solicitors cannot see your data.
Every user action, AI output, document access and system event is written to an immutable, timestamped log. It cannot be edited or deleted — available for SRA audit and internal supervision.
Designed around UK GDPR — data minimisation, purpose limitation, and subject access. Your DPA with Intellectual Bunch Ltd covers the full processor relationship with standard contractual safeguards.
Access is controlled at role level and per-matter assignment. Restricted cases and conflicted parties are protected structurally — not by a field in a form that can be overlooked.
Regulatory alignment is designed into the product from the start.
Full compliance with UK GDPR as retained in domestic law post-Brexit. Data processing agreements, legitimate interest assessments, breach notification procedures and SAR workflows are all in scope.
Designed to support compliance with SRA Standards and Regulations, including client confidentiality, supervision, and the safe use of technology in legal practice.
LexCor operates to ISO 27001 principles as part of our information security management programme. Formal certification is on the roadmap following general availability.
Cyber Essentials certification is targeted for the period leading up to general availability. Infrastructure is currently being assessed against scheme requirements.
Each principle is enforced in the system architecture — not a statement of intent.
No AI output reaches a court, client or third party without explicit human review. Enforced architecturally.
Every AI action is logged: prompt, model version, response, and what the human reviewer did with the output.
Firms configure which workflows are AI-assisted. AI is never on by default in any sensitive process.
Your case data trains nothing. Models are private, isolated, and never used to improve capabilities for other firms.
Request early access and see how LexCor handles your firm's data — transparently, privately and auditably.
