Alexi | Security

We are committed to ensuring the highest standards of data protection, security, and confidentiality for our customers.

Alexi’s trusted approach to security and privacy

Security and compliance are the cornerstones of trustworthy legal AI. With SOC 2 certification, Alexi ensures your data and documents remain secure, confidential, and compliant with the highest industry standards—so you can leverage us with confidence.

Our platform employs advanced encryption methods, strict access controls, and industry-leading compliance measures to safeguard your information at every step. We prioritize privacy and adhere to all relevant legal and professional standards, so you can trust that your data is secure and handled with the utmost care. Below are some frequently asked questions about our security practices.

Learn more at the Alexi Trust Center, powered by Vanta.

Security FAQ

How do you ensure the security of customer data?

We use industry-standard encryption methods, such as TLS 1.2+ for data in transit and AES-256 for data at rest, to secure all customer data. Access to sensitive information is restricted to authorized personnel only, and our systems are regularly audited to identify and mitigate potential vulnerabilities.

Where is your data stored?

Our data is hosted on Amazon Web Services, which complies with all major security standards like ISO 27001, SOC 2, and GDPR. Data is stored in geographically diverse locations to ensure availability and resilience.

Will our data be in compliance with the requirements of professional governing bodies around confidentiality of client data?

Yes, we prioritize compliance with governing professional associations and other legal regulations concerning client data confidentiality. Our platform is designed to help law firms adhere to professional and legal standards regarding data protection, confidentiality, and secure communication.

How long will our data and documents be stored?

Data and documents are stored according to our data retention policy, which can be customized based on your requirements. By default, data is retained for the duration of the service agreement and is securely deleted upon request or at the end of the service term. Backup copies may be kept for a limited time to ensure data recovery in case of a disaster, in accordance with industry standards.

Will our data be used to train any AI models?

No, your data will not be used to train any AI models. We understand the importance of data privacy and confidentiality, particularly for sensitive information. Our systems are designed to ensure that customer data remains private and is not utilized for training or improving machine learning models without explicit consent.

Will our data get sent to any third parties?

We may send data to third-party cloud providers, such as AWS and Azure, both of which are ISO27001, SOC II, and GDPR compliant, to leverage their secure infrastructure for enhancing our proprietary AI platform's performance, reliability, and scalability.

How do you manage user access and authentication?

We use strong password policies and multi-factor authentication (MFA) to secure user accounts. Role-based access controls (RBAC) are in place to ensure users only have access to the information they need for their roles.

Do you monitor for security threats and vulnerabilities?

Yes, we continuously monitor our systems for potential threats and vulnerabilities using a combination of automated tools and manual reviews. We also have an incident response plan in place to quickly address and remediate any security incidents.