Security & Compliance

Enterprise-Grade Security

Your regulatory data is protected by encrypted infrastructure, strict access controls, and GDPR-compliant data processing.

Infrastructure

  • PostgreSQL database hosted on Supabase with managed backups
  • Data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Isolated tenant data with Row Level Security (RLS) policies
  • Automated infrastructure monitoring and alerting

Access Control

  • Row Level Security (RLS) ensures users only access their own data
  • Role-based permissions: Admin, Manager, and Member roles
  • Organization-scoped access with team management
  • API key authentication with per-key rate limits

Authentication

  • Secure authentication via Supabase Auth
  • SSO/SAML support on Enterprise plan
  • PKCE-based OAuth flow for secure token exchange
  • Session management with configurable expiry

Data Protection

  • Full GDPR compliance with documented data processing
  • Comprehensive audit trail of all user actions (Enterprise)
  • Data retention policies with automatic cleanup
  • Right to erasure: complete data deletion upon request

AI Processing

  • Only publicly available legislative text is sent to AI models
  • No personal user data is included in AI processing requests
  • AI analysis via Gemini 2.5 Flash through OpenRouter
  • AI outputs stored encrypted alongside source documents

Monitoring & Incident Response

  • Automated scraper health monitoring and failure alerts
  • Error tracking and recovery mechanisms across all pipelines
  • Dedicated security contact for vulnerability reporting
  • Incident response procedures with notification commitments

Compliance & Certifications

Our commitment to meeting the highest security standards.

GDPR Compliant

Active

SOC 2 Type II

Planned

ISO 27001

Planned

Responsible Disclosure

If you discover a security vulnerability in LexSignal.ai, we encourage responsible disclosure. Please report any security issues to our dedicated security contact. We commit to acknowledging reports within 48 hours and providing regular updates on our investigation.

[email protected]

Questions about our security?

Our team is happy to discuss security requirements, provide documentation, or schedule a review for enterprise evaluations.