Compliance

Compliance by design.

Auxilis is built so that regulatory obligations are met by default — not bolted on as an afterthought. Every architectural decision reflects the standards UK solicitors are held to.

Regulatory Framework

The standards we build to

Auxilis is designed around four core regulatory pillars that govern how UK solicitors must handle technology and client data.

UK GDPR

Data Protection Act 2018

Full compliance with the UK General Data Protection Regulation. We process personal data under lawful bases defined in Article 6, maintain Records of Processing Activities (ROPA), and have appointed a Data Protection Officer. Data subject rights are exercisable at any time.

Lawful basis documented for every processing activity
Data Protection Impact Assessments conducted regularly
30-day response guarantee for subject access requests
Right to erasure available via dashboard or email

SRA Technology & Facilities Guidance

Solicitors Regulation Authority

Auxilis is designed to satisfy the SRA's expectations around technology use in legal practice. Our platform supports competence, confidentiality, and effective supervision when AI tools are used alongside professional judgement.

Full audit trail for every AI interaction
Source citations on all research outputs
Client data isolation between matters and users
Human-in-the-loop design — AI assists, never decides

ICO Requirements

Information Commissioner's Office

We are registered with the ICO and adhere to the Commissioner's guidance on AI and data protection. Our processing is transparent, fair, and documented. We conduct regular reviews to stay aligned with evolving ICO expectations.

ICO fee registration maintained and current
Transparency notices provided at every data collection point
AI-specific guidance from the ICO applied to our processing
Breach notification procedures in place (72-hour reporting)

Cyber Essentials Alignment

NCSC Framework

Our infrastructure is aligned with the five technical controls of Cyber Essentials: firewalls, secure configuration, access control, malware protection, and patch management. We pursue formal certification on an ongoing basis.

Boundary firewalls and internet gateways configured
Principle of least privilege across all systems
Automated patching and vulnerability scanning
Multi-factor authentication enforced internally

Data Processing

Where your data lives, and where it doesn't

Transparency is not optional. Here is exactly how we handle data at every stage of the pipeline.

UK-Only Processing

All data processing occurs within the United Kingdom. Your data never leaves UK jurisdiction. No international transfers take place unless strictly necessary for service provision, in which case UK Addendum to EU SCCs applies.

Data Retention Policies

Account data is retained until deletion. Chat history is stored locally on your device and auto-deleted after 30 days. Uploaded documents are never stored on our servers — they are processed entirely in your browser. Audit logs are retained for 12 months, then permanently purged.

AES-256 Encryption

All data at rest is encrypted using AES-256, the gold standard in symmetric encryption. Data in transit is protected by TLS 1.2 or higher. Passwords are hashed using bcrypt with salting. Encryption keys are rotated on a regular schedule.

No Third-Party Data Sharing

Your data is never shared with third parties for marketing, advertising, or any purpose unrelated to providing the service. Our sub-processor list is public, limited, and contractually bound by equivalent data protection obligations.

Zero-Retention Mode

AI processing logs are retained for a maximum of 7 days by our infrastructure provider, then permanently deleted. Your documents never leave your browser. When you close the tab, extracted text is purged from memory. No conversation data is used for model training — ever.

Your Obligations

How Auxilis helps you stay compliant

As a regulated professional, you carry obligations under UK GDPR, the SRA Standards and Regulations, and the Legal Services Act. Auxilis is architected to make meeting these obligations the path of least resistance — not additional overhead.

Human-in-the-loop by design. Auxilis never makes decisions autonomously. Every output is presented for your professional review, preserving the judgement and accountability the SRA expects.

Competence & supervision

The SRA requires solicitors to use technology competently and to supervise its outputs. Auxilis provides source citations, confidence indicators, and full audit trails so you can verify every AI-generated response before relying on it.

Confidentiality & privilege

Client documents are processed locally in your browser and never uploaded to our servers. Chat queries are encrypted in transit and not retained beyond your session. Solicitor-client privilege is preserved at every step of the workflow.

Data protection accountability

As a data controller, your firm must demonstrate compliance with UK GDPR. Auxilis provides a Data Processing Agreement, documented sub-processor list, and technical measures that make your compliance posture demonstrably stronger.

Record keeping & audit

Every interaction with Auxilis is logged with timestamps and metadata. These immutable audit records help your firm satisfy record-keeping obligations under the SRA Standards and Regulations and support internal compliance reviews.

Breach preparedness

Our incident response procedures include 72-hour ICO notification, affected party communication templates, and forensic investigation capabilities. If a breach occurs, you will be notified immediately with full details and remediation steps.

Compliance should not slow you down

See how Auxilis makes regulatory obligations invisible — built into the platform, not layered on top.

Request a Demo Contact Us