Legal AI Kenya
LoginGet Started

Security & Data Protection

Enterprise-grade security protecting your sensitive legal information

End-to-End Encryption

All data transmitted between your device and our servers is encrypted using TLS 1.3. Documents and messages are encrypted at rest using AES-256 encryption.

Multi-Factor Authentication

Protect your account with SMS-based 2FA. Optional authenticator app support for enhanced security. Biometric authentication on mobile devices.

Secure Infrastructure

Hosted on AWS and Render with SOC 2 Type II compliance. Regular security patches and updates. DDoS protection and firewall configured.

Data Privacy & Access Control

What We Collect

  • Account information (name, email, phone)
  • Documents you upload for review or drafting
  • AI chat history for service improvement
  • Usage analytics (anonymized)
  • Payment information (processed by M-Pesa)

How We Protect It

  • Encrypted storage with AES-256
  • Role-based access control (RBAC)
  • Regular backups with 30-day retention
  • Audit logs for all data access
  • Data deletion on account closure

Security Best Practices

For Our Platform

  • • Quarterly penetration testing by security experts
  • • Automated vulnerability scanning (OWASP Top 10)
  • • Code reviews and security audits before deployment
  • • Incident response plan with 24/7 monitoring
  • • Employee security training and background checks
  • • Regular dependency updates and patch management

For Our Users

  • • Use strong, unique passwords (12+ characters)
  • • Enable two-factor authentication (2FA)
  • • Don't share your account credentials
  • • Log out from public/shared devices
  • • Verify lawyer identities before sharing sensitive info
  • • Report suspicious activity immediately

Compliance & Certifications

Data Protection Act

Registered with ODPC Kenya

ISO 27001

Information Security (In Progress)

SOC 2 Type II

Infrastructure compliance

Security Incident Response

In the unlikely event of a security breach:

  • 1.Immediate containment and investigation within 1 hour
  • 2.Notification to affected users within 24 hours
  • 3.Notification to ODPC within 72 hours (as required by law)
  • 4.Remediation actions and security enhancements implemented
  • 5.Post-incident review and transparency report published

Report a security issue: security@legalai.co.ke

Questions About Security?

Our security team is here to address your concerns

Contact Security Team