Your work product stays yours.
Legal work is the most sensitive asset an organization holds. Atherna is built to treat it that way. Your matters are isolated, never retained, and never used to train a model. Every output is grounded in source and traceable in a full audit log. Security here is not a setting. It is the architecture.
- Zero
- Data retention
- Single-tenant
- By default
- AES-256
- Encryption at rest
- First
- To clear a bank's ISG
The first legal AI in the world to clear a bank's ISG review.
Banks run the most demanding information-security review a vendor can face. Atherna was the first legal AI to pass one, an Information Security Group assessment of reliability and data security, and we have hardened the platform against that standard ever since. When a publicly listed bank puts real matters through it, the diligence is already done for the teams that follow.
Security that holds at the standard of counsel.
Four guarantees that risk, IT, and security teams sign off on before a single matter is loaded.
Zero data retention
Your work is never retained, never used to train a model, and never visible outside your tenant. Prompts, documents, and outputs are processed for your matter and nothing else.
- Not retained beyond your session
- Never used for model training
- Invisible outside your tenant
Tenant isolation
Every customer runs in a dedicated environment. Choose single-tenant cloud, your own private cloud, or a fully on-premise deployment. Your data never shares infrastructure with another firm.
- Single-tenant by default
- Private cloud or on-premise
- No shared data plane
SOC 2 Type II & ISO 27001
Independently audited and continuously penetration-tested. Data is encrypted in transit and at rest, with customer-managed keys so you hold control of your own encryption.
- Audited and pen-tested
- Encryption in transit and at rest
- Customer-managed keys
Privilege & confidentiality
Matter-level walls keep work separated the way a firm does. Granular, role-based access governs who sees what, and a complete audit log records every action for review.
- Matter-level information walls
- Granular, role-based access
- Full, exportable audit logs
Compliant in every region we operate.
Atherna runs across five jurisdictions with native integrations into each region's regulators, so compliance workflows reference the right authority by default.
- SEC
- FINRA
- State bars
- FCA
- SRA
- Companies House
- DFSA
- DIFC Courts
- ADGM
- MAS
- ACRA
- SAL
- RBI
- SEBI
- MCA
Data residency is configurable to the jurisdiction you require. GDPR in the UK and EU, DPDP in India, and local regulator obligations are handled inside the platform, not bolted on after the fact.
Independently audited, continuously.
SOC 2 Type II
Audited controls for security, availability, and confidentiality, renewed annually.
ISO 27001
Certified information-security management across the platform and operations.
GDPR
Compliant handling of personal data, backed by a standard data-processing agreement.
DPDP
Aligned to the Digital Personal Data Protection Act, with in-region data residency.
Bring your review. We have answers.
Send us your security questionnaire, your data-protection requirements, or your ISG checklist. Our security engineers will walk your risk, IT, and compliance teams through the architecture and the audit trail in detail.
- SOC 2 Type II report and pen-test summaries on request
- DPA, sub-processor list, and data-residency options
- Single-tenant, private-cloud, and on-premise deployment review
We reply within one business day.