Skip to main content
CounselOS
Book a demo

Security & compliance

Built for the data that cannot leave Australia.

Legal professional privilege does not survive a breach. Trust accounting errors do not survive a regulator's audit. CounselOS is designed for both — from storage through to every AI use your firm approves.

Australian hosting

Firm data is stored in Sydney. Document copies are held in Melbourne for disaster recovery. We do not move customer data outside Australia.

Encryption

Sensitive matter content is encrypted at rest. Traffic between you and CounselOS uses modern TLS. Keys are managed and rotated on a defined schedule.

Firm isolation

Each firm's data is separated at the database layer and again in application code — so one firm cannot see another's matters or clients.

Audit log

AI use, trust movements, and administrative actions are logged with who did what and when. Exportable for internal review or regulatory requests.

Protected AI calls

Client names and identifying details are shielded before any outside AI service is used. Your firm sees real names; the external service does not receive them in the clear.

Blocked sensitive categories

Certain highly sensitive matter types never go to an outside AI provider — even in protected form. The system refuses at the gateway.

Sign-in options

Email magic links by default. Password with two-factor on request. Single sign-on for larger firms. Integration keys are scoped and rotatable.

Trust ledger integrity

Trust entries are append-only: corrections are new lines, not silent edits. That supports audit and reconciliation the way regulators expect.

Human review on AI output

AI drafts stay marked until a fee earner approves them. Client-facing views do not treat unreviewed AI text as final advice.

Governed research & trust money

Legal research uses governed AI with citation checking. Connections to paid publishers (such as Lexis or Jade) are only available when your firm has a signed arrangement — pilot demos may use sample cases, not a live publisher feed.

Trust accounting is built for Australian state and territory rules. Migration validation and external accountant review are part of standard onboarding for firms moving from another platform.

Compliance posture

Available today

  • · Privacy Act 1988 (Cth) — Australian Privacy Principles
  • · Alignment with state legal profession AI guidance
  • · Data processing agreement with every customer
  • · Encryption at rest and in transit
  • · Automated backups with point-in-time recovery
  • · Document replication Sydney → Melbourne

Planned certifications

  • · ISO 27001 — target Q3 2026
  • · SOC 2 Type II — target Q4 2026 (Mid / Enterprise)
  • · IRAP assessed (PROTECTED) — for government matters
  • · Additional in-region AI inference when available

Need our DPA or security overview before the demo?

We will send our standard data processing agreement, security summary, and penetration-test overview on request.

Request our security pack