Trust & Security
LegisGate™ Trust & Security Center
LegisGate™ is built to earn the trust of the Data Protection Teams who rely on it. This page documents our security architecture, data practices, compliance commitments, and sub-processor chain — because an AI governance platform should meet the same standards it evaluates others against.
Data Flow & Architecture
How data flows and what we process
Sub-Processors
GDPR Article 28(2) registry
Compliance & Certs
GDPR, EU AI Act, certifications
Documents & DPA
Data Processing Agreement
Security Highlights
- Data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Multi-tenant isolation via row-level security (RLS)
- AI inference only — customer data excluded from model training (Anthropic API terms)
- No customer content accessed — metadata and descriptions only
- Role-based access control with audit logging
- 72-hour breach notification commitment
- GDPR-compliant Data Processing Agreement available
- EU AI Act transparency documentation published
Certification Status
| Certification | Status |
|---|---|
| SOC 2 Type I | In Progress (Target Q3 2026) |
| SOC 2 Type II | Planned (Target Q1 2027) |
| ISO 27001 | Planned |
| GDPR Compliance | Compliant |
| EU AI Act | Compliant (Limited-risk, Art. 50) |
Last updated: March 2026