Security
Designed for sensitive compliance work.
Compliance work involves sensitive evidence, internal controls and operational data. Legis is built so access is scoped, actions are logged and data handling is controlled — from the first interaction.
Role-based access
Access to controls, evidence and reports follows roles, not habit. Auditors, owners and admins each see exactly what their role requires.
Audit logs
Every action in Legis — views, edits, exports, permission changes — is itself logged. The platform holds itself to the standard it helps you prove.
Permission management
Granular permissions at the framework, control and evidence level — including scoped, time-limited access for external auditors.
Secure evidence workflows
Evidence moves through controlled workflows with clear ownership and verification states — never through ad-hoc email attachments.
Data protection
Compliance data is encrypted in transit and at rest, with isolation between customer workspaces.
GDPR-ready approach
Built by an EU team for EU-regulated companies: data processing agreements, data minimization and EU hosting options.
Responsible AI & data handling
AI that acts inside your controls, not around them.
The Legis assistant operates with the same permissions as the user it serves. Its actions are logged in the audit trail like any other action, and your compliance data is not used to train models for other customers.
Detailed data-handling documentation is available on request. This section is a placeholder for published policies.
Assistant action log
Our posture
Security questions? Ask them early.
We work with compliance and security teams every day and expect to be assessed like any vendor handling sensitive data. Bring your security questionnaire to the first call — we'll answer it directly.
DPA and documentation available on request.
Ready to make compliance execution continuous?
See how Legis can help your team connect controls, evidence and workflows before the next audit.