Security

Your knowledge is sensitive. We treat it that way.

LegacyAI handles institutional knowledge — processes, contacts, decisions, context. That data deserves the same protection as your source code or financial records.

EncryptionTLS 1.3 in transit. AES-256 at rest. We don’t have access to your decryption keys.

No raw audio storageAudio is transcribed and discarded. We never store voice recordings unless you explicitly opt in.

Human review gatesNothing gets processed or exported without explicit human approval. Every knowledge artifact passes through a review step before it enters your system.

Data residencyYour data stays in the region you choose. EU-hosted by default for European customers.

GDPR compliantData subject access requests, right to deletion, consent management — all supported out of the box.

Access controlRole-based permissions. Audit logs for every action. SSO via SAML/OIDC for enterprise.

What we don't do.

—We don’t train models on your data.

—We don’t share data between customers.

—We don’t sell or monetize your content.

—We don’t process anything without human approval.

Questions about security?

We're happy to walk through our architecture, share documentation, or answer specific compliance questions.