Every Noor deployment is designed to satisfy the same scrutiny your firm applies to client files: UK residency, contractual training opt-out, cryptographic integrity, and published sub-processors.
All client data — messages, documents, transcripts, audit bundles — is stored and processed in AWS eu-west-2 (London). Never routed outside the UK, never served from a US CDN. Convex's EU region means even our application database stays in scope.
TLS 1.3 in transit. AES-256 at rest. Signed keys managed by Convex with automatic rotation. Webhook signatures verified with constant-time HMAC-SHA256 on every inbound message.
Zero-retention agreements with every AI sub-processor. Anthropic ZDR is enforced contractually and technically — your clients' words are never used to train a model.
SRA's seven-year standard is our default. Configurable per firm: shorter for one-off consultations, longer for ongoing matters. Voice audio is deleted 90 days after transcription; the transcript is kept.
SOC 2 Type I on track for completion in 2026. DPIA collaboration is available today — we'll sit with your DPO for a call and supply every artefact your compliance review needs.
24-hour breach notification to every affected firm, in writing, with a factual timeline and remediation steps. Named incident contact and escalation chain on file from day one.
Each has a signed Data Processing Agreement under UK GDPR. If any changes, we give you 30 days' written notice before it takes effect on your tenant.
Questions about a specific sub-processor or a regional constraint? Talk to us— we're happy to walk your compliance team through each one.
SRA Code of Conduct 2019 retention defaults; Transparency in Innovation Notice 2025 alignment; client care disclosures built into every audit bundle.
IAA Code of Standards — caseworker authorisation levels honoured in role-based access controls; record-keeping exceeds the IAA minimum.
UK GDPR-aligned retention, UK GDPR-aligned data subject rights (access, erasure, portability) exposed as one-click caseworker actions.
Designed around the Law Society's Immigration & Asylum Section file-handling norms. Every export carries your firm's SRA / IAA / ICO numbers on the cover.
We'll send a PDF brief plus the Data Processing Agreement template for your counsel to review. No form gating — just an email.