Security
Privileged material
never leaves the EU.
clerk& is built for material you can't afford to mishandle. A barrister's practice and a clerk's room hold client confidences, settlement positions, fee data, and privileged correspondence. We treat that seriously, in architecture rather than in marketing.
Principles
What we promise, and how it works
EU-only by architecture
Storage in Dublin, AI processing in Stockholm. No US transfers. No US sub-processors for your dictation content. Legal professional privilege material never enters US infrastructure.
Encryption everywhere
TLS 1.3 in transit. AES-256 at rest. Per-tenant encryption keys for every workspace. Encrypted backups in the same EU region.
Your data is your data
Your dictations, briefs, fee notes, and matters are never used to train AI models. Not ours, and not any vendor's. Contractually guaranteed.
Row-level access control
Every database query is gated by authentication. Workspace-scoped permissions. Audit log on every read and write.
DPA on request
Article 28 GDPR Data Processing Agreement, signed and returned within 48 hours of request. Standard Contractual Clauses where required.
72-hour breach notification
In line with Article 33 GDPR, we notify the Data Protection Commission within 72 hours of any breach likely to result in risk to your rights.
Infrastructure
Where your data actually lives
No surprises. No vague “in the cloud.” These are the systems and the regions.
| Function | Region | Processor |
|---|---|---|
| Application hosting | Dublin, Ireland | Vercel |
| Database & file storage | Dublin, Ireland | Supabase |
| AI transcription & formatting | Stockholm, Sweden | Azure OpenAI |
| Billing | EU-compliant, SCCs | Stripe |
| Analytics (opt-in) | Frankfurt, Germany | PostHog EU |
All processors operate under Article 28 GDPR Data Processing Agreements with Leeside Labs Limited. Your dictation content is processed only by Supabase (storage / database) and Azure OpenAI (transcription / formatting).
GDPR
Your rights, applied
You can exercise all GDPR rights — access, rectification, erasure, portability, restriction, objection — from inside the application or by emailing hello@clerkand.com. We respond to all requests within one month, as required by Article 12 GDPR.
Controller / processor split. clerk&is the controller for your account, billing, and analytics data. For client and case material you process through clerk&, you remain the controller; clerk& is the processor and acts on your instructions.
Cookies. No tracking cookies on the marketing site. Inside the app, analytics is strictly opt-in.
Put your AI clerk to work.
Free 14-day trial. No credit card. Five-minute setup. Whether you’re a sole practitioner or running a busy clerk’s room, clerk& earns its keep on the first fee note.