MeshLaw
Security & compliance

Client confidentiality,
guaranteed by technology.

The AI doesn’t train on client materials, case data is stored first on the legal professional’s desktop, and any external delivery always passes through professional approval. Designed to align with data protection law and KISA standards.

Design principles

Four security principles.

01
Local-first storage

Case materials (PDFs, recordings, evidence) are stored first on the legal professional’s desktop app. Cloud sync runs only when explicitly enabled, on a per-matter basis. Matters can be reviewed and drafts written even offline.

02
Human-in-the-Loop

The AI never sends anything to clients, courts, or outside parties automatically. Every external deliverable (report, brief, contract) passes through an explicit professional approval step. The last click of any automation is always made by a human.

03
Citation-First (no hallucinations)

Citations to case law and statutes are generated only from results pulled directly from official legal databases (Supreme Court, national statute, and constitutional decision sources). Answers without a citable basis are refused outright.

04
ZDR · not used for training

External AI models are called only under a Zero Data Retention agreement. Case materials are never used to train models and are not retained after inference.

Sync modes

Configured per matter.

Choose a cloud sync policy per matter, based on how sensitive the case is.

Push
Recommended default

Local → cloud, one way. For backup and sharing. The most conservative default.

Pull

Cloud → local, one way. For importing a matter created by another professional.

Mirror

Two-way, real time. For matters worked on as a team.

Never
Maximum security

Fully local. Never goes to the cloud. For highly sensitive matters.

Data flow

What flows where.

Source Destination What is sent
Professional’s desktop MeshLaw gateway (Seoul) Auth token + AI request (includes case context)
MeshLaw gateway External AI model (ZDR-contracted provider) AI inference request (ZDR, not used for training)
MeshLaw gateway Supreme Court / national statute info Case-law and statute search queries (no case materials)
Court e-filing system Professional’s desktop Filed directly with the professional’s certificate (does not pass through MeshLaw servers)

E-filing is done directly from the desktop with the professional’s certificate and does not pass through MeshLaw servers.

Compliance

Aligned with local standards.

Data residency
In-country region (Seoul). No transfer abroad.
Encryption
TLS 1.3 in transit. AES-256 at rest. Sensitive fields such as resident registration numbers get additional column-level encryption.
Access control
Per-organization data isolation (row-level permission separation). Minimized staff access with audit logging.
Certification
KISA ISMS-P certification in progress (Phase 2 goal). SOC 2 Type II under review (Phase 3).
Contracts
DPA (data processing agreement) template provided. ZDR addendum attached.
Backup & recovery
Daily snapshots (PITR, 7 days). Per-organization data export available anytime.
Incident response
Notification within 24 hours of becoming aware of a breach. Compliance with KISA reporting obligations.
Review materials

Documents for legal-team review.

We provide the standard documents needed when evaluating adoption. Our sales team sends them when you inquire about adoption.

DPA · data processing agreement template

Standard processing agreement + ZDR addendum. The form can be amended after legal-team review.

Request →
Security white paper · technical document

Details on encryption, access control, audit logging, and incident response. For legal and IT teams to review.

Open white paper →
FAQ

Frequent security questions.

Start your legal-team security review.

Request review materials See plans →