Alicia.

Trust & data

Built to be examined.

A law firm’s first question about AI is the right one: where does our data go, and can the answers be trusted? Alicia is designed so both questions have short answers.

EU-hosted, no training, no retention.

Alicia runs as an EU-hosted service. Reasoning runs on Claude via AWS Bedrock in an EU region, under no-training / no-retention terms: your queries and documents are not used to train models and are not retained by the model provider. This is the same class of protection firms already accept for Microsoft 365 Copilot. And the vendor does not mine your questions or documents to improve the product — any quality signal used to improve Alicia is aggregate and content-free.

Tenant isolation, per firm.

Alicia is multi-tenant with hard isolation between firms — every record is keyed to the firm's own organisation identifier, so one firm's matters, queries and documents are never visible to another. Data is encrypted in transit and at rest. Access is invite-only, per firm.

Connected mailboxes stay read-only.

When a lawyer connects Microsoft 365, Alicia reads only the mailbox that lawyer already has access to, only when asked, and keeps no email content — it holds only an encrypted token to maintain the connection. Nothing is scraped in the background, permissions are read-only, and the firm or the lawyer can disconnect at any time.

Citation discipline as the safeguard.

The deepest trust question for legal AI is not where the data sits but whether the answers can be checked. Every Alicia statement carries the citation of the passage behind it, quoting verbatim where wording matters — and where the corpus is silent, Alicia refuses rather than guesses. Every answer is verifiable at source.

A clear data-protection chain.

Your firm is the data controller. Alicia is the processor, operating under a data-processing agreement with each firm. AWS Bedrock acts as sub-processor for reasoning. One chain, documented, per firm.

A security posture with a direction.

Alicia's security programme is built toward recognised certification: Cyber Essentials first, then SOC 2 / ISO 27001 as the platform scales. These are stated as the path being followed, not as certifications already held.

Licensing & attribution

The source, acknowledged.

Alicia draws on Jersey legislation published on jerseylaw.je, licensed under the Open States Assembly Licence – Jersey v1.0 by the States Assembly.

This is the consolidated text, not legal advice — verify against jerseylaw.je.

Questions your security team will ask. We welcome them.

A conversation with our team covers the data-protection chain, the DPA, and the hosting arrangement in whatever depth you need.

Contact Us