Trust & compliance

Every claim on this page is verifiable.

Jurislexr publishes its corpus methodology, security certifications, advocate vetting criteria, and data processing agreements in one place. This page exists because firms making procurement decisions deserve documentation, not assurances.

Corpus integrity

Kenya Law data is ingested, versioned, and updated weekly. Every query runs a citation verification process that confirms existence against the corpus index before any result surfaces. The corpus version — date and document count — is displayed on every result. Every citation surfaced to the user has passed a post-retrieval existence check against the corpus index. If a case is not in the index, it does not appear — regardless of how plausible it looks to the model.

Kenya Law corpus · 275,847 docs · Updated weekly
Security

Security & compliance status.

Kenya DPA registration
ConfirmedConfirmed
Kenya-region data residency
Live — AWS AfricaConfirmed
SOC 2 Type 2
Audit in progress (report Phase 2)In progress
ISO 27001
Scoping begun (certification Phase 2)In progress
GDPR compliance
Compliant — DPA availableConfirmed
Annual penetration test
Scheduled — summary publishable post-testPlanned
No training on customer data
Contractual + technical prohibitionConfirmed
Encryption at rest
AES-256Confirmed
Encryption in transit
TLS 1.3Confirmed
Audit log retention
7 years, immutable, append-onlyConfirmed

Data processing agreement

A counsel-reviewed DPA is available for download for firms and enterprise clients. The DPA covers: data controller / processor relationship, Kenya DPA obligations, GDPR obligations for firms with European clients, data residency confirmation, retention schedules, and sub-processor disclosure.

Responsible AI policy

1

The corpus is the boundary — the model does not return citations outside the verified corpus. No supplementation with general web data.

2

Confidence scores are displayed, not hidden — low-confidence results are flagged, not suppressed.

3

Verification is advocate-controlled — no AI output carries a Jurislexr Verification Stamp unless the submitting advocate has actively completed the verification workflow, reviewed the output, and recorded their approval. The stamp is the advocate’s own record, not a third-party certification.

4

No customer data is used in model training — contractual and technical controls are documented and auditable.

Operational transparency

Operational transparency.

Responsible disclosure policy — report security issues to support@kontorva.com. We publish a rolling uptime indicator and a post-test summary after each annual penetration test.

99.7%

90-day rolling uptime