Terms of Service — LegalOS by Azenteq

1. Introduction

These Terms of Service ("Terms") govern the use of LegalOS, a legal case management platform provided by Azenteq Ltd ("we", "us", "Azenteq"). By subscribing to or using LegalOS, you ("the Firm", "you") agree to these Terms.

LegalOS is designed for SRA-regulated law firms and CLC-licensed conveyancers in England and Wales.

2. The Service

LegalOS provides:

Multi-portal case management (Mission Control, Firm Admin, Staff Workspace, Client Portal)
Workflow automation for 6 practice areas (18 matter types)
Document management with version control
KYC/AML compliance integration
Optional AI-assisted features (drafting, analysis, orchestration)
Electronic signature integration
Property search ordering
Client onboarding and communication

3. Subscription and Billing

LegalOS is offered on a monthly subscription basis
Pricing is per-module with optional add-on features
AI features are billed separately as premium add-ons with configurable spend caps
Trial periods (where offered) are specified at the point of sign-up
Invoices are issued on the 1st of each month, payable within 14 days
We reserve the right to adjust pricing with 30 days' written notice

4. Your Responsibilities

You are the data controller for all client data processed through LegalOS
You must ensure your use complies with SRA Standards and Regulations
You must maintain appropriate professional indemnity insurance
You are responsible for the accuracy of data entered into the system
You must not share login credentials between users
You must notify us promptly of any security incidents
AI-generated outputs must be reviewed by a qualified solicitor before use

5. Data Processing

We process data on your behalf in accordance with our Privacy Policy and any Data Processing Agreement (DPA) executed between us.

All data is stored in the UK (AWS eu-west-2, London)
Tenant isolation is enforced at the database level
We will not access your data except to provide the service, with your permission for support, or as required by law
On termination, we will export your data in a standard format within 30 days and delete it within 90 days (unless a legal hold applies)

6. AI Features Disclaimer

LegalOS includes optional AI-assisted features. These are subject to the following conditions:

AI outputs are suggestions only and must not be treated as legal advice
All AI-generated documents, analyses, and recommendations require review by a qualified solicitor
We do not guarantee the accuracy, completeness, or fitness for purpose of AI outputs
The Firm retains full professional responsibility for all work product, whether AI-assisted or not
AI features can be disabled at any time by the Firm Administrator
No client data is used to train or improve AI models

7. Service Availability

We target 99.9% uptime (excluding scheduled maintenance)
Scheduled maintenance windows will be communicated 48 hours in advance
We are not liable for downtime caused by third-party services (Supabase, Vercel, Clerk)
In the event of extended outage (>4 hours), affected firms will receive a pro-rata service credit

8. Intellectual Property

LegalOS and its source code are the intellectual property of Azenteq Ltd
Your data remains your property at all times
Templates and documents you create within LegalOS belong to your firm
You grant us a limited licence to process your data solely to provide the service

9. Limitation of Liability

To the maximum extent permitted by law:

Our total liability is limited to the fees paid by you in the 12 months preceding the claim
We are not liable for indirect, consequential, or special damages
We are not liable for losses arising from your reliance on AI-generated outputs without proper professional review
Nothing in these Terms excludes liability for death, personal injury, or fraud

10. Termination

Either party may terminate with 30 days' written notice
We may suspend access immediately for non-payment (after 14 days overdue)
We may terminate immediately for material breach of these Terms
On termination, we will provide a data export within 30 days
Accrued fees remain payable after termination

11. Governing Law

These Terms are governed by the laws of England and Wales. Disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

12. Contact

General: hello@azenteq.com

Legal: legal@azenteq.com

Support: support@azenteq.com

1. Parties

This Data Processing Agreement ("DPA") forms part of the Terms of Service between:

Data Controller: The law firm subscribing to LegalOS ("the Firm", "Controller")
Data Processor: Azenteq Ltd, registered in England and Wales ("Azenteq", "Processor")

The Firm determines the purposes and means of processing personal data. Azenteq processes personal data solely on the Firm's behalf and in accordance with the Firm's documented instructions.

2. Scope and Purpose of Processing

Azenteq processes personal data to provide the LegalOS legal case management platform, including:

Matter and case management (creation, tracking, workflow progression)
Client onboarding, identity verification, and KYC/AML compliance
Document storage, generation, and version control
Communication (email notifications, client correspondence)
Financial record-keeping (billing, SDLT calculations, fee estimates)
Optional AI-assisted analysis and document drafting
Audit logging for SRA compliance

3. Categories of Personal Data

The following categories of personal data may be processed through LegalOS:

Client identity data: Names, addresses, dates of birth, contact details
Financial data: Property values, mortgage details, fee ledgers, SDLT calculations
Legal case data: Matter details, instructions, correspondence, file notes
Identity verification data: ID document references, AML check results
Staff data: Firm employee names, roles, email addresses, activity logs
Communication records: Emails, client portal messages, document approvals

Special category data (e.g. health information in personal injury or family matters) may be processed where the Firm has obtained appropriate consent or legal basis.

4. Data Subjects

Personal data processed may relate to:

The Firm's clients and their related parties (joint purchasers, beneficiaries, etc.)
Opposing parties and their solicitors
The Firm's employees and staff
Third-party professionals (estate agents, mortgage brokers, surveyors)

5. Processor Obligations

Azenteq shall:

Process personal data only on documented instructions from the Controller, unless required by law
Ensure that all personnel with access to personal data are bound by confidentiality obligations
Implement appropriate technical and organisational security measures (see Section 6)
Not engage another processor without prior written authorisation from the Controller (see Section 7)
Assist the Controller in responding to data subject rights requests
Assist the Controller with data protection impact assessments where required
Delete or return all personal data on termination of the service (see Section 9)
Make available all information necessary to demonstrate compliance with Article 28 obligations
Allow for and contribute to audits conducted by the Controller or an appointed auditor

6. Security Measures

Azenteq implements the following technical and organisational measures to protect personal data:

Encryption at rest: All database storage is encrypted using AES-256
Encryption in transit: All data transmission uses TLS 1.2 or higher
Tenant isolation: Row-Level Security (RLS) policies enforce strict data separation between firms at the database level — data cannot cross tenant boundaries
Authentication: Multi-factor authentication support, session management via Clerk, role-based access control across four portal tiers
Audit logging: All sensitive operations (login, data access, modifications, Login As impersonation) are logged with timestamps and user identity
Access controls: Principle of least privilege — staff see only matters and data relevant to their role and department
Infrastructure: Hosted on Vercel (SOC 2 Type II compliant) with Supabase (SOC 2, ISO 27001) for database services
Vulnerability management: Regular dependency audits, automated security scanning
Incident response: Documented incident response procedures with defined escalation paths

7. Sub-Processors

The Controller authorises Azenteq to engage the following sub-processors. Azenteq will notify the Controller of any intended changes to sub-processors, giving reasonable opportunity to object.

Sub-Processor	Purpose	Location
Supabase (AWS)	Database hosting, authentication, storage	EU (London, eu-west-2)
Vercel	Application hosting, edge functions, CDN	Global (compute in EU)
Clerk	User authentication and session management	US (EU data residency available)
Resend	Transactional email delivery	US/EU
Stripe	Subscription billing and payment processing	EU
AI Provider (configurable)	Optional AI-assisted features (drafting, analysis)	Varies by provider
Sentry	Error monitoring and performance tracking	US/EU

AI features are optional and can be disabled by the Firm Administrator. When enabled, no client data is used to train AI models. AI sub-processor details are provided in the AI Settings section of the Firm Admin portal.

8. Breach Notification

In the event of a personal data breach, Azenteq shall:

Notify the Controller without undue delay and in any event within 72 hours of becoming aware of the breach
Provide sufficient information to enable the Controller to fulfil its obligation to notify the ICO and affected data subjects where required
Include in the notification: the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed to address the breach
Cooperate with the Controller and take reasonable steps to assist in the investigation, mitigation, and remediation of the breach
Document all breaches, including facts, effects, and remedial action taken

9. Data Retention and Deletion

Personal data is retained for the duration of the subscription
On termination, the Firm may request a full data export within 30 days
Following export (or after 30 days if no export is requested), all personal data will be securely deleted within 90 days
Deletion includes database records, stored documents, backups, and audit logs (subject to any legal retention obligations)
The Firm may configure retention policies for completed matters within the platform (e.g. GDPR 6-year or SRA 6-year retention)
A certificate of destruction is available on request

10. Data Subject Rights

Azenteq will assist the Controller in responding to requests from data subjects exercising their rights under UK GDPR, including:

Right of access (Subject Access Requests)
Right to rectification
Right to erasure ("right to be forgotten")
Right to restriction of processing
Right to data portability
Right to object

The platform includes built-in tools for SAR management, data export, and client data deletion to support these obligations.

11. International Transfers

Primary data storage is in the UK (AWS eu-west-2, London) via Supabase
Where personal data is transferred outside the UK, appropriate safeguards are in place (UK International Data Transfer Agreement or UK Addendum to EU SCCs)
The Firm will be notified of any new international transfers and may object
AI processing (when enabled) may involve data transfer to the AI provider's infrastructure — details and transfer safeguards are documented in the AI Settings section

12. Audit Rights

The Controller may audit Azenteq's compliance with this DPA by:

Requesting written evidence of compliance measures
Conducting or commissioning an audit (with reasonable notice and during business hours)
Reviewing the platform's built-in audit log, which records all data access and modifications

Azenteq will cooperate with reasonable audit requests and provide access to relevant records and systems.

13. Duration and Termination

This DPA shall remain in effect for the duration of the LegalOS subscription and until all personal data has been deleted or returned in accordance with Section 9.

14. Governing Law

This DPA is governed by the laws of England and Wales and is subject to the exclusive jurisdiction of the courts of England and Wales.

15. Contact for Data Protection

Data Protection Officer: dpo@azenteq.com

Legal: legal@azenteq.com

Note: This DPA is a standard template provided for information purposes. It forms part of the binding Terms of Service once accepted during onboarding. For bespoke DPA requirements, please contact legal@azenteq.com.

1. Introduction

LegalOS is designed for SRA-regulated law firms and CLC-licensed conveyancers in England and Wales.

2. The Service

LegalOS provides:

Multi-portal case management (Mission Control, Firm Admin, Staff Workspace, Client Portal)
Workflow automation for 6 practice areas (18 matter types)
Document management with version control
KYC/AML compliance integration
Optional AI-assisted features (drafting, analysis, orchestration)
Electronic signature integration
Property search ordering
Client onboarding and communication

3. Subscription and Billing

LegalOS is offered on a monthly subscription basis
Pricing is per-module with optional add-on features
AI features are billed separately as premium add-ons with configurable spend caps
Trial periods (where offered) are specified at the point of sign-up
Invoices are issued on the 1st of each month, payable within 14 days
We reserve the right to adjust pricing with 30 days' written notice

4. Your Responsibilities

You are the data controller for all client data processed through LegalOS
You must ensure your use complies with SRA Standards and Regulations
You must maintain appropriate professional indemnity insurance
You are responsible for the accuracy of data entered into the system
You must not share login credentials between users
You must notify us promptly of any security incidents
AI-generated outputs must be reviewed by a qualified solicitor before use

5. Data Processing

We process data on your behalf in accordance with our Privacy Policy and any Data Processing Agreement (DPA) executed between us.

All data is stored in the UK (AWS eu-west-2, London)
Tenant isolation is enforced at the database level
We will not access your data except to provide the service, with your permission for support, or as required by law
On termination, we will export your data in a standard format within 30 days and delete it within 90 days (unless a legal hold applies)

6. AI Features Disclaimer

LegalOS includes optional AI-assisted features. These are subject to the following conditions:

AI outputs are suggestions only and must not be treated as legal advice
All AI-generated documents, analyses, and recommendations require review by a qualified solicitor
We do not guarantee the accuracy, completeness, or fitness for purpose of AI outputs
The Firm retains full professional responsibility for all work product, whether AI-assisted or not
AI features can be disabled at any time by the Firm Administrator
No client data is used to train or improve AI models

7. Service Availability

We target 99.9% uptime (excluding scheduled maintenance)
Scheduled maintenance windows will be communicated 48 hours in advance
We are not liable for downtime caused by third-party services (Supabase, Vercel, Clerk)
In the event of extended outage (>4 hours), affected firms will receive a pro-rata service credit

8. Intellectual Property

LegalOS and its source code are the intellectual property of Azenteq Ltd
Your data remains your property at all times
Templates and documents you create within LegalOS belong to your firm
You grant us a limited licence to process your data solely to provide the service

9. Limitation of Liability

To the maximum extent permitted by law:

Our total liability is limited to the fees paid by you in the 12 months preceding the claim
We are not liable for indirect, consequential, or special damages
We are not liable for losses arising from your reliance on AI-generated outputs without proper professional review
Nothing in these Terms excludes liability for death, personal injury, or fraud

10. Termination

Either party may terminate with 30 days' written notice
We may suspend access immediately for non-payment (after 14 days overdue)
We may terminate immediately for material breach of these Terms
On termination, we will provide a data export within 30 days
Accrued fees remain payable after termination

11. Governing Law

These Terms are governed by the laws of England and Wales. Disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

12. Contact

General: hello@azenteq.com

Legal: legal@azenteq.com

Support: support@azenteq.com

1. Parties

This Data Processing Agreement ("DPA") forms part of the Terms of Service between:

Data Controller: The law firm subscribing to LegalOS ("the Firm", "Controller")
Data Processor: Azenteq Ltd, registered in England and Wales ("Azenteq", "Processor")

The Firm determines the purposes and means of processing personal data. Azenteq processes personal data solely on the Firm's behalf and in accordance with the Firm's documented instructions.

2. Scope and Purpose of Processing

Azenteq processes personal data to provide the LegalOS legal case management platform, including:

Matter and case management (creation, tracking, workflow progression)
Client onboarding, identity verification, and KYC/AML compliance
Document storage, generation, and version control
Communication (email notifications, client correspondence)
Financial record-keeping (billing, SDLT calculations, fee estimates)
Optional AI-assisted analysis and document drafting
Audit logging for SRA compliance

3. Categories of Personal Data

The following categories of personal data may be processed through LegalOS:

Client identity data: Names, addresses, dates of birth, contact details
Financial data: Property values, mortgage details, fee ledgers, SDLT calculations
Legal case data: Matter details, instructions, correspondence, file notes
Identity verification data: ID document references, AML check results
Staff data: Firm employee names, roles, email addresses, activity logs
Communication records: Emails, client portal messages, document approvals

Special category data (e.g. health information in personal injury or family matters) may be processed where the Firm has obtained appropriate consent or legal basis.

4. Data Subjects

Personal data processed may relate to:

The Firm's clients and their related parties (joint purchasers, beneficiaries, etc.)
Opposing parties and their solicitors
The Firm's employees and staff
Third-party professionals (estate agents, mortgage brokers, surveyors)

5. Processor Obligations

Azenteq shall:

Process personal data only on documented instructions from the Controller, unless required by law
Ensure that all personnel with access to personal data are bound by confidentiality obligations
Implement appropriate technical and organisational security measures (see Section 6)
Not engage another processor without prior written authorisation from the Controller (see Section 7)
Assist the Controller in responding to data subject rights requests
Assist the Controller with data protection impact assessments where required
Delete or return all personal data on termination of the service (see Section 9)
Make available all information necessary to demonstrate compliance with Article 28 obligations
Allow for and contribute to audits conducted by the Controller or an appointed auditor

6. Security Measures

Azenteq implements the following technical and organisational measures to protect personal data:

Encryption at rest: All database storage is encrypted using AES-256
Encryption in transit: All data transmission uses TLS 1.2 or higher
Tenant isolation: Row-Level Security (RLS) policies enforce strict data separation between firms at the database level — data cannot cross tenant boundaries
Authentication: Multi-factor authentication support, session management via Clerk, role-based access control across four portal tiers
Audit logging: All sensitive operations (login, data access, modifications, Login As impersonation) are logged with timestamps and user identity
Access controls: Principle of least privilege — staff see only matters and data relevant to their role and department
Infrastructure: Hosted on Vercel (SOC 2 Type II compliant) with Supabase (SOC 2, ISO 27001) for database services
Vulnerability management: Regular dependency audits, automated security scanning
Incident response: Documented incident response procedures with defined escalation paths

7. Sub-Processors

The Controller authorises Azenteq to engage the following sub-processors. Azenteq will notify the Controller of any intended changes to sub-processors, giving reasonable opportunity to object.

Sub-Processor	Purpose	Location
Supabase (AWS)	Database hosting, authentication, storage	EU (London, eu-west-2)
Vercel	Application hosting, edge functions, CDN	Global (compute in EU)
Clerk	User authentication and session management	US (EU data residency available)
Resend	Transactional email delivery	US/EU
Stripe	Subscription billing and payment processing	EU
AI Provider (configurable)	Optional AI-assisted features (drafting, analysis)	Varies by provider
Sentry	Error monitoring and performance tracking	US/EU

8. Breach Notification

In the event of a personal data breach, Azenteq shall:

Notify the Controller without undue delay and in any event within 72 hours of becoming aware of the breach
Provide sufficient information to enable the Controller to fulfil its obligation to notify the ICO and affected data subjects where required
Include in the notification: the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed to address the breach
Cooperate with the Controller and take reasonable steps to assist in the investigation, mitigation, and remediation of the breach
Document all breaches, including facts, effects, and remedial action taken

9. Data Retention and Deletion

Personal data is retained for the duration of the subscription
On termination, the Firm may request a full data export within 30 days
Following export (or after 30 days if no export is requested), all personal data will be securely deleted within 90 days
Deletion includes database records, stored documents, backups, and audit logs (subject to any legal retention obligations)
The Firm may configure retention policies for completed matters within the platform (e.g. GDPR 6-year or SRA 6-year retention)
A certificate of destruction is available on request

10. Data Subject Rights

Azenteq will assist the Controller in responding to requests from data subjects exercising their rights under UK GDPR, including:

Right of access (Subject Access Requests)
Right to rectification
Right to erasure ("right to be forgotten")
Right to restriction of processing
Right to data portability
Right to object

The platform includes built-in tools for SAR management, data export, and client data deletion to support these obligations.

11. International Transfers

Primary data storage is in the UK (AWS eu-west-2, London) via Supabase
Where personal data is transferred outside the UK, appropriate safeguards are in place (UK International Data Transfer Agreement or UK Addendum to EU SCCs)
The Firm will be notified of any new international transfers and may object
AI processing (when enabled) may involve data transfer to the AI provider's infrastructure — details and transfer safeguards are documented in the AI Settings section

12. Audit Rights

The Controller may audit Azenteq's compliance with this DPA by:

Requesting written evidence of compliance measures
Conducting or commissioning an audit (with reasonable notice and during business hours)
Reviewing the platform's built-in audit log, which records all data access and modifications

Azenteq will cooperate with reasonable audit requests and provide access to relevant records and systems.

13. Duration and Termination

This DPA shall remain in effect for the duration of the LegalOS subscription and until all personal data has been deleted or returned in accordance with Section 9.

14. Governing Law

This DPA is governed by the laws of England and Wales and is subject to the exclusive jurisdiction of the courts of England and Wales.

15. Contact for Data Protection

Data Protection Officer: dpo@azenteq.com

Legal: legal@azenteq.com