Security

The collecting and processing of consumer data is the responsibility of the organization(s) using the Alf platform. Alf guarantees the secure preservation of this data.

The data is stored and archived on Alf and is only accessible from the platform. The archiving time is to be defined by the organization according to its privacy policy and in compliance with the provisions of the GDPR.

Additionally, the data that the organization processes is the data required for the construction of legal dossiers, which may require special guarantees due to its particular sensitivity. Depending on the user authorizations, access to the information in the dossiers is limited (and defined upstream by the organization’s platform administrator). 

Alf guarantees the security of the data on its AWS servers and thanks to its certified partners.

Read more:

• Which features are available on Alf?
• How to access the Alf platform?

Every Alf customer can create dedicated, siloed spaces that can only be accessed by the people authorized to work on a particular project.

By default, these spaces are housed within your Alf platform, using servers based in the EU and has been designed from the ground up to be GDPR-compliant.

As an Alf customer, you can also choose the type of security and storage that works best for you:

• The standard SaaS option means that your platform is stored on shared cloud servers. Similar to other cloud software solutions such as Gmail or iCloud, data for all clients is maintained in shared databases and data stores; access restrictions for individual platforms and spaces within those platforms are ensured and enforced by our platform code.
• A private cloud, with your Alf platform being installed and run on its own dedicated cloud server system. Data for your platform is stored in its own database, kept completely separate from any other Alf customer platforms.
• A local storage solution, which functions like the private cloud, except that the Alf system is run on a server infrastructure provided and administered by you, the customer, not Alf.

Yes. Designed and built in Europe by experienced legal professionals who understand the importance of maintaining client trust, from the very beginning Alf has followed data security best practices and ensured that the platform is GDPR-compliant.

But Alf’s obsession with security doesn’t end there. As legal professionals ourselves, we know that in addition to GDPR-style privacy concerns, you also need to guarantee client confidentiality as well as various legal corporation requirements. That’s why we’ve built Alf to always keep in mind these overlapping levels of security: confidentiality, privacy, and regulations.

All your data is hosted exclusively on secure servers within the European Union, under the world’s strongest privacy regulations. ALF is fully GDPR compliant by design, ensuring your information never leaves Europe and remains subject to the highest data protection standards.

We understand the criticality of your legal data. ALF uses end-to-end encryption (at rest and in transit) combined with granular access controls and data tagging to give you full control over who can access your most sensitive files. In practice: even if data were intercepted, it would remain unreadable to anyone unauthorized.

We have a business continuity and disaster recovery plan in place, supported by redundant EU data centers and regular backups. This means your operations remain uninterrupted, and in the rare case of an incident, our systems are designed to restore services quickly with minimal disruption.

Yes. ALF is built for flexibility. Whether you prefer SaaS, private instance, or on-premise deployment, we adapt to your infrastructure and compliance needs. With custom data tagging and access rules, your LegalOps team can align security with your exact business requirements.