Compliance, honestly stated.

JudicialMind does not currently hold SOC 2, ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 42001 or equivalent third-party certifications. We align our practices to the principles those frameworks describe, and we plan to pursue formal attestations as the company matures.

We prefer to earn trust by being clear about what is in place today and by documenting what we do, rather than by leaning on logos we have not yet earned.

We operate under a written Data Processing Addendum with our customers. Where GDPR, UK GDPR, CCPA/CPRA, India's DPDP Act, LGPD or similar regimes apply, our DPA incorporates appropriate terms - including the EU Standard Contractual Clauses and the UK International Data Transfer Agreement for cross-border transfers.

We do not sell personal data and do not share personal data for cross-context behavioural advertising. Customer Content is not used to train shared or foundation models.

Full details are in our Privacy Policy.

Our customers include law firms, in-house legal teams and regulated businesses whose own obligations can include HIPAA, financial-services regulation, public-sector rules and sector-specific regimes. The platform is designed so customers can meet those obligations on top of it - through configurable access controls, audit, retention, regional processing where available and tenant-level policies.

We do not claim that JudicialMind is HIPAA-certified, FedRAMP-authorised or subject to similar programmes today. Where a customer needs contractual commitments (for example, a Business Associate Agreement) we are willing to discuss what is feasible given our current programme.

JudicialMind is designed around the principles most bars and regulators articulate for AI in legal practice: supervision by licensed counsel, verification of outputs, protection of confidentiality, competence in the technology being used, and candour to tribunals and clients.

We provide tooling that supports those duties - citation anchoring, uncertainty signalling, audit trails, approval gates, ethical-wall enforcement at retrieval and generation, client-scoped policies and scoped retention. The duty of compliance remains with the user and their firm; our job is to make it tractable.

Customers can enforce client-specific AI-use requirements (data handling, disclosure, model use, retention) set in outside-counsel guidelines or internal policies.

We track emerging AI-governance frameworks - the EU AI Act, the NIST AI Risk Management Framework, ISO/IEC 42001, India's evolving guidance, and jurisdiction-specific legal-AI rules - and evolve our practices accordingly.

Our operating approach is practical: grounded outputs with citations, explicit uncertainty where the law or record is thin, human-in-the-loop gates on material work product, logged and auditable reasoning paths, and documented model and data-handling practices shared with customers under NDA.

We invoke third-party models only under no-retention and no-training terms where the provider supports them, and we document invocations in tenant audit logs.

Under NDA we can share our current architecture overview, data-handling descriptions, subprocessor list, security practices summary and DPIA-support materials with customers evaluating JudicialMind.

We respond to reasonable security and compliance questionnaires directly and will tell you honestly when a control is not yet in place, rather than claim otherwise.

Our programme roadmap prioritises foundational controls first (identity, access, logging, tenancy, encryption and incident response), followed by independent attestations as scope and maturity justify them. We will update this page as milestones are achieved. We will not retroactively imply a certification existed before it did.

For compliance questions, questionnaires and procurement due diligence, write to compliance@judicialmind.ai. For privacy and DPA enquiries, write to privacy@judicialmind.ai. For security incidents and responsible disclosure, write to security@judicialmind.ai. The operating entity is QuantumShell Intelligence Private Limited.