Features AI Features Pricing About Contact Security
Register Free Sign In

Security & Compliance

Your Clients Trust You. We Protect That Trust.

Oberon is built on the same security standards used by leading financial institutions — because legal data demands nothing less. Every layer of our platform is designed to keep your clients’ information safe, compliant, and under your control.

256-bit AES Encryption GDPR Compliant Irish Data Residency SOC 2 Aligned

Security Overview

Defence in Depth Across Every Layer

Our security architecture follows a defence-in-depth approach, ensuring that no single point of failure can compromise your data.

Infrastructure Security

  • EU-based data centres with Irish data residency
  • Redundant architecture with automatic failover
  • DDoS protection and web application firewall
  • 24/7 infrastructure monitoring and alerting
  • 99.9% uptime SLA with real-time status page
  • Automated daily backups with point-in-time recovery

Application Security

  • TLS 1.3 encryption for all data in transit
  • OWASP Top 10 protection built into the platform
  • Regular penetration testing by independent auditors
  • Automated vulnerability scanning in CI/CD pipeline
  • Content Security Policy and security headers
  • Rate limiting and brute-force protection

Data Security

  • 256-bit AES encryption for all data at rest
  • Isolated tenant databases with strict access controls
  • Encrypted backups stored in geographically separate EU locations
  • Data retention policies aligned with legal requirements
  • Secure deletion with cryptographic verification
  • Field-level encryption for sensitive client data

Authentication & Access

Granular Control Over Who Sees What

Legal practice demands strict information barriers and access controls. Oberon provides enterprise-grade identity management that gives you complete control over who can access what — down to individual matter and document level.

  • Multi-factor authentication (MFA) with TOTP and SMS options
  • Role-based access control (RBAC) with customisable permission sets
  • Single Sign-On (SSO) via SAML 2.0 and OpenID Connect
  • Configurable session timeouts and IP-based restrictions
  • Password policies enforcing complexity, rotation, and breach detection
  • Ethical walls and matter-level information barriers
Access Control Panel
SM

Sarah McCarthy

Managing Partner

Full Access
JO

James O’Sullivan

Senior Solicitor

Case Team
EF

Emily Fitzpatrick

Trainee Solicitor

Restricted

Ethical wall active on Matter #4217 — 2 users excluded

GDPR & Data Protection

Full GDPR Compliance, Built In

Oberon is designed from the ground up to meet and exceed the requirements of the General Data Protection Regulation and the Irish Data Protection Act 2018.

Data Processing Agreements

Comprehensive DPAs available for all clients, clearly defining roles, responsibilities, and data processing activities in line with Article 28.

Right to Erasure

Built-in tools for data subject access requests (DSARs) and right to erasure, enabling your firm to respond within the required timeframes.

Records of Processing

Automated records of processing activities (ROPA) maintained within the platform, ensuring your Article 30 obligations are always met.

Breach Notification

Incident response procedures aligned with the 72-hour notification requirement under Article 33, with automated alerting and documentation.

Privacy by Design

Data minimisation, purpose limitation, and privacy-by-design principles are embedded into every feature we build, as required by Article 25.

Data Residency

All client data is processed and stored exclusively within the European Union, with primary data residency in Ireland. No data leaves the EU.

Audit Log — Matter #3892
2026-03-11 14:32 S. McCarthy uploaded lease_agreement_v3.pdf
2026-03-11 14:18 J. O’Sullivan added time entry 1.5hrs — Client conference
2026-03-11 11:45 E. Fitzpatrick updated status to In Progress
2026-03-11 09:12 System sent deadline reminder to assigned team
2026-03-10 16:50 S. McCarthy generated Invoice #INV-2026-0412

Showing 5 of 247 audit events · Tamper-proof log

Complete Audit Trail

Every Action Recorded. Every Change Tracked.

Oberon maintains a comprehensive, tamper-proof audit trail of every action taken within the platform. From document access and edits to billing changes and permission updates — nothing goes unrecorded.

  • Immutable audit logs that cannot be modified or deleted
  • User, timestamp, IP address, and action recorded for every event
  • Filterable and searchable audit reports for compliance reviews
  • Exportable logs for regulatory inspections and Law Society audits
  • Document version history with full change tracking

Legal Compliance

Built for Irish & UK Regulatory Requirements

Oberon is designed to help your firm meet its professional obligations in both Ireland and the United Kingdom.

Ireland

  • Law Society of Ireland

    Compliant with Solicitors Acts and Law Society practice regulations, including accounts regulations and professional conduct requirements.

  • Section 68 Letters

    Automated generation and tracking of Section 68 client care letters, ensuring compliance with disclosure obligations.

  • Anti-Money Laundering

    Built-in AML workflows aligned with the Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010–2021.

  • Data Protection Act 2018

    Full compliance with the Irish Data Protection Act 2018, implementing GDPR into Irish law, with DPC guidance followed.

United Kingdom

  • SRA Standards & Regulations

    Aligned with SRA Standards and Regulations, including the Code of Conduct for Solicitors and the SRA Accounts Rules 2019.

  • Client Care Requirements

    Automated client care letter generation and cost estimate tracking, helping you meet SRA transparency requirements.

  • UK GDPR & Data Protection Act 2018

    Full compliance with the UK GDPR and the UK Data Protection Act 2018, with ICO guidance integrated into platform workflows.

  • Money Laundering Regulations

    Compliance tools aligned with the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 (as amended).

AI Security

AI That Respects Confidentiality

Oberon’s AI features are designed with the same security-first approach as every other part of the platform. Your firm’s data is never used to train external models.

Private Environment

AI processing occurs within your firm’s isolated environment. Your data is never shared with other tenants or used for model training.

No Data Leakage

AI queries and responses are processed in-session and are not stored beyond the active session unless explicitly saved by the user.

Access-Aware AI

The AI respects all RBAC and ethical wall settings. Users can only query data they already have permission to access.

Audited AI Usage

Every AI interaction is logged in the audit trail, providing complete visibility into how AI is being used across your firm.

Firm-Level Controls

Administrators can enable or disable AI features globally or per user, and configure which data sources the AI can access.

Legal-Trained Models

Our AI is fine-tuned on legal best practices and jurisdictional knowledge for Ireland and the UK, delivering relevant and accurate outputs.

Certifications & Standards

Independently Verified Security

Our security posture is regularly assessed against internationally recognised frameworks and standards.

SOC 2

Type II Aligned

ISO 27001

Aligned

GDPR

Fully Compliant

Cyber Essentials

UK Certified

TLS 1.3

A+ SSL Rating

Pen Tested

Annually

Security Questions? We’re an Open Book.

Our team is happy to discuss our security architecture, compliance certifications, or data protection measures in detail. We can also provide our full security documentation upon request.

Contact Our Security Team Register Free