Litigation-grade
security
Crimson is built with information security and data privacy at its core. Designed specifically for high-stakes litigation, Crimson ensures your case files remain confidential and secure at all times.
99.9%
Uptime SLA
0
Data breaches
24/7
Monitoring
Certifications & standards
We maintain rigorous compliance standards to protect your most sensitive data.
SOC 2 Type II
Attested
AttestedIndependently audited and attested for security, availability, and confidentiality controls.
GDPR
Compliant
CompliantFull compliance with EU and UK data protection regulations, including data subject rights.
Pen Testing
Annual
AnnualAnnual third-party penetration testing to identify and address vulnerabilities.
Built for the most sensitive cases
Crimson is designed with enterprise-grade security at its core, for disputes where data sensitivity is paramount.
SOC 2 Type II Audited
Crimson meets rigorous security standards verified by independent auditors.
GDPR Compliant
Crimson fully adheres to GDPR data privacy and processing requirements.
Strict Data Isolation
Each customer's data is stored in its own secure, ring-fenced environment.
No Model Training
Customer data is never logged, stored or used for external AI model training.
Flexible Data Residency
Customers retain full control over where their data is hosted.
Encrypted SSO
Users access Crimson securely with single sign‑on via Microsoft Entra ID and AES‑256 encryption.
Engineered for secure litigation
Crimson was built from the ground up with the needs of disputes teams in mind. From its architecture to its user interface, every component has been designed to minimise risk, protect confidentiality and preserve privilege.
End-to-End Encryption
All data is encrypted in transit with TLS 1.2+ and at rest with AES-256 encryption.
Zero Data Retention
We offer zero data retention by our AI providers, with an exemption from anti-abuse monitoring to ensure no human review.
Continuous Monitoring
24/7 security monitoring with automated threat detection, logging and real-time alerting.
Secure Access Controls
Role-based permissions, multi-factor authentication and SSO integration via Microsoft Entra ID.
Security documentation
Crimson maintains a dedicated Security Portal, reviewed regularly by our security and compliance provider, and provides a comprehensive overview of how we manage risk across the organisation.
Security Portal
Access comprehensive security documentation, audit reports, and compliance certifications to verify our commitment to protecting your data.
Read moreCertifications & Policies
Download policy documents including our Audit Log Management Policy, Data Retention Policy and Incident Response Plan.
Read moreControls & Procedures
Review our security controls, access management procedures, and operational safeguards designed to protect your data.
Read moreFrequently Asked Questions
01Does Crimson use client data to train its AI models?
No. Crimson does not use client data to train models for any third party. All AI processing takes place in a secure environment within Microsoft Azure, and any output improvements are limited to each customer's own use.
02Is client data ever shared between law firms or customers?
No. Each customer's data is logically and operationally isolated. There is no pooling, cross‑training or shared access between law firms, and Crimson does not aggregate or analyse data across customers.
03Does Crimson meet SOC 2 Type II standards?
Yes. Crimson's SOC 2 Type II report with no exceptions demonstrates our commitment to best practices in security, reliability and privacy. Independent auditors regularly review our policies, processes and systems over an extended period.
04Is Crimson GDPR‑compliant?
Yes. Crimson is fully compliant with UK GDPR and follows strict data minimisation, purpose limitation and lawful processing principles.
05Where is our data stored?
Customers have full control over data residency and can choose their preferred Microsoft Azure region for data storage, including the UK, US, EEA and Australia.
Review our
security posture
Access our SOC 2 report, security architecture overview, and compliance certifications through our Security Portal.