Aethis

Security & Compliance

Aethis is built for use in regulated legal environments. The platform is designed to handle sensitive personal data with care, restraint, and appropriate safeguards, with security and compliance treated as first principles from the outset.

Aethis is currently operating in pilot mode. Controls and processes are implemented proportionately to the stage of the platform and are being formalised as the system moves towards broader adoption.

Data protection

Aethis operates in accordance with UK GDPR and the Data Protection Act 2018.

  • Aethis acts as a data processor on behalf of solicitor firms
  • Personal data is processed solely for the purpose of preparing and reviewing immigration applications
  • Client data is not used to train general-purpose or external AI models

Data residency and international processing

Core application data and customer records are hosted in the United Kingdom.

Where third-party AI services are used, limited data may be processed outside the UK strictly for the purpose of providing AI inference. Such processing is transient and subject to appropriate contractual and regulatory safeguards.

Any international data processing is conducted in line with UK GDPR requirements, including the use of approved transfer mechanisms such as standard contractual clauses.

Infrastructure and service providers

Aethis is built on established cloud, identity, and AI service providers selected for their security posture, reliability, and suitability for regulated environments.

All third-party services are subject to contractual data protection obligations and are operated by providers with recognised security and compliance certifications appropriate to their role.

A current list of sub-processors and further details on data processing arrangements are available to firms on request.

Security controls

The platform implements a range of technical and organisational measures appropriate to its pilot stage, including:

  • Encryption in transit and at rest
  • Role-based access controls
  • Logical separation between client, firm, and system data
  • Managed authentication and identity controls
  • Audit logging for access and decision-related activity

Access to production systems is restricted and monitored.

Use of AI

Aethis is designed to support professional legal decision-making rather than replace it.

  • Client data is not used to train external AI models
  • Eligibility and workflow decisions are driven by formalised decision logic, supported by AI where appropriate
  • Outputs are explainable and reviewable by legal professionals

Pilot-stage operations

Aethis is currently operating a limited, invitation-only pilot with a small number of legal firms. During this phase:

  • Access is tightly controlled
  • Data volumes are intentionally limited
  • System changes are managed directly by the core engineering team
  • Security and compliance processes are refined in preparation for broader rollout

Compliance roadmap

As the platform matures, planned enhancements include:

  • Formal incident response and breach notification procedures
  • Encrypted backup and recovery processes
  • Expanded access controls and firm-level security policies
  • Formalisation of internal security documentation
  • Alignment with ISO/IEC 27001 controls as part of a structured security management programme
  • Progression towards SOC 2 compliance as the platform moves beyond pilot stage

Contact

For security, data protection, or compliance enquiries:

Contact security

We use Google Analytics cookies to understand how visitors use our site and improve our services.

Privacy Policy