What never leaves the building.
Data leaving your perimeter is a disqualifying risk.
We treat it that way. Threat model, controls, and what we refuse to do — written down.
Data leaving your perimeter is a disqualifying risk. We treat it that way. Abila is designed for firms whose default answer to "send the documents to the cloud" is no.
What never leaves the building
- DocumentsCAS storage on your filesystem; no third-party object store unless you choose one.
- PromptsAll LLM calls go to a server you operate. No vendor SDK is embedded.
- EmbeddingsComputed by an embedding server you run. Pinned per deployment.
- The audit logHash-chained in your Postgres. Verifiable offline with a CLI.
Masking won't save you.
The most common defence we hear for sending client data to cloud AI is "we redact the names, so it's safe." It is not.
- Documents identify, not names.Deal size, jurisdiction, sector, dates, witness, counterparty, verbatim clauses — all stay in the document. Aggregation re-identifies.
- Masking is one-sided.You can rename your client. You cannot rename the bank, the regulator, counsel, or the property at the address.
- Pseudonymisation isn't anonymisation.UK/EU GDPR Article 4 + Recital 26: tokenised data is still personal data. ICO and EDPB are explicit; obligations don't lift.
- The request itself is confidential."Redraft this clause" pastes the clause. Structure, redlines, edit sequence — the firm's work product, regardless of name.
- Privilege turns on disclosure.Voluntary third-party disclosure to a cloud vendor risks waiving legal professional privilege — anonymisation is not the test in many jurisdictions.
- No chain of custody."I masked it before pasting" is not a defensible record. There is no log of what left, when, or to which model version.
Threat model
| Actor | Capability | Mitigation |
|---|---|---|
| External attacker | Network probing, credential stuffing | Network isolation, rate limiting, strong auth |
| Compromised user account | Authenticated access within role | Matter-scoped access, audit logging, anomaly detection |
| Insider with DB access | Direct SQL | Audit log hash-chained and separately verifiable; sensitive fields encrypted |
| Compromised LLM or parser | Prompt injection via ingested document | Injection detection at ingest and query; quarantine; sanitization |
| Malicious document | Embedded exploit, XSS via rendered output | Content-type validation, no raw HTML from documents, sandboxed preview |
| Supply chain | Compromised Go dep, compromised model | Vendored deps, lock file, signed release artefacts, model hash pinning |
Controls
Network
Single bind port. TLS at the edge. Air-gap-capable.
Authn
Bcrypt, opaque sessions, CSRF, SSO (SAML + OIDC), TOTP.
Authz
Role × matter membership. Ethical walls enforced at two layers.
Audit
Hash-chained append-only log. Offline-verifiable CLI.
Prompt-injection
Ingest scan, query scan, retrieval-token delimiting, citation verification.
Secrets
AES-256-GCM at rest, redaction layer in logs, no secret in any system prompt.
What we refuse to do
- No outbound telemetry. No crash reporting, no analytics, no licence-check phone-home.
- No cloud-only features. Every feature works fully offline or is opt-in and off by default.
- No LLM-provided-data back-channel. The platform never sends user data to a hosted model on your behalf.
- No shared training. User data is never used to fine-tune a shared model.
- No automatic document sharing outside the deployment. Sharing is internal or via explicit export.
- No privileged backdoor accounts. Support accounts are customer-provisioned and customer-revokable.
- No wildcard CORS in production.
Compliance alignment
The platform aligns with — and supports the controls under — the following regimes. Certification is deployment-level: we align; you certify.
- UK GDPR / EU GDPR
- ISO/IEC 27001
- SOC 2 Type II
- HIPAA
- FCA / MAS / GFSC
- FATF AML / Sanctions
Pen-test posture
Expected to be pen-tested by every enterprise customer. OWASP Top 10 is the minimum
bar for every release. Security-relevant changes use a security(...) commit prefix and are called out in release notes.
Want our threat-model PDF?
One email — we'll send the latest threat model and most recent pen-test summary.