Useful Links
Share these with your team (or scan from print) for supporting detail.
Audit Trails
Every action is logged immutably. Full visibility for compliance reviews and regulatory inspections.
User actions
Who created the matter, sent the link, viewed results, and approved or escalated
Timestamps
UTC timestamps for every action, stored immutably
Verification events
Document uploads, biometric checks, AML screening, and outcome decisions
System events
API calls, integrations, and automated processing logs
Evidence Storage
Storage Details
- Location
- UK data centres only
- Encryption
- AES-256 at rest, TLS 1.3 in transit
- Retention
- 7 years from matter completion (configurable)
- Access
- Role-based access with full audit logging
Evidence Pack Contains
- Original ID document images
- Biometric photograph
- Liveness check recording (if applicable)
- AML screening results with source data
- Source of funds declaration and evidence
- Signed engagement terms
- Completed forms with timestamps
- Verification outcome and decision record
Ongoing Monitoring
Ongoing AML monitoring available as add-on
Responding to SRA Inspections
Everything you need to demonstrate compliance during an SRA visit.
Export evidence packs
Download PDF bundles per matter or in bulk. Each pack contains all verification documents and decision records.
Search and filter
Find matters by client name, date range, outcome, or risk level. Export filtered results.
Audit reports
Generate summary reports: verification volumes, pass/fail rates, escalation patterns, response times.
User activity logs
Full log of who accessed what, when, and what actions they took. Exportable per user or date range.
Data Access Controls
| Role | Permissions |
|---|---|
Administrator | Full access. Manage users, configure settings, view all matters. |
Fee-earner | Create matters, send verifications, view and approve results for assigned matters. |
View-only | View verification results. Cannot create matters or approve outcomes. |
Compliance | View all matters, access audit logs, export evidence packs, manage escalations. |
Technical Security
End-to-end encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256)
UK data residency
All data stored in UK-based data centres. No overseas processing.
GDPR compliant
Full data subject rights support. Data processing agreement available.
Two-factor authentication
Mandatory 2FA for all admin accounts. Optional for other roles.
Regular security audits
Annual penetration testing. SOC 2 Type II certification in progress.
Incident response
24-hour breach notification. Dedicated security response team.
Regulatory Alignment
| Body | Requirement | Status |
|---|---|---|
| SRA | AML Regulations compliance | Aligned |
| Companies House | Identity verification | Aligned |
| ICO | GDPR compliance | Compliant |
| NCSC | Cyber Essentials | Certified |
Questions?
Our compliance team is available to discuss your specific requirements.