Skip to main content

We have rebranded from Iqidis — meet Irys. A new identity for the future of legal work.

Irys
Security

Data Residency

Definition

Data residency refers to the physical or geographic location where data is stored and processed. For law firms, data residency requirements may arise from client contracts, regulatory obligations, or firm policies that dictate that certain data must remain within specific geographic boundaries, such as within the United States or European Union.

Data residency is increasingly important as data protection regulations proliferate globally. The GDPR restricts transfers of personal data outside the EEA without adequate safeguards. Various national laws impose data localization requirements. Client engagement letters may specify where data can be stored. And some matters, particularly those involving government clients or classified information, have strict geographic restrictions on data handling.

For legal AI platforms, data residency involves multiple dimensions. The platform's primary data storage must be in the required geography. But AI processing also involves data movement: queries may be sent to AI model providers whose servers are in different locations. Backup and disaster recovery systems may replicate data across regions. Even temporary processing in an unauthorized geography could violate residency requirements.

Law firms evaluating AI platforms should examine the complete data flow, not just the primary storage location. Key questions include: where are the AI models hosted, where is data processed during inference, do backup systems replicate data across regions, and can the platform provide data residency guarantees that cover the entire processing pipeline, including third-party model providers.

How Irys approaches this

Irys provides transparency about data residency and processing locations, allowing firms to make informed decisions about compliance with geographic data restrictions.

Related terms

Security

GDPR for Legal AI

GDPR (General Data Protection Regulation) compliance for legal AI refers to the requirements that AI platforms must meet when processing personal data of individuals in the European Economic Area. For law firms with international clients or matters involving EU data subjects, GDPR imposes strict rules on how personal data is collected, processed, stored, and transferred through AI systems.

Security

Zero Data Retention

Zero data retention is a security policy in which an AI platform does not store user queries, uploaded documents, or generated outputs on its servers after processing is complete. For law firms, this policy ensures that confidential client information is not retained in third-party systems where it could be exposed through data breaches or used to train AI models.

Security

Tenant Isolation

Tenant isolation is a security architecture in which each customer's data is logically or physically separated from every other customer's data within a multi-tenant platform. In legal AI, tenant isolation ensures that one firm's confidential information, work product, and AI interactions are completely inaccessible to other firms using the same platform.

Security

SOC 2 for Legal AI

SOC 2 (System and Organization Controls 2) is an auditing framework developed by the AICPA that evaluates a service provider's controls for security, availability, processing integrity, confidentiality, and privacy. For legal AI platforms, SOC 2 compliance demonstrates that the vendor has implemented and maintained the security controls necessary to protect sensitive legal data.

Back to glossary

See Data Residency in action

Irys One brings research, drafting, and document intelligence together in one platform. Try it free for 14 days.

Try Irys free