Data Protection & Security Overview

MatterPilot — secure AI productivity for law firms. Last reviewed: 9 July 2026.

This document explains how MatterPilot handles law firm data. It is written for the people who review suppliers — data protection officers, COLPs, practice managers and IT providers — and it describes what the platform actually does today, not an aspiration. If your review needs something this document doesn't cover, ask us via the supplier information request on our website and we will answer directly.

1. What MatterPilot is

MatterPilot is a legal productivity platform that turns dictation, meetings, phone calls and documents into structured, reviewable outputs. It is operated by Document Scan Ltd, built in the UK, and designed for small and medium-sized UK law firms. Every AI-generated output in the platform is draft material: it is presented for human review before use, and the review states are tracked in the product.

2. Hosting and data residency

  • The platform is hosted on Microsoft Azure in the United Kingdom.
  • Application data is stored in Azure SQL Database; audio recordings, documents and generated files are stored in Azure Storage — all within UK regions.
  • AI processing uses Azure-hosted services in the United Kingdom: Azure AI Speech for transcription and the Azure OpenAI Service for text analysis and drafting.

3. AI processing — the part firms ask about most

  • No public AI model training. Client and matter data processed by MatterPilot is not used to train public AI models. AI processing runs through Azure-hosted services under Microsoft's enterprise terms; prompts and outputs are not used by Microsoft to train foundation models, and nothing is sent to consumer AI tools.
  • Platform-owned deployments. Transcription and text analysis run against deployments MatterPilot operates in its own Azure subscription — firm data is not routed through third-party AI intermediaries.
  • Human review is structural, not advisory. Outputs (transcripts, file notes, summaries, draft letters and emails, action lists) carry review states in the product. The platform's positioning is deliberate: AI produces the draft, a person signs it off.
  • Document processing stays in-process. Document conversion, comparison, bundling and text extraction run inside the platform's own application code using licensed components — documents are not sent to external conversion services.

4. Tenant separation

MatterPilot is multi-tenant with firm-level separation enforced in the data layer. Every read and write of business data carries the acting firm's identity as a predicate inside the database's stored procedures — not just in application code — so one firm's users cannot reach another firm's records. User-scoped records (for example a fee earner's dictations) additionally carry owner-level checks. State-changing operations are written as compare-and-swap updates so concurrent actions cannot bypass the checks.

5. Access control

  • No self-registration. Accounts are created only by administrators — platform operators create firm administrators, and firm administrators create their own users. There is no public sign-up.
  • Role-based access. Five roles (from platform administrator to support staff) gate every area of the product, enforced server-side.
  • Per-user module permissions. Firms can refine access below the role level, from full access down to read-only or denied per module per person.
  • Seat licensing. Users sign in only while they hold a licensed seat; a user without a seat is refused at login.
  • Multi-factor authentication is available to all accounts, with administrator-managed reset.

6. Encryption

Data in transit is protected with TLS. Data at rest is encrypted by the Azure platform services that store it (Azure SQL Database and Azure Storage encryption at rest).

7. Auditability

The platform keeps a platform-wide audit log of significant actions — record creation and changes, module activity, administrative actions — attributable to the acting user and firm. Firm-level adoption and usage information visible to firm administrators is drawn from the same audit trail.

8. Retention and deletion

Retention is handled per workflow, reflecting how firms actually work rather than a single blanket rule:

  • Call recordings are subject to per-firm retention policies configured in the product.
  • Client file-sharing links (secure exchange) expire automatically, carry unlock limits, and can be revoked at any time — revocation cuts existing download sessions.
  • Closed-file records support review dates computed from each record's retention period, with a controlled destruction workflow.
  • Dictations are archived automatically after their working life.
  • Records elsewhere in the platform are created, amended and deleted under the firm's own control through the product's role-gated interfaces.

9. Secure client file exchange

Where firms share files with clients through MatterPilot, recipients use time-limited links protected by passwords, with capped unlock attempts and full revocation. Unavailable links reveal nothing about whether a link ever existed.

10. Operational security

  • Configuration secrets (connection strings, keys, seed credentials) live in managed secret stores, never in source code.
  • The public marketing website is architecturally separated from tenant data: its pages cannot read firm or client records.
  • Platform operator accounts are limited, named, and excluded from firm-level data entry paths; administrative consoles enforce their scope server-side.

11. Sub-processors

MatterPilot's sub-processor list is deliberately short — Microsoft Azure services in the United Kingdom — and is published separately as the Sub-processor List, alongside this document. We do not use third-party email marketing, analytics or AI intermediaries in the processing of firm data.

12. Supplier due diligence

We expect to be reviewed and we support it: this overview, the Sub-processor List, our Responsible AI Usage Policy template and a template Data Processing Agreement are all published on our website, and we will complete firm or insurer questionnaires on request.


Questions about anything in this document can be sent via the demo or supplier-information forms at matterpilot.ai — we will only use your details to respond to your enquiry.

This document is also available as a PDF download for your firm's due-diligence records — the page and the PDF are generated from the same source.