Security and responsible AI are central to how MatterPilot is built — not an afterthought. This page sets out where your data lives, how it's processed, who can see it and how review stays with your people.
MatterPilot runs on enterprise Microsoft Azure infrastructure in the United Kingdom. Application, database, file storage and AI processing all live in UK regions.
Azure-hosted OpenAI processing
AI processing uses the Azure OpenAI service inside the same Microsoft enterprise environment — not the public consumer AI services.
No public AI model training
Client and matter data is not used to train public AI models. Your data is processed to produce your outputs — that's all.
Access control
Who can see what
Tenant separation
Every firm's data is scoped to that firm and the boundary is enforced in the data layer on every read and write — not just hidden in the interface.
Role-based permissions
Five roles from administrator to support staff decide who reaches each area, layered with per-user, per-module permission levels — read, write, full access or none.
Own-work scoping
Personal work like dictations is scoped to its owner. Multi-factor authentication is supported, and licensed seats control who can sign in at all.
Responsible AI
Human review, always
Every AI output in MatterPilot is draft or support material, visibly labelled as AI-assisted and requiring review. Extracted actions, dates and review flags carry the source wording they came from, uncertainty is flagged honestly, and nothing is sent, filed or acted on automatically. Users remain in control — the AI assists; your people decide.
Draft outputs only — no auto-sending, no auto-filing, no automated decisions.
Review prompts, not conclusions — flags ask a person to confirm; they never assert.
Platform-wide audit log — what happened, by whom and when, across every module.
Retention and deletion — data is kept in line with legal-sector retention expectations and deleted when it shouldn't be kept.
Due diligence
Supplier due diligence support
We expect scrutiny — from partners, compliance officers, insurers and your IT providers — and we support it. Our documentation pack includes the Data Protection & Security Overview, a Responsible AI Usage Policy for law firms, the sub-processor list and data processing documentation. Office add-ins and mobile access are on the roadmap and will go through the same security-first approach before release.