Confidentiality isn’t a feature. It’s the foundation.
Law firms hold their clients’ most sensitive information — and the NCSC names the legal sector as a specific target. Fitzentic is engineered for that reality, aligned with SRA confidentiality duties, UK GDPR and NCSC guidance.
Tenant isolation
Every firm is a separate tenant, walled off at the database level with a global scope and row-level security. One firm can never reach another’s data. Enterprise firms can move to a fully dedicated database.
Granular permissions
A complete permission matrix — view, create, edit, delete, approve, export, admin — across every area. Access is least-privilege by default, and denied actions are logged.
Encryption everywhere
Data is encrypted in transit (TLS) and at rest. Documents are served only through signed, expiring, access-checked links — never public paths.
Append-only audit
Logins, document access, transfers, payments and permission changes are all recorded in an append-only log you can’t silently alter — a regulator-ready history.
Two-factor & sessions
TOTP two-factor authentication, session and device management, automatic logout on inactivity, and lockout after repeated failed logins.
UK data residency
Hosted in the UK with a clear data-residency story — important for confidentiality and for UK GDPR accountability.
Controlled support access
Even platform administrators cannot casually open client files. Support access is requested, justified, time-boxed and logged.
Backups & retention
Encrypted backups, per-matter retention schedules, and a controlled deletion process — so data is kept exactly as long as it should be.
Safe staff offboarding
When someone leaves, their access is revoked instantly and their matters are reassigned before they’re archived — closing the biggest confidentiality gap.
The data-protection principles, built into the product.
Lawfulness, fairness & transparency
Clear consent and client-care steps, with clients able to see how their matter is handled.
Purpose limitation
Data is captured against a matter for a defined reason — not collected “just in case”.
Data minimisation
Intake asks only for what the matter type actually needs.
Accuracy
Single client and matter records, with merge and update flows instead of duplicates.
Storage limitation
Per-matter retention schedules and a controlled deletion process.
Integrity & confidentiality
Encryption, permissions, tenant isolation and audit throughout.
A note on language: Fitzentic provides compliance support tools. They help your firm meet its obligations and keep the records a well-run firm needs — they don’t replace your professional judgement, and we don’t claim “automatic SRA compliance”.
Security questions before you commit?
We’re happy to walk your team or your IT lead through exactly how Fitzentic protects client data.