Security at
Magic Circle.

How we protect sensitive document workflows — isolation, encryption, access control, and auditability designed for legal and advisory teams.

Contact securityRead privacy policy
Tenant
Per-org isolation
AES-256
Encryption at rest
TLS 1.2+
Encryption in transit
Audit
Logs on every action

Four pillars of trust

Protection at every layer.

01

Tenant isolation

Every organization operates in its own logical tenant with strict boundaries on data, models, and configuration.

  • Data scoped to the organization
  • No cross-tenant model sharing
  • Per-tenant secrets and key rotation
02

Encryption everywhere

Documents and metadata are encrypted in transit and at rest, with application-layer encryption on sensitive fields.

  • TLS 1.2+ for all traffic
  • AES-256 at rest in managed cloud storage
  • Field-level encryption with rotating keys
03

Access control

Role-based access, SSO, and granular permissions ensure that only the right people see the right matter.

  • Roles: user · manager · admin
  • SSO and 2FA available on Firm & Enterprise
  • Per-project sharing scoped to colleagues
04

Auditability

Every meaningful action — uploads, agent runs, exports — is logged with a tamper-evident trail.

  • Audit log export on Firm & Enterprise
  • Citations track which document produced each answer
  • Admin views for review and incident response

Operating principles

How the team runs Magic Circle day to day.

01

Not training data

Customer content is never used to train shared models. Models run scoped to your tenant.

02

Least privilege

Internal access to customer environments requires explicit approval and is logged.

03

Vendor diligence

We assess and document every subprocessor handling customer data and review them periodically.

04

Incident response

Documented response procedures with customer notification timelines aligned to contractual commitments.

Deployment options

Pick the model that fits your firm.

Managed cloud

Default option. We operate and patch the infrastructure; your tenant remains isolated.

Private cloud

Run Magic Circle in your AWS, Azure, or GCP tenant. Available on Firm & Enterprise.

On-premises

Fully on-prem and air-gapped deployments for firms with strict data-residency requirements.

Need a security review?

We share security documentation, subprocessor lists, and answer enterprise security questionnaires for prospective customers.

Contact securityRead privacy policy