Lex HR is built for organisations handling sensitive HR and employment data. Security and data protection are embedded into the design, operation, and governance of the platform.
This page outlines our approach to data protection roles, hosting, encryption, security controls, and third-party involvement.
1. Data Protection Roles
Lex HR operates under UK GDPR with clearly defined responsibilities.
Customers act as the Data Controller for all HR and employment data they choose to upload or process using the platform.
Lex HR acts as a Data Processor in respect of customer HR data, processing personal data solely on the customer’s documented instructions.
Lex HR acts as a Data Controller only for its own operational data, including account administration, billing, service communications, and support interactions.
Lex HR does not determine the purpose or use of customer HR data and does not reuse customer content for its own purposes.
2. Regulatory Registration
Solicitech Ltd (trading as Lex HR) is registered with the UK Information Commissioner’s Office (ICO) in respect of its Data Controller obligations for business operations.
ICO Registration reference: ZC088320
3. Information Security Certification
Lex HR is ISO/IEC 27001 certified, confirming that we operate a formally audited Information Security Management System (ISMS).
Our ISMS covers, among other areas:
Information security risk assessment and treatment
Access control and authentication
Cryptographic controls
Supplier and third-party management
Incident management and escalation
Business continuity and resilience
Certification is independently audited and maintained through ongoing surveillance audits.
4. Hosting & Infrastructure
Lex HR is hosted exclusively in the United Kingdom using Microsoft Azure cloud infrastructure.
All production systems are deployed within UK Azure regions, ensuring UK data residency.
Key hosting principles include:
UK-based hosting and processing
Hardened virtual machines
Secure network segmentation and firewalling
Continuous monitoring and security logging
Microsoft Azure provides the underlying cloud infrastructure. Lex HR remains responsible for application-level security, access controls, and data protection.
5. Data Encryption & Security Controls
Lex HR applies appropriate technical and organisational measures to protect data against unauthorised access, alteration, or disclosure.
Data in Transit
All platform traffic is protected using industry-standard encryption (TLS 1.2 or higher)
HTTPS is enforced across all services
Data at Rest
Customer data is stored on encrypted storage volumes
Encryption is applied in line with ISO 27001 cryptographic control requirements
Access to encrypted data is restricted and role-based
Security controls are reviewed regularly as part of our ISMS.
6. Data Transfers & Sub-Processors
Lex HR minimises data transfers and applies strict controls over third-party involvement in service delivery.
Primary processing of customer HR data occurs exclusively within the United Kingdom.
Where third-party sub-processors are engaged to support the platform (for example, infrastructure or specialist technical services), they are subject to:
Appropriate due diligence and supplier risk assessment
Contractual confidentiality and data protection obligations
Proportionate, role-based access controls
Ongoing security and compliance oversight
Lex HR does not routinely transfer customer HR data outside the UK. Any access to systems is limited to what is necessary for service operation and support, is logged, and is subject to UK GDPR-aligned safeguards.
Information about current sub-processors can be provided as part of supplier due-diligence discussions.
7. AI Use & Data Safeguards
Customer data processed within Lex HR is not used to train public or third-party AI models.
Customer content remains isolated to the relevant account and is processed solely to provide the requested service.
8. Incident Management
Lex HR maintains documented procedures for identifying, managing, and responding to security incidents.
Any personal data breach would be assessed and handled in accordance with UK GDPR requirements, including notification obligations where applicable.
9. Further Information
Lex HR supports customer and procurement due-diligence processes and can provide relevant assurance information where appropriate.
If you have specific information security or data protection requirements, please contact us at support@lexhr.ai to discuss them