Security · Privacy · AI Governance

Trust, traceability and governance

Trust Center

How Arteclaw builds legal AI infrastructure: security, privacy, AI governance, subprocessors and regulatory roadmap in one place.

Security

Multi-layer architecture, MFA, RBAC, SIEM, incident response. Path to SOC 2 and ISO 27001 alignment.

View Security Framework

Privacy

Compliance with Ley 25.326 (AR), GDPR and CCPA. Configurable data residency. Built-in anonymization via Maskedata.

View Compliance Framework

AI Governance

Arteclaw framework: A0–A3 risk classification per system, public AI System Cards, human oversight, auditable logs.

See per-product classification

Arteclaw AI Governance Framework

Every ecosystem product has a risk classification and a public AI System Card. We classify by impact and autonomy, not by hype.

A0
Low risk

General assistance with no direct legal impact.

A1
Limited risk

Interactive or generative AI requiring transparency.

A2
Sensitive professional risk

May affect legal strategy, deadlines, contracts or sensitive data. Human review required.

A3
High regulatory risk

Employment, rights, automated decisions. No Arteclaw product operates in A3 today without mandatory human oversight.

AI System Cards — A2 Products

Each A2-classified product (sensitive professional risk) has a public card covering its scope, data processed, mandatory human controls and applicable regulatory frameworks.

AI System Card

LexiBot AI

Version: 2.0
Last updated: 2026-06-08
Risk classification
A2 — Sensitive professional risk
What it does
Semantic search over Argentine case law and regulations (CSJN, SAIJ, Infoleg, BORA). Judgment summaries. Case, deadline and fee management.
What it does NOT do
Does not replace professional legal judgment. No real-time Poder Judicial access. Does not draft final briefs.
Data processed
User text queries. Does not process third-party personal data beyond what the user includes in the query.
Models used
AnthropicOpenAI
Human controls
Advisory outputs; the professional validates before applying results. High-impact queries flagged for review.
Traceability
Citations include court, date and reference to the original fragment. Exportable session log.
Regulatory frameworks
Ley 25.326 (AR)AAIP Recom. 1/2024ABA Model Rules 1.1EU AI Act Art. 50
AI System Card

CaseLaw AI

Version: 1.5
Last updated: 2026-06-08
Risk classification
A2 — Sensitive professional risk
What it does
Argentine jurisprudence Knowledge Graph (CSJN, SAIJ, Infoleg, BORA, Senado, Diputados, INPI). Semantic and metadata search. Data engine for legal applications.
What it does NOT do
Does not provide binding legal advice. Not real-time. Data engine for other apps, not an end-user application.
Data processed
Public corpus of case law and regulations. Does not directly process end-user personal data.
Models used
Anthropic
Human controls
Interpretation and application of results is the responsibility of the professional or system consuming the API.
Traceability
Each result includes source, date, court/issuing body and origin URL when available.
Regulatory frameworks
Ley 25.326 (AR)AAIP Recom. 1/2024
AI System Card

Draftor AI

Version: 1.0
Last updated: 2026-06-08
Risk classification
A2 — Sensitive professional risk
What it does
AI-assisted legal document drafting. Studio Mode: template-based generation with custom rules and document evaluation against user-defined criteria.
What it does NOT do
Does not certify legal validity of generated documents. Does not sign documents. Requires professional review before use.
Data processed
Texts and documents uploaded by the user. Does not retain documents beyond the active session.
Models used
AnthropicOpenAIGoogle GeminiGroq
Human controls
Evaluation mode returns findings with severity level and text excerpt; the user decides what to accept. Professional review required before using any generated document.
Traceability
Generation log with model, provider and tokens consumed. Evaluations with findings cited by exact text excerpt.
Regulatory frameworks
Ley 25.326 (AR)GDPREU AI Act Art. 50
AI System Card

Maskedata AI

Version: 1.0
Last updated: 2026-06-08
Risk classification
A2 — Sensitive professional risk
What it does
Detection and replacement of personal data in documents before sharing or uploading to external tools.
What it does NOT do
Does not guarantee absolute detection in non-standard formats. Does not certify regulatory compliance. Does not analyze document legal content.
Data processed
Documents uploaded by the user. Anonymization processing is stateless — the document is not retained.
Models used
Anthropic
Human controls
Confidence score per detected entity; the user reviews and confirms before exporting the anonymized document.
Traceability
Report of detected entities with type, document position and confidence level per processing.
Regulatory frameworks
Ley 25.326 (AR)GDPRLGPD (BR)AAIP Recom. 1/2024
AI System Card

AgenticHub

Version: 1.0
Last updated: 2026-06-08
Risk classification
A2 — Sensitive professional risk
What it does
AI agent orchestration platform for multi-step legal domain workflows. Connects models, tools and data sources in configurable flows.
What it does NOT do
Does not operate without prior configuration. Does not produce legally valid documents autonomously. Does not automate decisions without human oversight defined in the workflow.
Data processed
Data consumed by the configured workflow — varies per specific use case.
Models used
AnthropicOpenAIGoogle Gemini
Human controls
Each workflow explicitly defines its human approval checkpoints. No supervision override by default.
Traceability
Execution log per workflow: steps, tools invoked, models used, duration and result per node.
Regulatory frameworks
Ley 25.326 (AR)EU AI Act Art. 13NIST AI RMF
AI System Card

ParlamentAI

Version: 1.0
Last updated: 2026-06-08
Risk classification
A2 — Sensitive professional risk
What it does
Legal research assistant for parliamentary advisors. Search over legislative corpus (HCDN, Senado) and national regulatory sources.
What it does NOT do
Does not formulate political positions. Does not represent official body positions. Does not replace the advisor's judgment.
Data processed
Text queries. Public legislative corpus. Access restricted to authorized organizational users.
Models used
Anthropic
Human controls
Outputs are research inputs; the final position is the advisor's responsibility.
Traceability
Citations with legislative body reference, period and URL when available.
Regulatory frameworks
Ley 25.326 (AR)AAIP Recom. 1/2024ABA Model Rules 1.1
AI System Card

LegalWiz

Version: 1.0
Last updated: 2026-06-08
Risk classification
A2 — Sensitive professional risk
What it does
Case, deadline, fee and contract management for Argentine law firms. AI assistant for search over the firm's own case files.
What it does NOT do
No direct Poder Judicial access. Does not provide binding legal advice. Does not replace certified accounting software.
Data processed
Case, client and document data uploaded by the firm. Stored with per-firm data isolation.
Models used
AnthropicOpenAI
Human controls
Advisory assistant, not execution; the attorney validates all actions on cases.
Traceability
AI query history per case and user. Exportable log.
Regulatory frameworks
Ley 25.326 (AR)AAIP Recom. 1/2024ABA Model Rules 1.1ABA Model Rules 5.3
AI System Card

PjnWiz

Version: 1.0
Last updated: 2026-06-08
Risk classification
A2 — Sensitive professional risk
What it does
Query and tracking of cases in Argentina's National Judiciary (PJN). Movement and deadline alerts.
What it does NOT do
Does not act on behalf of the user before the PJN. No access to reserved case files. Does not provide legal advice.
Data processed
Case numbers and PJN query results. Does not store case file content.
Models used
Anthropic
Human controls
All movement or deadline alerts require manual verification in the official PJN system.
Traceability
Query log with timestamp, case number and returned result.
Regulatory frameworks
Ley 25.326 (AR)ABA Model Rules 1.1
AI System Card

AudioWiz

Version: 1.0
Last updated: 2026-06-08
Risk classification
A2 — Sensitive professional risk
What it does
AI audio and video transcription. Supports uploaded files, direct URLs and YouTube captions. Multi-language.
What it does NOT do
Does not guarantee perfect transcription for low-quality audio. Does not interpret or analyze transcribed content. YouTube: only available when the video has existing captions.
Data processed
Audio/video files processed temporarily. Transcriptions persisted per user.
Models used
OpenAI (Whisper)Groq
Human controls
The user reviews the transcription before using it in legal or professional workflows.
Traceability
Each transcription records source, duration, model used, estimated cost and date.
Regulatory frameworks
Ley 25.326 (AR)GDPR

Subprocessors

External providers that process data to deliver the service. Any change is announced in advance to customers under contract.

Provider Purpose Region
OpenAI LLM (selected AI products) US
Anthropic LLM (selected AI products) US
Google Gemini LLM (selected AI products) US / EU
Groq Low-cost LLM (Llama models) US
Supabase Database + Auth + Storage EU / US (configurable)
Netlify Hosting + Edge Functions Global CDN
Azure Selected hosting + .NET services East US / Brazil South
MercadoPago Payment processing (via PayWiz) AR / LATAM

Updated: 2026-06-08. LLM models are not trained on customer data.

Compliance Roadmap

How we prepare for the regulatory frameworks relevant in the jurisdictions where we operate.

EU AI Act

Monitoring — A2/A3 readiness by 2026-08

EU
CA AB 2013 (Training Data Transparency)

Applies to GenAI vendors from 2026-01

California
AAIP — Responsible AI program

Aligned with AAIP guidelines (AR)

Argentina
CNV RG 1069/2025

Not applicable to current Arteclaw portfolio (RWA tokenization out of scope)

Argentina
PL 2338/2023

Tracking — Brazil horizontal AI law

Brazil

Responsible AI

  • We do not use AI for prohibited practices (harmful manipulation, social scoring, sensitive biometric inference).
  • Automatic risk classification per query in A2 systems: the risk level determines whether output is delivered directly, with a professional advisory notice, or escalated for review.
  • Automatic source verification: in legal research outputs, each reference is cross-checked against the retrieved corpus before inclusion in the response.
  • Cross-model review available on A2 platforms: outputs can undergo independent evaluation across models before final delivery.
  • Exportable auditable log per A2+ system. Each session records model, sources consulted and assigned risk level.

Security contact

Vulnerability reports, regulatory inquiries, DPO requests.

Contact the Trust team