Confidentiality is the foundation.
Nomoaxis is engineered around legal confidentiality — from the encryption scheme to the audit chain to where the servers live.
XChaCha20-Poly1305
Encryption for documents, matter discussions, time-entry notes, AI messages and metadata at rest. Encryption and decryption occur client-side only — plaintext keys never reach the server.
Role-based permissions
Roles mapped to firm hierarchy — partners, associates, paralegals, support — enforced server-side.
Mandatory MFA
TOTP enrollment with a recovery phrase, enforced before owner sessions can act.
AAL2 for sensitive actions
Billing, key rotation, and member changes require a fresh re-authentication — never just a stale cookie.
Tamper-evident audit log
Every action signed and chained. Export verifiable trails for any investigation or DSAR.
Article 15 & 17 tooling
Built-in client data export and erasure workflows — one click, fully audited.
Secure document storage
Versioned, encrypted, and bound to the matter. Nothing leaks across engagements.
Matter-level access
Access scoped per matter and enforced server-side — cross-matter reads are blocked at the data layer, not just the UI.
EU data residency
Hosted exclusively in the European Union. No data leaves the bloc.
GDPR native
DSAR workflows, data minimization, and retention policies built in.
Zero third-party tracking
No marketing pixels, no behavioral analytics on client data.
Built and operated to professional standards.
Internal access
Least-privilege roles, mandatory MFA, peer-reviewed deploys, and continuous vulnerability scanning.
Encryption in motion & at rest
TLS 1.3 in transit, XChaCha20-Poly1305 at rest. Keys live in a hardware-backed KMS hosted in the EU.
Backups & recovery
Encrypted, geo-distributed within the EU, and exercised through scheduled recovery drills. Retention is per-firm.
Run your firm smarter.
Manage legal work, collaborate securely, and gain complete visibility into your firm's operations.