How Dezcry protects
your sensitive data

Dezcry is hosted on Microsoft Azure with production instances in Australia, France, Germany, and Switzerland. Additional regions can be deployed within 24 hours to meet data residency requirements.

AI inference runs on internal-only services that are not accessible from the public internet. All data stays within the region it is deployed to.

All data is encrypted in transit (TLS 1.2+) and at rest using platform-managed encryption keys. This covers uploaded files, processed outputs, database records, and all internal service-to-service communication. No data travels or sits unencrypted at any point.

Role-based access control (RBAC) governs every action in the platform. Assign users to roles that control who can upload, review, redact, classify, export, and administer. Restrict access at the matter level so teams only see what they need to.

Organisation owners manage invitations, role assignments, and removals. All access changes are logged in the audit trail.

Dezcry is built with forensic-grade traceability from the moment data enters the platform to the moment it leaves. Every document is hashed on upload (MD5 and SHA-256), and that hash is tracked throughout the entire lifecycle — ingestion, review, redaction, and export.

Every action is logged with timestamps, user attribution, and full context to produce a defensible, end-to-end audit trail:

• Document uploads with cryptographic hashes (MD5 + SHA-256) verified at each stage
• Ingestion, extraction, deduplication, and OCR processing events
• Reviewer decisions — classifications, tags, status changes, and who made them
• Every redaction action: applied, approved, rejected, or edited, with before/after state
• Export generation, download events, and what was included
• User login, role changes, and permission modifications

Audit records are retained alongside matter data and are included in export packages. When you hand over a disclosure, the full decision history travels with it — who reviewed what, what was redacted and why, and a cryptographic chain confirming document integrity from upload to export.

No document data is sent to third-party AI services. All AI processing — classification, redaction, chat, and summarisation — runs within the same Azure environment as your data.

AI is designed as a reviewer aid, not an autonomous system. The AI surfaces likely sensitive content; reviewers approve, reject, or edit every suggestion before it is applied. Every AI-generated suggestion and every reviewer decision is logged in the audit trail.

Your data is never used to train or improve models used by other customers.

Each organisation's data is fully isolated — documents, metadata, reviewer decisions, and audit logs are segregated at every layer. Cross-tenant data access is not possible.

For organisations that require it, dedicated infrastructure is available — fully separate compute, storage, and database resources in your preferred Azure region.

Infrastructure is deployed through automated pipelines with no manual intervention. Access to production systems is restricted to authorised personnel with role-scoped credentials.

The platform monitors its own health and automatically recovers from failures. Stalled processing jobs are detected and retried without operator involvement.

We are working toward formal SOC 2 Type II certification and are happy to discuss our security posture in detail during procurement conversations.

Dezcry runs as a managed cloud service on Azure with production instances in Australia, France, Germany, and Switzerland. For organisations with specific requirements:

• Additional regions — deployed within 24 hours to meet data residency needs
• Dedicated infrastructure — isolated compute, storage, and database for your organisation
• Customer tenancy — deploy Dezcry into your own Azure environment for full control