Privacy PolicySecurity

Security

Last updated 18 March 2026

Security posture

Tilt Legal takes a security-first approach to designing, delivering, and operating systems for legal work.

We are ISO 27001 certified. The exact controls used in a given environment depend on the product, client requirements, data sensitivity, and operational context.

This page describes our general approach to security. Product-specific security documentation — including the Mobius Security Addendum — is available on request. Detailed security obligations are addressed in client agreements.

Access and identity

We design access around role, responsibility, and operational need. That generally means limiting access to the people and systems that need it, and reviewing that access as environments and responsibilities change.

Infrastructure and data handling

We choose infrastructure and operational patterns with reliability, confidentiality, and auditability in mind.

That includes attention to environment separation, data handling boundaries, logging, and the way sensitive material moves through systems and workflows.

Delivery and change management

Security is part of delivery, not something added at the end. We build with change discipline, documented implementation choices, and controls that reflect how the system will actually be used in practice.

  • Scoped changes with clear ownership.
  • Review before release.
  • Attention to rollback, recovery, and operational continuity.
  • Adaptation to client governance and risk settings where required.

Vendors and integrations

Where third-party services or integrations are involved, we consider their role in the overall risk profile and assess whether they are appropriate for the intended use.

The controls around those services depend on the system, the integration path, and any client-specific requirements that apply.

Incident handling and contact

If a security issue is identified, we work through containment, investigation, remediation, and communication in a structured way.

For security enquiries, diligence requests, or implementation-specific questions, contact Tilt Legal and we will route the request to the appropriate person.