# Understanding Data Security and Compliance in Vincent Studio ### Summary Vincent Studio protects your data through per-customer encryption, strict data isolation, and configurable retention policies. Critically, your firm's data is **never** used to train or improve the foundational AI models. ### Why This is Important Understanding these security measures allows you to use Studio with confidence, knowing your sensitive legal information is protected and that you can meet your firm's compliance and client confidentiality obligations. This article provides the key details you need to trust our **AI legal workflow automation** with your data. ### Our Core Security and Compliance Framework vLex implements comprehensive, multi-layered security measures to protect your sensitive legal information within Vincent Studio. #### 1. Encryption: In Transit and At Rest All data your organization submits to Vincent Studio undergoes encryption using a per-customer master key. This ensures that only authorized users within your organization can access your workflow content and outputs. This encryption is applied to both data in transit (as it travels over the internet) and data at rest (as it is stored on our servers). #### 2. Data Isolation and AI Model Training This is the most critical principle of our data handling policy: * **Your Data is Never Used for Training:** Customer data, especially Personally Identifiable Information (PII) or Protected Health Information (PHI), **never** trains or improves the foundational AI models (e.g., GPT, Claude). Your data is used exclusively to process your request in real-time and is not retained by the model providers. * **Strict Data Isolation:** Your data is kept logically separate and secure, accessible only to your authorized users. #### 3. Compliance and Data Residency Vincent Studio is built on an infrastructure designed to meet stringent legal industry standards. * **Configurable Data Residency:** Your organization can restrict data processing to specific geographic regions (US or EU/Ireland) to comply with regulatory requirements like GDPR. * **Certified Infrastructure:** The platform operates on an AWS infrastructure that is ISO 27001 and SOC II certified. #### 4. Data Retention and Archival You have control over how long your data is stored. * **Configurable Retention:** While the default data retention period for conversations is one year, your organization can configure shorter or longer periods based on your firm's policies. * **Automatic Deletion:** Once the retention period expires, data is automatically and permanently deleted. {% hint style="warning" %} **Note on Workflow Assets:** Documents you upload as **Workflow Assets** are considered part of the workflow's permanent structure. They exist **outside** the standard conversation retention policy and will persist until the workflow is manually deleted. **Do not include sensitive or client-specific information in a Workflow Asset** unless it is intended to be a permanent part of that tool. {% endhint %} ### Best Practices & Pro Tips * **Treat Workflow Assets Like a Template:** Before uploading a document as a Workflow Asset, always scrub it of any client names, case numbers, or other sensitive information. The asset should contain your firm's *process* or *rules*, not specific case data. * **Align Retention with Firm Policy:** Work with your firm's administrator to ensure your organization's data retention settings in vLex align with your internal governance and compliance policies. ### Related Articles * [Workflow Governance: Quality Control and Lifecycle Management](/vincent-by-vlex-1/vincent-studio/vincent-studio-advanced-techniques-and-best-practices/workflow-governance-quality-control-and-lifecycle-management.md) * [Automate Repetitive Legal Work with Vincent Studio](/vincent-by-vlex-1/vincent-studio/getting-started-with-vincent-studio-workflows/automate-repetitive-legal-work-with-vincent-studio.md) ### Unlock the Power of Legal Automation Ready to see how Vincent Studio can transform your firm's efficiency? [**Contact our sales team for a personalized demo today.**](https://vlex.com/book-a-demo?utm_source=website\&utm_medium=organic\&utm_campaign=web_trial_homepage\&campaign_id=4270741) **What's Your Next Step?** | **New to Vincent Studio?** | **Already a Vincent Studio Customer?** | | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | | [See how Vincent can transform your practice. **Request a personalized demo**.](https://vlex.com/book-a-demo?utm_source=website\&utm_medium=organic\&utm_campaign=web_trial_homepage\&campaign_id=4270741) | [If you still have questions or need help with a specific feature, our team is here to assist. **Contact our Support team**.](https://vlex.com/contact-us) | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://support.vlex.com/vincent-by-vlex-1/vincent-studio/security-privacy-and-compliance/understanding-data-security-and-compliance-in-vincent-studio.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.