DEPLOYMENT

Managed cloud, or entirely your own. The firm chooses.

LegalAI Space is offered two ways: a managed cloud platform we run for you, and a self-hosted platform that runs inside your own tenant. The product is the same; where it lives is your decision.

Runs in your tenant or VPCData never leavesYour keys, your MCP endpointsThe same governance and audit record

Grounded inBAILIIlegislation.gov.ukEUR-LexHUDOCCURIACourts.ie

Two ways to run it

Cloud or self-hosted. The same platform, the same governance.

Most firms start on the managed cloud. Firms with strict data-residency, information-governance or sovereignty requirements run the whole thing inside their own perimeter. Either way, you get governed agents — and a signed record of every step.

Managed cloud

We run it. You start this week.

The fastest way to put governed agents in front of fee earners, on infrastructure we operate to UK residency.

Who it suits

Firms that want the platform live without standing up infrastructure of their own.

Hosted on UK infrastructure, with EU regions for EU data.
We handle upgrades, patching, scaling and uptime.
Connects to your document systems through your own firm-held MCP endpoints — we never hold the credential.
Same governance: pre-run guardrails, re-fetched citations, every output a draft, a signed audit record.
Onboarding measured in days, not a procurement cycle.

Self-hosted

It runs in your tenant. Data never leaves.

The whole platform deployed inside your own cloud or on-premise estate, under your security perimeter and your keys.

Who it suits

Firms with data-residency, information-governance or sovereignty requirements that rule out a shared platform.

Deployed into your Azure, AWS or on-premise tenant — your VPC, your boundary.
Prompts, matter data and documents stay inside your perimeter and never reach us.
Your own model providers, bring-your-own-key: Azure OpenAI, Anthropic, or a local endpoint.
Your own MCP endpoints to iManage, NetDocuments and the Microsoft estate.
Identical governance and audit record — built in your tenant, owned by you.

Who it's for

When the data is not allowed to leave the firm.

Self-hosting exists for the firms that cannot answer a residency or confidentiality question with a processor's promise. If any of these describe your obligations, the platform belongs inside your boundary.

Data-residency obligations

A client mandate or a regulatory regime that says firm and matter data must stay in a named jurisdiction, on infrastructure you can point to. Self-hosting lets you answer that question with a location, not a policy.

Information-governance regimes

An IG framework that treats client confidentiality as non-negotiable and will not sign off on data leaving the firm's control, even to a UK-resident processor. The platform runs where your IG team already has oversight.

Sovereignty and sensitive work

Government, defence, regulated finance or other work where the firm — or its clients — require the whole stack to sit inside their own perimeter, with no third party in the data path.

What you get

The whole platform, behind your own perimeter.

Self-hosting is not a stripped-down build. It is the full platform — every agent, every guardrail, the entire audit record — running where you can see it, under controls you own.

Runs in your tenant or VPC

The full platform is deployed into your Azure, AWS or on-premise estate. It sits inside your network boundary, under your security perimeter and your controls — not ours.

Your own MCP endpoints

Document access runs through your firm's own connectors — CloudiManage MCP for iManage, ndMAX MCP for NetDocuments, Microsoft Work IQ for the Microsoft estate. The connection is yours; we never hold the credential.

Data never leaves

Prompts, matter context, retrieved documents and generated drafts stay inside your perimeter. Nothing is copied to a shared index and nothing is sent back to us — there is no payload data in our direction at all.

Bring your own model keys

Point the platform at your own Azure OpenAI resource, your Anthropic enterprise agreement, or a local OpenAI-compatible endpoint. Your inference, your contract, your keys.

The same governance, unchanged

Pre-run guardrails before any work, every citation re-fetched and verified, every output a draft for a qualified lawyer, and a signed audit record — identical to the managed cloud, built inside your tenant.

The audit record is yours

The hash-chained, signed record of every agent action is written in your environment and owned by you — ready for an SRA review, a client assurance request or your own internal audit.

Reference architecture

Everything in your tenant. Only a signed heartbeat leaves.

The platform runs inside your boundary, connects to your identity provider on one side and your model providers on the other, and keeps every byte of matter data behind your perimeter.

Identity perimeter

Your identity provider

Microsoft Entra · Okta · Google Workspace

SSO and SCIM provisioning

Users and groups sync into the platform

Your cloud or on-premise tenant

Application tier

Containerised, runs in your cluster

Worker tier

Job workers for long-running agent runs

Postgres

Azure Database · AWS RDS · your cluster

Object storage

Azure Blob · S3 · MinIO

Governance layer

Signed audit chain · evidence record

Your boundary — all data stays here

Your model providers (BYOK)

Azure OpenAI

Your resource, your keys

Anthropic

Your enterprise agreement

Local endpoint

Any OpenAI-compatible model you host

Out of scope

LegalAI Space

Daily licence heartbeat · signed · no payload data

No prompt · no user · no matter data

How it works

From scoping call to governed, in your own environment.

A self-hosted deployment is a defined path, run with your IT and security teams. Here is the shape of it.

Scope the deployment

A short, technical call with your IT and security teams. We map your tenant, your identity provider, your document systems and your model providers, and agree where every component will run.

Deploy into your tenant

The platform is installed inside your boundary as containers, with Postgres and object storage you already operate. Your security team holds the keys and controls the network.

Connect your sources and models

Your own MCP endpoints connect the platform to iManage, NetDocuments and the Microsoft estate, with ethical walls and ACLs intact. Your model keys wire in the inference.

Govern and audit from inside

Guardrails, verification and the signed audit record run in your environment. The only thing that ever leaves is a daily licence heartbeat — cryptographically signed, carrying no prompt, user or matter data.

Book a deployment conversation

Bring your security and IT team. We'll bring the architecture.

Thirty minutes, technical rather than sales. We map LegalAI Space to your tenant, your identity provider, your document systems and your model providers — and answer the questions your IG review will ask.

A reference architecture and deployment runbook for your estate
Our Supplier Security Assessment Questionnaire, SRA-aligned
A DPA template your procurement team can review in advance
A clear answer on what stays in your tenant — which is everything

3 spots · 90-day pilot · 25% off Year 1

Book your security & architecture call

30 minutes. Technical, not sales. We'll send the SAQ, DPA, and reference architecture before the call so your team can come ready.

Full name

Work email

Firm name

Your role

Firm size

Deployment target

When do you need to be live?

I'd like Daman or a member of the LegalAI Space engineering team to contact me to schedule the security & architecture call.

30 minutes · Technical, not sales · SAQ & DPA attached to the confirmation email

The difference

Self-hosting is not a downgrade. It is the same governed platform, under your control.

Some tools offer a private deployment that quietly drops features or sends telemetry home. LegalAI Space self-hosted is the full platform — every agent, every guardrail, the complete signed audit record — running inside your perimeter, with nothing but a signed licence heartbeat ever leaving. See how the record is built for the SRA and the EU AI Act on the governance model.

Decide where it runs. We'll help you stand it up.

Tell us your deployment target and information-governance requirements, and we'll map LegalAI Space to your firm's framework before we ever talk pricing.

Book a deployment conversation Talk to our security team

Important notices

01
Self-hosted deployment, reference architecture and bring-your-own-key arrangements described on this page represent planned or in-development capability. References to third-party systems (Microsoft Entra, Okta, Google Workspace, Azure, AWS, iManage, NetDocuments, Microsoft, Azure OpenAI, Anthropic) are illustrative. LegalAI Space is not affiliated with these providers and integration availability may vary.
02
References to hosting infrastructure regions (UK, EU) and deployment targets describe planned deployment architecture. Final hosting and deployment arrangements will be confirmed prior to launch.
03
Governance features — pre-run guardrails, citation re-fetching and verification, and the signed audit record — apply to both the managed cloud and self-hosted deployments as planned architecture. Every output is a draft for review by a qualified lawyer.