Zalari has raised $2 million USD in a founding round led by Nyamaropa Technologies

Information Security

Security Framework and Commitment

Our legal AI platform is built on a foundation of enterprise-grade security specifically designed to meet the exceptional confidentiality and data protection requirements of legal practice. We understand that legal professionals handle some of the most sensitive and privileged information in society, and our security infrastructure has been engineered to provide the highest level of protection for this information.

Our commitment to security encompasses not only technical measures but also organizational processes, personnel training, and governance frameworks that ensure comprehensive protection for all data processed through our platform. We continuously invest in security improvements and work with leading security experts to maintain the highest standards of protection suitable for legal practice.

Data Encryption and Protection

Encryption in Transit

All data transmitted between your devices and our platform is protected using TLS 1.3 encryption, the most current and robust transport security standard available. This ensures that your legal documents, confidential communications, and sensitive information cannot be intercepted or read during transmission. Our encryption implementation uses industry-standard cipher suites and key exchange protocols that provide forward secrecy, ensuring that even if encryption keys were somehow compromised in the future, past communications cannot be decrypted.

Encryption at Rest

All stored data, including legal documents, case files, research materials, and account information, is encrypted at rest using AES-256 encryption. This military-grade encryption standard ensures that your data remains protected even in the unlikely event of unauthorized physical access to storage systems. Our encryption-at-rest implementation covers all storage layers, including primary databases, backup systems, archive storage, and log files containing sensitive information.

Key Management

Our encryption key management follows industry best practices, including hardware security modules (HSMs) for key storage, regular key rotation policies, and strict access controls for key management operations. Encryption keys are never stored alongside the data they protect, and all key management operations are logged and audited for security compliance purposes.

Infrastructure Security

Secure Data Centers

Our platform operates in SOC 2 Type II certified data centers with multiple physical security controls including biometric access controls, 24/7 security personnel and camera monitoring, redundant power and cooling systems, and comprehensive physical intrusion detection. These facilities maintain the highest standards of physical security required for sensitive legal information.

Network Security

Our network architecture includes multiple layers of security controls, including web application firewalls (WAF), distributed denial-of-service (DDoS) protection, intrusion detection and prevention systems (IDS/IPS), network segmentation and micro-segmentation, and continuous network traffic monitoring and analysis. These controls prevent unauthorized network access and protect against a wide range of cyber threats.

Cloud Security

Our cloud infrastructure is architected following the principle of least privilege, with strict access controls limiting network access to only what is necessary for each component. We use virtual private cloud (VPC) configurations, security groups, and network access control lists to create isolated environments that protect your legal data from unauthorized access.

Access Controls and Authentication

Multi-Factor Authentication

Multi-factor authentication (MFA) is required for all user accounts accessing our platform, providing an additional layer of security beyond passwords. Our MFA implementation supports authenticator applications, hardware security keys, and SMS-based verification. We strongly recommend the use of hardware security keys or authenticator applications for the highest level of account security.

Role-Based Access Control

Our platform implements comprehensive role-based access control (RBAC) systems that ensure users can only access information and functionality appropriate to their roles and responsibilities. For law firms and legal departments, this includes granular permission controls that allow administrators to precisely define what each user can access, ensuring that confidential client information is only accessible to authorized personnel.

Session Management

We implement strict session management controls including automatic session timeouts, concurrent session monitoring, and anomalous session detection. Active sessions are continuously monitored for suspicious activity, and unusual behavior triggers automatic security responses including session termination and security alerts to account administrators.

Application Security

Secure Development Practices

Our software development lifecycle incorporates security at every stage, following OWASP secure development guidelines and industry best practices. This includes threat modeling during design, security-focused code reviews, static application security testing (SAST), dynamic application security testing (DAST), and regular penetration testing by independent security professionals.

Input Validation and Sanitization

All input to our platform undergoes rigorous validation and sanitization to prevent injection attacks, cross-site scripting (XSS), and other common web application vulnerabilities. Our security controls are designed to protect against the OWASP Top 10 vulnerabilities and other known attack vectors.

Regular Security Updates

We maintain a rigorous patch management process that ensures all platform components, including operating systems, application frameworks, and third-party libraries, are updated promptly when security vulnerabilities are discovered. Critical security patches are applied within 24 hours of release, and all updates are tested in staging environments before deployment to production systems.

Monitoring and Incident Response

Continuous Monitoring

Our security operations center provides 24/7 monitoring of all platform components, network traffic, and security events. We use advanced security information and event management (SIEM) systems and behavioral analytics to detect anomalous activity, potential security threats, and unauthorized access attempts in real-time. All security events are logged, analyzed, and correlated to identify complex attack patterns.

Incident Response Plan

We maintain a comprehensive incident response plan specifically designed for legal technology environments, recognizing the unique confidentiality and professional responsibility considerations that apply to legal data. Our incident response team includes legal and compliance experts who ensure that our response to security incidents appropriately addresses professional privilege and confidentiality requirements.

Breach Notification

In the event of a security incident that may affect your data, we will notify affected clients promptly in accordance with applicable laws and regulations. Our breach notification process is designed to provide clear, actionable information that helps legal professionals fulfill their own professional and regulatory notification obligations. We maintain detailed incident records to support any required regulatory reporting.

Compliance and Certifications

Industry Standards

Our security program is aligned with internationally recognized security standards and frameworks, including ISO 27001, SOC 2 Type II, and NIST Cybersecurity Framework. We undergo regular independent security assessments and audits to verify our compliance with these standards and to identify opportunities for improvement.

Legal Industry Requirements

Our security practices are specifically designed to meet the requirements of legal practice, including the preservation of attorney-client privilege, maintenance of work product protection, and compliance with professional conduct rules regarding confidentiality. We work closely with bar associations and legal technology organizations to ensure our security practices align with professional requirements for the use of technology in legal practice.

Regular Assessments

We conduct annual comprehensive penetration testing performed by independent security firms, quarterly vulnerability assessments, continuous automated security scanning, and regular security architecture reviews. These assessments help us identify and address potential vulnerabilities before they can be exploited.

Data Backup and Recovery

Automated Backups

All data stored on our platform is backed up continuously and replicated across multiple geographically distributed data centers. Our backup systems ensure that your legal documents and data are protected against hardware failures, data corruption, and other data loss scenarios. Backups are encrypted with the same standards as primary data storage.

Disaster Recovery

Our disaster recovery capabilities ensure that our platform can be restored quickly in the event of a major incident. We maintain detailed recovery procedures, regularly test our recovery capabilities, and target recovery time objectives (RTO) and recovery point objectives (RPO) that minimize disruption to your legal practice.

Business Continuity

Our business continuity planning ensures that critical services remain available even during significant disruptions. We maintain redundant systems, geographically distributed infrastructure, and tested failover procedures that automatically redirect traffic to healthy systems in the event of failures.

User Security Best Practices

Account Security

We strongly recommend that all users of our platform enable multi-factor authentication, use unique, complex passwords for their accounts, regularly review account activity for unauthorized access, promptly report any suspicious activity or security concerns, and follow their organization’s information security policies when accessing our platform.

Secure Document Handling

Legal professionals should exercise appropriate judgment when determining which documents to process through our platform, ensuring compliance with client consent requirements, professional conduct rules, and applicable privacy regulations. We recommend reviewing your firm’s technology use policies and client agreements regarding the use of AI tools in legal practice.

Security Awareness

We provide security guidance and best practice resources specifically designed for legal professionals using AI tools. Our security education materials cover topics including phishing awareness, social engineering threats, secure remote access practices, and special considerations for protecting privileged and confidential legal information in an AI-assisted practice environment.

Vendor and Partner Security

Third-Party Security Standards

All third-party vendors and service providers who access our systems or process data on our behalf are required to meet rigorous security standards. We conduct thorough security assessments of all vendors, require contractual security commitments, and monitor ongoing compliance with our security requirements.

Supply Chain Security

We maintain comprehensive supply chain security practices, including vetting of software components, regular scanning of dependencies for vulnerabilities, and monitoring of our technology supply chain for potential security risks. All third-party software components are reviewed for security before integration into our platform.

For specific security inquiries, to report a vulnerability, or to request our security documentation, please contact our security team at security@deep-counsel.org.

Zalari
Legal Intelligence
for Africa.
research
Browse All CasesLaw ReportsSupreme CourtConstitutional CourtLabour Court
high court
Harare High CourtBulawayo High CourtMutare High CourtMasvingo High CourtChinhoyi High Court
product
FeaturesPricingUse CasesSchedule a Demo
company
AboutContact
resources
LegalTerms of ServicePrivacy PolicySecurityZALARI ConventionZALARI 1.0
© Copyright DeepCounsel – Powered by
Nyamaropa
Zalari is Zimbabwe and Southern Africa's leading AI-powered legal research platform, built by DeepCounsel and powered by Nyamaropa Technologies. Search Zimbabwe Supreme Court and High Court case law instantly, get AI-generated answers with full source citations, and access the most comprehensive corpus of Zimbabwean and Southern African jurisprudence available online. Zalari is the go-to legal AI platform for attorneys, advocates, law students, judges, and corporate counsel across Zimbabwe and South Africa — delivering faster research, smarter insights, and a competitive edge in legal practice. Zalari does not provide legal advice. Always consult a qualified legal practitioner for advice specific to your situation. © 2026 DeepCounsel a legal technology company democratising access to legal knowledge in Africa.