CourtPilot
Sign in
Trust, compliance & responsible AI

How we protect your data and use AI responsibly.

Transparent about what CourtPilot is — and isn’t. Here’s how we protect your data, document our security measures, and explain where AI sits in the process.

Last updated: 8 March 2026
Applies to: England & Wales

1) Who We Are

CourtPilot is a technology platform that provides automated legal tools, document generation, and general legal information to help users navigate the UK civil justice system for money claims. We are not a law firm and do not provide legal advice or legal representation.

Legal entity

Company name

LupaSoft Ltd (trading as CourtPilot)

Registered in

England & Wales

Company number

16943875

Website

www.courtpilot.co.uk

Registered address

See lupasoft.co.uk

If you require tailored legal advice, you should consult a qualified solicitor. We may offer an optional solicitor referral for complex matters (see “Human Review & Referrals”).

2) Regulatory Position (England & Wales)

Not a law firm / not SRA-regulated

We are not authorised or regulated by the Solicitors Regulation Authority (SRA).

No reserved legal activities

We do not conduct activities reserved under the Legal Services Act 2007:

  • The exercise of a right of audience
  • The conduct of litigation
  • Reserved instrument activities (e.g., certain conveyancing)
  • Probate activities
  • Notarial activities
  • The administration of oaths

You remain responsible for checking the accuracy, relevance, completeness, and suitability of any documents or outputs before using them.

3) Not Legal Advice — Core Disclaimer

Important notice

  • The information and documents generated by CourtPilot are not legal advice.
  • Your use of the platform does not create a solicitor–client relationship with us.
  • Outcomes depend on the facts, evidence, and judicial discretion; no outcome is guaranteed.
  • If unsure how the law applies to your circumstances, obtain independent legal advice.

Site-wide footer notice: “CourtPilot is not a law firm and does not provide legal advice.”

4) Responsible AI & Model Transparency

How AI is used

Document drafting, summarisation, risk flags, and guidance prompts — always under your review.

Fallibility

AI systems can be inaccurate or incomplete. Always review outputs before use.

Human-in-the-loop

You may request human review or a solicitor referral at any time.

Provider transparency

We use Anthropic’s Claude API as our AI sub-processor under Anthropic’s Commercial Terms and Data Processing Addendum, which include EU SCCs and the UK ICO Approved Addendum.

No model training

Content you submit through CourtPilot is not used to train AI models. Anthropic is contractually prohibited from training on API customer content, and we do not retain a separate training corpus.

Explainability

We provide rationales for AI outputs and cite public sources where applicable.

5) Data Protection, Privacy & Security

We design CourtPilot around privacy-by-design and security-by-default principles, and we operate the service to support compliance with the UK General Data Protection Regulation and the Data Protection Act 2018.

Key security measures

AES-256-GCM encryption at rest for uploaded documents
TLS 1.3 in transit
Encryption keys managed via cloud-platform secret storage with restricted access
Role-based access control with least-privilege defaults
Per-action audit logs of document and case access
Malware scanning with ClamAV in our document-processing pipeline
PII tokenisation in conversational case-building (broader rollout in progress)
Anthropic Claude API used under contract that prohibits model training on customer content
Encrypted document storage in Cloudflare R2 (UK/EU regions)
Defence-in-depth: separate database, storage, and AI-provider boundaries

Security roadmap

The following controls are in active development. We will update this page when each is in production.

PII tokenisation extended to document-upload and AI-analysis pipelines
Hardware-backed key management via cloud KMS
Automated dependency and container vulnerability scanning
Documented and tested encrypted backup procedure
Independent penetration testing (annual)
Cyber Essentials Plus certification

Your rights (UK GDPR)

You may have rights to access, rectify, erase, restrict, object, and data portability.

Data Protection Officer

dpo@courtpilot.co.uk

Responsible disclosure

If you believe you have found a security vulnerability in CourtPilot, please report it privately to security@courtpilot.co.uk. We will acknowledge receipt within two working days and aim to triage and respond within seven. We do not currently operate a paid bug-bounty programme, but we will publicly thank reporters who follow responsible disclosure (with their permission).

Contact us

This page provides important information to help you use CourtPilot responsibly. It does not form a client–solicitor relationship and does not constitute legal advice.