Lexroom

Civil-law legal research, drafting and analysis on 6M+ verified sources

Spellbook

AI contract drafting and review directly inside Microsoft Word

Lexroom

Strong

21/25

Spellbook

Moderate

15/25

Score Breakdown

DimensionLexroomSpellbook

Data Residency

Where is your data stored and processed?

Lexroom: An Italian company compliant with GDPR and ISO 27001, strongly implying EU-based processing; however, the specific data-centre location and EU-region guarantees are not explicitly published, so a conservative score is applied pending confirmation.

Spellbook: Data processed in US and Canada. Zero retention policy with OpenAI API prevents document storage for AI training. Limited EU data residency options may concern European law firms.

4/5

An Italian company compliant with GDPR and ISO 27001, strongly implying EU-based processing; however, the specific data-centre location and EU-region guarantees are not explicitly published, so a conservative score is applied pending confirmation.

3/5

Data processed in US and Canada. Zero retention policy with OpenAI API prevents document storage for AI training. Limited EU data residency options may concern European law firms.

Legal Jurisdiction

Which laws govern the company and your data?

Lexroom: Incorporated in Italy as Lexroom S.r.l., an EU/EEA entity with no US parent. Fully within EU jurisdiction.

Spellbook: Incorporated in Ontario, Canada. Canadian privacy law (PIPEDA) provides reasonable protections. Canadian jurisdiction is generally considered acceptable for legal professionals handling confidential client data.

5/5

Incorporated in Italy as Lexroom S.r.l., an EU/EEA entity with no US parent. Fully within EU jurisdiction.

3/5

Incorporated in Ontario, Canada. Canadian privacy law (PIPEDA) provides reasonable protections. Canadian jurisdiction is generally considered acceptable for legal professionals handling confidential client data.

Data Retention & Training

Is your data used for model training?

Lexroom: Explicit zero-training policy on user data combined with a zero-retention posture — uploaded documents are encrypted and not stored beyond what is needed to deliver the service. Strong retention controls; enterprise DPA terms assumed but not individually verified.

Spellbook: Strong data minimisation posture with zero data retention policy through OpenAI's API. Documents are not stored beyond the session, reducing exposure of sensitive legal content.

5/5

Explicit zero-training policy on user data combined with a zero-retention posture — uploaded documents are encrypted and not stored beyond what is needed to deliver the service. Strong retention controls; enterprise DPA terms assumed but not individually verified.

4/5

Strong data minimisation posture with zero data retention policy through OpenAI's API. Documents are not stored beyond the session, reducing exposure of sensitive legal content.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Lexroom: Holds ISO 27001 certification and asserts GDPR and EU AI Act compliance. No SOC 2 Type II or sector-specific certifications published, placing it at the single-major-certification tier.

Spellbook: Holds SOC 2 Type II certification. Certification portfolio is limited for a tool handling highly sensitive legal documents; ISO 27001 certification would strengthen the trust posture.

3/5

Holds ISO 27001 certification and asserts GDPR and EU AI Act compliance. No SOC 2 Type II or sector-specific certifications published, placing it at the single-major-certification tier.

2/5

Holds SOC 2 Type II certification. Certification portfolio is limited for a tool handling highly sensitive legal documents; ISO 27001 certification would strengthen the trust posture.

Regulatory Fit

Suitability for regulated industries and professional services

Lexroom: Purpose-built for civil-law legal professionals and used by 8,000+ firms including major names, with GDPR and EU AI Act alignment. Suitable for most EU regulated legal use, though it lacks the explicit professional-secrecy attestations and sovereign-hosting guarantees of the strongest peers.

Spellbook: Good fit for North American law firms and corporate legal departments. Zero data retention aligns with attorney-client privilege requirements. Limited certifications may require additional due diligence for EU or highly regulated clients.

4/5

Purpose-built for civil-law legal professionals and used by 8,000+ firms including major names, with GDPR and EU AI Act alignment. Suitable for most EU regulated legal use, though it lacks the explicit professional-secrecy attestations and sovereign-hosting guarantees of the strongest peers.

3/5

Good fit for North American law firms and corporate legal departments. Zero data retention aligns with attorney-client privilege requirements. Limited certifications may require additional due diligence for EU or highly regulated clients.

Total Score

21/25

15/25

Best For

Lexroom

Best for EU-headquartered organisations needing maximum data sovereignty; regulated industries (Garante, CNIL); privacy-conscious teams who need strong data retention controls.

Spellbook

Best for privacy-conscious teams who need strong data retention controls.

Detailed Comparison

Lexroom vs Spellbook: Trust & Compliance Comparison

Lexroom (Lexroom, IT) scores 21/25 overall with a Silver (Strong) trust badge. Civil-law legal research, drafting and analysis on 6M+ verified sources. Spellbook (Rally Legal, CA) scores 15/25 with a Bronze (Moderate) trust badge. AI contract drafting and review directly inside Microsoft Word.

Dimension-by-Dimension Breakdown

#### Data Residency

Lexroom leads with 4/5 vs 3/5.

●Lexroom (4/5): An Italian company compliant with GDPR and ISO 27001, strongly implying EU-based processing; however, the specific data-centre location and EU-region guarantees are not explicitly published, so a conservative score is applied pending confirmation.

●Spellbook (3/5): Data processed in US and Canada. Zero retention policy with OpenAI API prevents document storage for AI training. Limited EU data residency options may concern European law firms.

#### Legal Jurisdiction

Lexroom leads with 5/5 vs 3/5.

●Lexroom (5/5): Incorporated in Italy as Lexroom S.r.l., an EU/EEA entity with no US parent. Fully within EU jurisdiction.

●Spellbook (3/5): Incorporated in Ontario, Canada. Canadian privacy law (PIPEDA) provides reasonable protections. Canadian jurisdiction is generally considered acceptable for legal professionals handling confidential client data.

#### Data Retention & Training

Lexroom leads with 5/5 vs 4/5.

●Lexroom (5/5): Explicit zero-training policy on user data combined with a zero-retention posture — uploaded documents are encrypted and not stored beyond what is needed to deliver the service. Strong retention controls; enterprise DPA terms assumed but not individually verified.

●Spellbook (4/5): Strong data minimisation posture with zero data retention policy through OpenAI's API. Documents are not stored beyond the session, reducing exposure of sensitive legal content.

#### Certifications

Lexroom leads with 3/5 vs 2/5.

●Lexroom (3/5): Holds ISO 27001 certification and asserts GDPR and EU AI Act compliance. No SOC 2 Type II or sector-specific certifications published, placing it at the single-major-certification tier.

●Spellbook (2/5): Holds SOC 2 Type II certification. Certification portfolio is limited for a tool handling highly sensitive legal documents; ISO 27001 certification would strengthen the trust posture.

#### Regulatory Fit

Lexroom leads with 4/5 vs 3/5.

●Lexroom (4/5): Purpose-built for civil-law legal professionals and used by 8,000+ firms including major names, with GDPR and EU AI Act alignment. Suitable for most EU regulated legal use, though it lacks the explicit professional-secrecy attestations and sovereign-hosting guarantees of the strongest peers.

●Spellbook (3/5): Good fit for North American law firms and corporate legal departments. Zero data retention aligns with attorney-client privilege requirements. Limited certifications may require additional due diligence for EU or highly regulated clients.

Certifications at a Glance

Certification	Lexroom	Spellbook
ISO 27001	Yes	No
SOC 2 Type II	No	Yes

Overall Verdict

Lexroom has a clear trust advantage, scoring 21/25 compared to Spellbook's 15/25. Lexroom particularly excels in data residency, legal jurisdiction, data retention & training, certifications, regulatory fit.

Frequently Asked Questions

Which is better for EU compliance, Lexroom or Spellbook?

Lexroom has a TrustKit score of 21/25 while Spellbook scores 15/25. Lexroom currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Lexroom and Spellbook compare on data residency?

Lexroom scores 4/5 for data residency (An Italian company compliant with GDPR and ISO 27001, strongly implying EU-based processing; however, the specific data-centre location and EU-region guarantees are not explicitly published, so a conservative score is applied pending confirmation.), while Spellbook scores 3/5 (Data processed in US and Canada. Zero retention policy with OpenAI API prevents document storage for AI training. Limited EU data residency options may concern European law firms.).

Are Lexroom and Spellbook GDPR compliant?

Both tools are assessed across five compliance dimensions. Lexroom has a regulatory fit score of 4/5 and Spellbook scores 3/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool