Compliance & security
Built for the regulatory reality of practising law in Malaysia
CDD, AMLA, PDPA — the regulators don't care if it's on a shared drive. We bake the trail into the workflow so audit day stops being a fire drill.
Bar Council CDD
Full 7-step CDD trail per case: customer ID + beneficial owners + 14-factor risk profiling + sanctions screening + PDPA / KYC / conflict-check attestations + EDD + periodic review. One-click CDD Checklist PDF for Bar Council audits.
AMLA 2001 + EDD
PEP detection. Computed risk rating drives an Enhanced Due Diligence gate — High-risk / PEP cases blocked from going Ongoing until source of funds + senior partner approval are captured. STR template generator for str@bnm.gov.my filing.
PDPA 2010
Consent capture and stamping. Encrypted at rest. Per-firm data isolation via row-level security. Documented retention windows on every storage bucket.
Multi-tenant secure
Every firm's data is isolated at the database layer. Role-based access control: lawyers see firm cases, clients only their own, agents only their referred cases.
90-day audit log + 6-year CDD records
Every create / update / delete on firm data is snapshotted for 90 days. CDD records (BO, sanctions, risk profile, attestations) persist for the full AMLA 6-year retention window — distinct retention policies, distinct purposes.
Single-session-per-user
Sign in on a second device and the first session is invalidated. No shared logins, no orphaned tokens.
Storage in region
Hosted on Supabase Singapore. Data stays in the South-East Asia region; close to your users, low latency.