JusAsk AI Legal Software
Client Overview
The Law Society of Singapore (LSS or LawSoc) is the statutory body established in 1967 under the Legal Profession Act to represent, regulate, and support all lawyers in Singapore. Its primary functions include maintaining professional standards among lawyers, assisting in their professional development, protecting the public in matters related to the law, and investigating complaints against lawyers. The LSS is also responsible for promoting the interests of the legal profession and enhancing the public's access to justice.
With over 7,000 members, the LSS faced significant challenges in efficiently addressing legal inquiries, often taking several days for departments to respond to individual questions. A major portion of the data processed by LSS departments is strictly confidential. REPCONN is the only non-Singaporean entity in the world that has been entrusted with access to this data.
Challenge
LawSoc needed a solution to:
Provide immediate, accurate responses to member inquiries across multiple platforms
Reduce response time from days to seconds
Handle sensitive legal information securely while ensuring data privacy compliance
Integrate seamlessly with their existing website and offer mobile access
Scale to support their growing membership base
Solution: JusAsk
A comprehensive AI-powered legal system deployed across three platforms:
Web-based AI software embedded in LawSoc's WordPress website
iOS native application built with Swift
Android native application built with Kotlin
Data Protection Architecture
Building AI legal software for a regulatory body required implementing strict data protection measures:
Tiered Data Classification
Public tier:
General legal resources, FAQ content
Member-restricted tier:
Professional development materials, confidential member communications
Highly confidential tier:
AML investigation files, financial data (restricted to LawSoc + Singapore government only)
Privacy by Design Implementation
Data minimization
Only essential data fields ingested for AI training
Purpose limitation
Documented specific purposes for each data category
Storage limitation
90-day retention for conversation logs, automated purging workflows
Pseudonymization
Member names and case identifiers masked before AI model access
Access Control Framework
Role-based access controls (RBAC) enforced at API level
Multi-factor authentication for administrative functions
Audit logging of all data access with anomaly detection
Segregated storage for different sensitivity tiers
Compliance Framework: Singapore's PDPA & GDPR Alignment
Singapore's Personal Data Protection Act (PDPA) follows GDPR principles:
Consent management and purpose specification (GDPR Art. 6, 13)
Data subject rights workflows: access, correction, deletion (GDPR Art. 15-17)
Breach notification procedures meeting 72-hour requirements (GDPR Art. 33)
Data Protection Impact Assessment (DPIA) methodology (GDPR Art. 35)
iOS Application
Key Features
Multi-platform availability
Available on Web, iOS, and Android platforms for seamless access across all devices
Intelligent response system
Achieves 80-90% accuracy rate with continuous learning and improvement
Rapid response times
Average response time of 8-10 seconds, down from several days
Enterprise-grade security
AES-256 encryption with Singapore-based AWS hosting for maximum data protection
Real-time analytics
Comprehensive dashboard for monitoring usage patterns, system performance and compliance
Member-focused design
Intuitive interface designed specifically for legal professionals and their workflows
Implementation Process
Phase 1: Audit, Discovery & Data Governance (Week 1-4)
Compliance audit and risk assessment under PDPA and GDPR
Comprehensive analysis of data sources: WordPress content, Microsoft 365 systems, Members Library, Ethics resources
Data classification into sensitivity tiers: public, member-restricted, highly confidential (AML/financial data)
Security requirements documentation for confidential data accessible only to LSS and REPCONN
Multi-tier access control architecture design
Legal basis documentation for each data processing category
Data lineage mapping and pseudonymization protocols
Phase 2: Development & Training (Week 5-9)
Core AI system implementation powered by Gemini 2.0
Secure data ingestion pipeline with encryption at every stage
Advanced data masking: PII pseudonymization, financial identifier redaction, case reference anonymization
Vector database implementation with access enforcement at query level
Multi-platform development: Web (React/TypeScript), iOS (Swift), Android (Kotlin)
AES-256 encryption implementation (data at rest and in transit)
Authentication framework: MFA, role-based access controls (RBAC)
AWS Singapore region deployment for data residency compliance
Phase 3: Testing, Fine-Tuning & Deployment (Week 10-12)
AI model accuracy optimization and bias detection testing
Security penetration testing by independent auditors
User acceptance testing with LawSoc staff across all platforms
Response time optimization (achieved 7.53s average)
Phased rollout: internal staff → limited member beta → full production launch
Real-time monitoring dashboard activation
Incident response procedures validation
Member training materials and onboarding documentation
Phase 4: Assessment & Continuous Improvement (Ongoing)
Post-deployment validation: 852 conversations in first 30 days, 80-90% accuracy rate achieved
Weekly accuracy reviews with LawSoc legal team and IT department
Monthly model retraining with new legal updates and member feedback
Quarterly security audits and compliance reviews
Continuous monitoring of data access patterns for anomaly detection
User satisfaction surveys and feature enhancement planning
AI System Governance & Transparency
Explainability Mechanisms
Source attribution
Every AI response cites specific documents used
Confidence scoring
System displays certainty level for each answer
Escalation pathways
Members can request human review of AI advice
Decision logging
All AI interactions recorded for audit purposes
Human Oversight
LawSoc legal staff review flagged responses before delivery
Weekly accuracy audits by subject matter experts
Feedback loops for continuous model improvement
Manual override capability for sensitive queries
Documentation & Accountability
Technical documentation maintained per EU AI Act Annex IV standards
Model cards documenting training data, limitations, and intended use
Risk assessment updated quarterly as system evolves
Clear accountability: LawSoc retains ultimate responsibility for AI outputs
EU AI Act Alignment
Implementation addresses key regulatory requirements:
Article 13
Transparency obligations for high-risk AI systems
Article 14
Human oversight requirements
Article 17
Quality management system documentation
Article 72
Post-market monitoring obligations
Handling Confidential Financial & AML Data
The system processes highly sensitive financial information including:
Member practice revenue and financial performance data
Client account transaction records and trust accounting information
Anti-money laundering (AML) investigation files accessible only to LawSoc compliance officers and Singapore government authorities
Disciplinary proceeding financial evidence
Encryption at Every Layer
AES-256 encryption for data at rest (database, file storage)
TLS 1.3 for data in transit (API communications, mobile apps)
Field-level encryption for especially sensitive data (AML files, financial identifiers)
Access Restrictions
AML data:
Limited to 3 authorized LawSoc personnel + designated government entities
Financial records:
Accessible only to authenticated members viewing their own data
All access logged with user ID, timestamp, data accessed, and purpose
Automated Redaction
Financial identifiers (account numbers, amounts) automatically redacted from AI responses
Member names replaced with pseudonyms in training datasets
Case references anonymized to prevent cross-referencing
Regulatory Reporting Capability
Audit trails maintained for regulatory inspection
Automated generation of access reports for government oversight
Incident response procedures documented and tested
Results & Impact
852
Total Conversations
In first 30 days
7.53s
Average Response Time
Down from several days
80-90%
Accuracy Rate
With continuous improvement
Compliance & Security Outcomes
Zero data breaches during 12+ months of operation
100% compliance with PDPA validated by LawSoc's legal team
Successful government audit of AML data access controls
Attorney-client privilege maintained through technical safeguards
Data subject rights requests fulfilled within 30-day statutory deadline
Regulatory Context
Implementation demonstrates capabilities applicable across regulated industries
Legal Sector Requirements
PDPA compliance
AML data security
Professional privilege protection
Government oversight access
Multi-tier data classification
Audit trail maintenance
Financial Sector Parallels
GDPR/ePrivacy Directive
PSD2/AMLD customer data protection
Banking secrecy obligations
DORA/MiFID II regulatory reporting
GDPR data segmentation
EU AI Act Article 12 record-keeping
Applicable Use Cases
AI customer service systems under GDPR Article 22
Fraud detection algorithms under AMLD
Algorithmic trading platforms under MiFID II
Credit scoring systems under EU AI Act high-risk category
Technology Stack
Core Technologies
AI Model: Gemini 2.0
Backend: Node.js
Web Interface: React
Mobile: Swift & Kotlin
Infrastructure
AWS Singapore Region
Vector database
AES-256 encryption
WAF & MFA
Development Tools
Visual Studio Code
GitLab
Azure DevOps
BlackBox
Android Application
Web Application
Confidentiality Notice
Due to the sensitive nature of legal data processing and proprietary regulatory information, Space&Miller LLC DBA REPCONN has signed a Non-Disclosure Agreement with The Law Society of Singapore.
The information presented in this case study has been carefully reviewed and approved for public disclosure. For inquiries about additional technical details, implementation specifics, or resources that cannot be publicly discussed, please contact jeremy@repconn.com to discuss what can and cannot be shared under the terms of our agreement.