Client confidentiality is a professional obligation. Your file storage should reflect that.
Bigby provides solicitors and law firms with encrypted, UK-based cloud storage designed around the confidentiality requirements your practice depends on.
The duty of confidentiality extends to every system that touches client data
Solicitors have one of the oldest and most clearly defined duties of confidentiality in any profession. The SRA Code of Conduct is unambiguous: client information must be kept confidential unless disclosure is required or permitted by law.
That obligation does not pause when a file is uploaded to a cloud service. The platform you choose to store client documents, correspondence, and case files is part of your data processing chain. If it does not meet the standard your clients are owed, the responsibility sits with the firm.
Where standard cloud storage creates professional risk
General-purpose cloud platforms are built for broad consumer and business use. The data handling practices that come with them are not designed with legal professional privilege, SRA obligations, or UK GDPR in mind.
Legal professional privilege
Privileged communications between solicitor and client attract some of the strongest protections in law. Storing those communications on a platform that scans file content, holds broad data usage rights, or processes data outside UK jurisdiction introduces questions about whether that privilege is adequately preserved. It is a question most consumer cloud providers are not equipped to answer.
SRA Code of Conduct
The SRA requires firms to have effective systems and controls to meet their obligations, including around data security. Using a platform with opaque data handling, overseas data storage, or terms that permit content scanning is difficult to reconcile with those requirements. In the event of a complaint or regulatory review, your choice of storage provider may be scrutinised.
UK GDPR and data controller liability
Law firms are data controllers under UK GDPR. Responsibility for how client personal data is stored and processed rests with the firm, not the storage provider. A data breach originating with a third-party service remains the firm’s breach to account for, including any obligation to notify the ICO and affected clients.
Overseas data exposure
The major US cloud providers operate under US law. Legislation such as the CLOUD Act creates a mechanism by which US authorities can compel access to data held by US companies, including data stored in the UK. For family law, criminal defence, immigration, and other sensitive practice areas, that exposure warrants careful consideration.
How Bigby works
Encryption at rest, UK infrastructure, and no business model built on your data
Unlike the major cloud platforms, Bigby does not scan, analyse, or profit from the files you store. Here is how that works.
01. Encrypted at rest
Your files are encrypted on our UK servers. The data stored on our infrastructure is in encrypted form, which provides meaningful protection in the event of a storage breach and ensures your files are not sitting as readable plain text on any server.
02. No access to file contents
Bigby does not open, scan, or read the contents of what you store. We have no business reason to and our data processing terms prohibit it. Client documents, privileged correspondence, and case files are stored without anyone at Bigby reading them.
03. No AI training or secondary use
Your stored content is not used for AI training, advertising targeting, or any analysis of any kind. The subscription fee covers the cost of running the service. That is the entire arrangement.
04. UK data residency throughout
All data is stored on UK-based infrastructure. UK GDPR applies. There is no transfer to US servers and no exposure to US jurisdiction. Your clients’ data does not leave the UK.
Frequently asked questions
Does Bigby help satisfy our UK GDPR obligations as a data controller?
Bigby is designed to reduce your exposure. UK data residency, encryption at rest, and straightforward data processing terms mean your storage arrangements are on considerably stronger ground than with a general consumer or business cloud service. That said, GDPR compliance for a law firm extends well beyond storage. We would always recommend a full review of your data handling practices with a qualified adviser.
Can privileged documents be stored securely on Bigby?
Yes. Bigby does not access the contents of files stored on the service. Privileged advice, client correspondence, witness statements, and other sensitive documents can be stored and accessed without the contents being read or scanned by Bigby or any third party. Encryption applies to all files on all plans.
What happens if Bigby receives a legal demand for access to our files?
Bigby is a UK company subject to UK law. We may be required to comply with lawful UK court orders. We do not hold data under US jurisdiction and are not subject to the CLOUD Act. We will challenge any demands we consider unlawful and will notify users where the law permits. For the complete confidence that privilege cannot be broken by any legal demand, client communications should be managed under your firm’s existing protocols. Bigby provides meaningful improvement over consumer cloud storage for day-to-day document handling.
We are a multi-fee-earner firm. Is there a plan for teams?
Yes. The Group plan provides shared encrypted storage and document collaboration for teams of three or more, with per-user access controls. Each fee earner accesses only what they require, and all files remain encrypted throughout. The plan is priced per user from £4.99 per month on annual billing.
Is Bigby suitable for sole practitioners and small high street firms?
Yes. The Storage and Office plans are designed for individual users with no minimum commitment. A sole practitioner handling family, wills, conveyancing, or criminal matters will find the 100 GB Storage plan sufficient for most document and correspondence needs. Storage can be topped up as required.
How does Bigby’s commercial model work?
Bigby charges a straightforward fee for storage. There is no advertising, no data monetisation, and no secondary use of stored content. The service is funded entirely by subscription. For firms that require a clear and auditable basis for their choice of storage provider, that simplicity is part of the point.
Storage that meets the standard your clients are owed
Private, encrypted, UK-based cloud storage from £3.99 per month. Built for practices that cannot afford to treat data security as an afterthought.
Annual billing · All prices in GBP · UK data residency · GDPR compliant