civiclaw managed · pay per outcome, not per seat
Don't buy software. Don't hire a team.
We do the work.
Your council has a DSAR backlog, FOI requests piling up, and EU AI Act Article 12 logging obligations landing on 2 August 2026. You don't need another platform. You need someone to process the work — sovereign, signed, regulator-ready, no in-house build. That's what civiclaw managed does.
What you actually pay for (outcomes, not seats)
- DSAR processed end-to-end — UK GDPR Article 15. Intake, system search across your sources, third-party redaction with cryptographic pre/post hash proof, response letter drafted and human-reviewed. 30-day SLA built in.
- FOI request handled — FOIA 2000. Qualification, s.12 £450 cost-limit check, department-routed search plan, fully-compliant response with exemption rationale and appeal rights.
- Audit conformity pack — EU AI Act Article 12 logs, cryptographically chain-verified, exported in regulator-ready format. Pre-baked answers to "how do you know your AI didn't go rogue?" — because the maths is right there.
- £0 software licence. The infrastructure is ours. You don't host, patch, or integrate anything. You don't renew a SaaS contract.
How it actually works (the part hosted SaaS can't say)
- Sovereign infrastructure. UK-incorporated vendor (Workloft.ai LTD), data hosted on Hetzner Falkenstein DE + Supabase eu-west-2 (London). No US lab dependency. Your data does not cross the Atlantic.
- Every action signed. Each DSAR processed, each FOI answered, each audit row carries a cryptographic proof bound to
did:web:workloft.ai. Your DPO can verify our work themselves at workloft.ai/verify. - Append-only audit log. Postgres triggers reject UPDATE and DELETE. We can't quietly fix a mistake. Your regulator can read the chain.
- Human-in-the-loop on every gated action. Article 14 enforced structurally — no draft response goes out without a logged human sign-off (yours, ours, or both).
The maths vs hiring or self-hosting
Run civiclaw OSS yourself. You need internal IT, a DPO with bandwidth, and someone to debug the audit chain at 11pm. Some councils have that. Most don't.
You email us the request. We do the work. You get a regulator-ready response in 7 days. Your DPO countersigns. Your audit log builds itself. The "AI-native service" answer.
One full-time DPO assistant. Salary + tools + national-insurance + holiday. You still need to choose a tool. You still answer to the regulator yourself if anything goes wrong.
Why this isn't a typical hosted SaaS
- We carry the regulatory weight, not you. If our audit chain fails verification, that's our problem. Your conformity pack still ships on time.
- You're not training your team on a new platform. The deliverable is a finished response letter. Not a dashboard.
- Sovereignty is built in, not bolted on. Look at the page you're reading — every credential we issue verifies in your browser, no server involved. workloft.ai/verify.
- Open-source escape hatch. If you ever want to run civiclaw yourself, the code is Apache 2.0. Self-hosted version here. You're never locked in to us as a vendor.
Who this is for
- UK local authorities with a DSAR backlog they can't clear before EU AI Act Annex III hits 2 August 2026
- NHS Trusts that need DSPT-aligned AI processing without a 9-month tool procurement
- Combined authorities running shared-services models who'd rather buy outcomes than negotiate seat licences
- Council CDOs who've been told "AI is the answer" but can't get past the DPO question on data residency
Tell us your DSAR / FOI volume. We'll quote.
15-minute scoping call. No demo, no slide deck, no procurement-speak. Tell us how many DSARs/FOIs you're sitting on and what your audit posture needs to be by 2 August. We'll come back with a fixed-price proposal you can drop straight into your finance papers.