Built for attorney-client privilege from day one.
Database-level isolation for every firm. AES-256 encryption at rest and in transit. Your data never trains our models. Security isn't a feature we added — it's the foundation we built on.
AES-256 Encryption
Database Isolation
SOC 2 Type II
In Progress
Multi-Factor Auth
Zero-Training Policy
Data Architecture
Every firm gets its own private database.
Not filtered rows in a shared table. Your own isolated database section — structurally inaccessible to every other firm on the platform.
Your Private Database
Separate Database
Separate Database
legal_public
Statutes, case law, federal rules — read-only, accessible to all firms
Encryption
Protected at every layer.
Encryption at Rest
All data encrypted with AES-256-GCM at the database level. Every byte stored is ciphertext — unreadable without the proper keys.
Encryption in Transit
TLS 1.3 for all connections. HTTPS enforced across every endpoint. No plaintext data ever crosses the wire.
Key Management
Encryption keys managed by our cloud infrastructure with automatic rotation. No plaintext secrets in application code.
Access Controls
The right people see the right things.
Role-Based Access Control
Admin, Attorney, and Viewer roles with granular permissions per matter and per document. Every API route is role-gated.
Multi-Factor Authentication
Multi-factor authentication with time-based one-time passwords (TOTP). Adds a critical layer against credential theft.
Single Sign-On
Enterprise SSO support via SAML 2.0 for centralized identity management across large firms.
AI & Your Data
Your data never trains our models.
All AI is accessed via enterprise APIs from Anthropic (Claude) and OpenAI with contractual zero-retention agreements. Your queries and documents are processed and immediately discarded — never stored, never logged, never used for training.
Your documents are never used to train or fine-tune any AI model
AI queries are processed by Claude (Anthropic) with zero-retention agreements
Embeddings are generated via OpenAI with data processing agreements in place
All AI processing happens in the request path — no background data sharing
You can delete all your data at any time — vectors, metadata, everything
Compliance & Infrastructure
Enterprise standards. Enterprise infrastructure.
All data hosted on AWS cloud infrastructure — SOC 2, ISO 27001, and FedRAMP certified. 4 security audits completed to date.
SOC 2 Type II
Currently pursuing SOC 2 Type II certification. All of our infrastructure partners are independently SOC 2 certified.
HIPAA Compliant
Database isolation, encryption at rest and in transit, role-based access controls, and audit logging — designed to support HIPAA compliance requirements.
ABA Ethics Compliance
Built around ABA Model Rule 1.6 (Confidentiality of Information). Our database isolation exceeds the 'reasonable measures' standard.
Data Residency
All data stored in US-based AWS data centers. No cross-border data transfers without explicit consent.
Infrastructure Partners
Enterprise-grade providers. Enterprise APIs.
Every service that touches your data is SOC 2 Type II certified and backed by the biggest names in technology. All AI providers are accessed via enterprise APIs with contractual zero-data-retention guarantees — your data is never stored, logged, or used for training.
| Provider | Backed By | Purpose | Data Processed | Certifications |
|---|---|---|---|---|
| Supabase | Built on AWS (Amazon) | Database & Auth | All application data | SOC 2 Type II |
| Anthropic (Claude) | Backed by Google, $8B+ raised | AI Research — Enterprise API | Query text + context (zero retention) | SOC 2 Type II |
| OpenAI | Backed by Microsoft, $13B+ invested | Embeddings — Enterprise API | Document text for vectorization (zero retention) | SOC 2 Type II |
| Vercel | Backed by Stripe, Accel, GV (Google) | Frontend Hosting & CDN | No PII stored or processed | SOC 2 Type II |
Provider
Supabase
Backed By
Built on AWS (Amazon)
Purpose
Database & Auth
Data Processed
All application data
Certifications
SOC 2 Type II
Provider
Anthropic (Claude)
Backed By
Backed by Google, $8B+ raised
Purpose
AI Research — Enterprise API
Data Processed
Query text + context (zero retention)
Certifications
SOC 2 Type II
Provider
OpenAI
Backed By
Backed by Microsoft, $13B+ invested
Purpose
Embeddings — Enterprise API
Data Processed
Document text for vectorization (zero retention)
Certifications
SOC 2 Type II
Provider
Vercel
Backed By
Backed by Stripe, Accel, GV (Google)
Purpose
Frontend Hosting & CDN
Data Processed
No PII stored or processed
Certifications
SOC 2 Type II
Security FAQ
Common security questions
Security questions? Let's talk.
Our team is happy to walk through our security architecture in detail.