AES-256 encryption at rest
All client data, documents, and AI artifacts are encrypted at rest with AES-256, including database fields and file storage.
TLS 1.3 in transit
Every request between your firm, our infrastructure, and supporting services uses modern TLS with strong cipher suites only.
Tenant isolation
Every law firm is its own logical tenant. Row-level security policies enforce isolation at the database layer — not in application code.
Private AI inference
AI runs against gateway-mediated models with no public API training feedback. Your client data is never used to improve third-party models.
Zero-trust access control
Roles (Admin, Attorney, Paralegal, Client) gate every action. Privileged actions require step-up authentication and are written to a tamper-evident audit log.
Per-file audit trail
Every document upload, view, download, and share event is logged with actor, timestamp, IP, and user agent.
MFA enforced
Multi-factor authentication is required for all staff accounts. Enterprise plans support SSO/SAML and SCIM provisioning.
Compliance-aligned
Architecture aligned with GDPR, CCPA, and HIPAA principles. BAA available on Enterprise plans. US-based cloud regions only.
Your client data does not train public models.
Every AI task in Legal AI+ — form drafting, summarization, risk scoring, compliance monitoring — runs through a gateway that explicitly disables training feedback to upstream model providers.
Predictive scoring uses a per-tenant statistical layer trained only on your firm's own historical case outcomes. There is no cross-tenant data sharing of any kind.
Attorneys can review the input snapshot used for any AI artifact, see which model produced it, and reject the output before a client sees a single character.