We understand the importance of security, privacy, and control to your legal team’s success. Safeguarding your data is our highest priority. This page describes some of the measures we take to ensure security for all our customers.
For security inquiries please contact us at email@example.com. To report a vulnerability, please see our vulnerability disclosure policy.
Data Encryption & Infrastructure
- Our data is hosted in the USA on Google Cloud Platform (GCP)
- We encrypt all user data at rest (AES-256) and in transit (TLS 1.2+)
- Within GCP, our virtual private cloud is protected by firewalls and monitored by an intrusion detection system
- We scan all code changes for vulnerabilities and exposed credentials
- We block deployment of code that does not pass security checks
- We apply dependency updates daily
- We use Single Sign-On (SSO) and Multi-Factor Authentication (MFA) for all business-critical applications, including any with access to your data
- We assess all vendors using a vendor risk management framework
- We perform background checks on all our employees and contractors
- We run annual security training
Testing & Auditing
- We conduct annual penetration testing
- We are currently being audited for SOC 2 Type II compliance