Security

Your clients trust you.
You can trust us.

Enterprise-grade security built into every layer of the platform. From database architecture to AI processing — your data stays yours.

End-to-End Encryption

All data is encrypted at rest (AES-256) and in transit (TLS 1.3). API keys and secrets are stored in isolated vaults with hardware-level protection.

Row-Level Tenant Isolation

Every firm operates in complete data isolation enforced at the database level. Supabase Row Level Security policies ensure no cross-tenant data leakage — ever.

Zero-Retention AI Processing

Your documents are processed through AI models with zero-retention policies. No client data is used for model training. Analysis results are stored exclusively within your tenant.

GDPR Compliant

Full GDPR compliance with data processing agreements, right to deletion, data portability, and transparent processing records. Data hosted on EU-based infrastructure.

Access Controls & Audit Logging

Role-based access control with granular permissions. Complete audit trails for every document access, analysis run, and configuration change across your firm.

Infrastructure Security

Hosted on enterprise-grade cloud infrastructure with automated backups, DDoS protection, and 99.9% uptime SLA. SOC 2 Type II compliance in progress.

How we handle your data

Document Upload

Files are encrypted client-side before transmission and stored in isolated, tenant-specific storage buckets. Each bucket enforces strict access policies tied to your firm's authentication context.

AI Analysis

Documents are processed through zero-retention AI pipelines. Analysis prompts contain only the minimum context required. No client data persists in AI provider infrastructure after processing is complete.

Data Retention

You control your data lifecycle. All documents, analyses, and exports can be permanently deleted at any time. When a workspace or account is deleted, all associated data is purged within 30 days.

Backups

Automated encrypted backups run every 24 hours with 30-day retention. Point-in-time recovery is available on Enterprise plans. Backup data is encrypted with separate key material.

Questions about security?

Our team is happy to walk through our security architecture in detail.

Get in Touch