Security Policy

1. Overview

Security is a core principle of our application. Our system is designed to handle sensitive legal documents with maximum confidentiality and minimal risk.

2. Client-Side Processing (Key Feature)

All document processing is performed locally in the user’s browser.

• Files are never uploaded to our servers
• Redactions occur entirely on the client device
• This eliminates server-side exposure risks

3. Data Minimization

We follow strict data minimization principles:

• Only essential data is collected
• No document content is stored
• No unnecessary access to user information

4. Secure Integration with Clio

• We use OAuth 2.0 for secure authorization
• Users explicitly grant access to their Clio data
• Access tokens are securely stored and managed
• Users can revoke access at any time

5. Encryption

We enforce strong encryption standards:

• HTTPS/TLS for all communications
• Secure handling of authentication tokens
• Protection against interception and tampering

6. Access Control

• Authentication is required for account access
• Role-based or user-specific access restrictions
• Secure session management

7. Infrastructure Security

• Hosted on secure, industry-standard platforms
• Regular updates and patching
• Protection against common vulnerabilities

8. Vulnerability Management

We actively monitor and address security risks:

• Regular testing and validation
• Prompt patching of vulnerabilities
• Continuous improvement of security practices

9. Incident Response

In the event of a security incident:

• Immediate investigation and containment
• User notification (if applicable)
• Corrective actions to prevent recurrence

10. User Responsibilities

Users are responsible for:

• Keeping login credentials secure
• Using secure devices and networks
• Properly managing access to their accounts

11. Compliance Mindset

We align with best practices for:

• Data protection
• Legal confidentiality expectations
• Secure software development