Enterprise-Grade Security for Intellectual Property
Your patent data never leaves our secure infrastructure. Zero external AI training. End-to-end encryption. Controls aligned with SOC 2 Trust Services Criteria.
Frameworks We Align With
Built to Meet the Highest Standards
Our controls are designed and operated to meet the substantive requirements of these frameworks. Formal third-party certifications are on our roadmap as we scale.
SOC 2
Controls aligned
GDPR
Data protection practices
HIPAA
BAA-ready architecture
ISO 27001
Controls mapped
NIST CSF
Framework aligned
CCPA
Privacy rights honored
PCI DSS
Payments via Stripe (PCI-DSS Level 1)
FedRAMP
GovCloud-compatible
How We Protect Your Data
Security Architecture
SOC 2 Trust Services Alignment
Our infrastructure and operations are designed and operated against the AICPA SOC 2 Trust Services Criteria (Security, Availability, Confidentiality). A formal Type II attestation is on our roadmap as we scale — in the meantime, every access, change, and data flow is logged and verifiable, and we can walk enterprise customers through our control environment under NDA.
- Controls mapped to SOC 2 Trust Services Criteria
- Role-based access control enforced at the application layer
- Full audit trail in CloudWatch Logs for every data access and change
- Incident response plan documented and tested regularly
End-to-End Encryption
Data is encrypted at every stage — in transit via TLS 1.3, at rest via AES-256, and at the application layer via AWS KMS field-level encryption for sensitive patent data.
- TLS 1.3 for all data in transit — no exceptions
- AES-256 encryption at rest across all storage layers
- AWS KMS-managed keys with automatic rotation
- Application-layer encryption for sensitive fields (client names, patent details)
Zero AI Training Guarantee
Your patent data is never used to train AI models — ours or anyone else's. We operate our own AI infrastructure on AWS Bedrock with strict data isolation.
- No data shared with external AI providers for training
- Private AWS Bedrock deployment — models run in our VPC
- Data processed in-memory only, never persisted in AI systems
- Contractual guarantee: your data stays yours
Data Residency & Sovereignty
All data is stored and processed exclusively in the United States on AWS infrastructure. We do not replicate data outside US boundaries.
- US-East-1 (Virginia) primary region
- No cross-border data transfers
- AWS GovCloud compatible architecture
- Data deletion within 30 days of account closure
Infrastructure & Redundancy
Built on AWS with multi-AZ deployment, automated backups, and zero-downtime deployments. Designed for 99.9% uptime with disaster recovery.
- Multi-AZ deployment across AWS availability zones
- Automated daily backups with point-in-time recovery
- DDoS protection via AWS Shield and CloudFront
- Real-time monitoring with automated alerting
How We Compare
vs. Industry Standard
Most legal-tech platforms rely on shared AI infrastructure and basic encryption. We built something fundamentally different.
| Capability | | Industry Typical |
|---|---|---|
| SOC 2 Trust Services Criteria aligned | ||
| Zero AI training on customer data | ||
| Private AI infrastructure (no shared APIs) | ||
| Field-level encryption (AWS KMS) | ||
| TLS 1.3 in transit | TLS 1.2 | |
| AES-256 encryption at rest | ||
| US-only data residency | ||
| Role-based access control (RBAC) | ||
| Full audit trail (CloudWatch) | ||
| Data deletion within 30 days | 90+ days | |
| Multi-AZ redundancy | ||
| DDoS protection |
Comparison based on publicly available information from major legal-tech platforms as of 2026.
Common Questions
Security FAQ
We implement defense-in-depth security: TLS 1.3 for all data in transit, AES-256 encryption at rest, AWS KMS field-level encryption for sensitive patent data, role-based access control, and comprehensive audit logging via CloudWatch. Our infrastructure runs on AWS with multi-AZ deployment and DDoS protection.
Absolutely not. We operate private AI infrastructure on AWS Bedrock within our own VPC. Your data is processed in-memory for analysis and never stored in or shared with AI training pipelines — ours or any third party's. This is a contractual guarantee, not just a policy.
Upon account closure, all your data is permanently deleted from our systems within 30 days. This includes documents, analysis results, and all associated metadata. We provide a data export option before deletion and can issue a certificate of destruction upon request.
All data is stored and processed exclusively in AWS US-East-1 (Northern Virginia). We do not replicate customer data outside the United States. Our architecture is AWS GovCloud compatible for organizations with stricter requirements.
Yes. All accounts support MFA through our identity provider (Clerk). We support TOTP authenticator apps and SMS verification. Enterprise plans can enforce MFA for all organization members through admin policies.
We implement project-level role-based access control (RBAC). Team members are assigned to projects with specific permissions. All access decisions are logged and auditable. Client portal users have restricted views limited to shared content only.
Not yet. Our controls are designed and operated to meet the SOC 2 Trust Services Criteria, but we have not completed a formal Type II attestation — that engagement is on our roadmap as we scale. In the meantime, we're happy to share our security documentation, control inventory, and architecture details with enterprise customers under NDA so your security team can conduct its own review.
We maintain a documented incident response plan that is tested quarterly. In the event of a security incident, affected customers are notified within 72 hours per our contractual obligations. We conduct root cause analysis and publish post-incident reports.
Need a more detailed security review? We're happy to walk your team through our architecture.
Schedule a call with our security teamInterested in our product or investing? We're here to help.