Our commitment to security, privacy, and reliability for legal and compliance teams.
SHA-256 content hashing, Ed25519 event signing, Merkle proofs, hash-chained ledger, offline verification, TLS 1.2+ in transit, encrypted at rest.
Read security architecture →We do not sell or share your document data. Tenant isolation enforced at the database level. Data retention configurable per plan.
Read privacy policy →Clear, fair terms. No surprise clauses. The core commitment: your documents are yours, we never use them for training or share them with third parties.
Read terms →GDPR-compliant data processing addendum available for all Business and Enterprise customers. Article 28 controller/processor relationship.
Request DPA →SOC 2 Type I readiness in progress. HIPAA posture available for healthcare customers. GDPR controller/processor materials available.
Contact for compliance details →Responsible disclosure policy. Report vulnerabilities to [email protected]. 48-hour acknowledgment SLA.
Read disclosure policy →We use a limited number of subprocessors for infrastructure, email, and analytics. Full list available on request for Business and Enterprise customers.
Request subprocessor list →Free: community support. Team: email, 48h response. Business: priority email, 24h response. Enterprise: dedicated channel, 4h SLA.
Contact support →For Enterprise procurement, we can provide: security whitepaper, penetration test summary, access control architecture, business continuity plan, incident response overview, and DPA with custom SCC language.
Request enterprise security packet →