Security and Compliance

Your clients trust you with their most sensitive information. LegalEdge is being built to treat that responsibility as a first-class design constraint.

Our compliance commitments

The list below describes how LegalEdge is designed today and what we are working toward. Where a formal certification is not yet in hand, we say so.

SOC 2 Type II

On our compliance roadmap. We are building the controls and evidence-collection processes that a SOC 2 Type II audit requires.

AES-256 Encryption

Data is encrypted at rest with AES-256 and in transit with TLS so that it is protected end to end.

HIPAA Alignment

Designed around HIPAA Security Rule technical safeguards. Business Associate Agreements are discussed with Enterprise customers on a case-by-case basis.

ISO 27001 Alignment

Our infrastructure and processes are designed against ISO 27001 controls, with formal certification on the roadmap.

PCI DSS Aware Processing

Payment card data is routed to PCI DSS compliant processors. LegalEdge does not store raw card numbers.

GDPR Aware Design

Data processing, access, and deletion patterns are built with GDPR principles in mind. Specific data processing agreements are handled on request.

How LegalEdge is designed to protect your data

Infrastructure Security

Data is hosted in US-based cloud infrastructure with redundant power, networking, and cooling. Workloads are deployed across multiple availability zones so that single-zone failures are intended not to be customer-visible.

Access Controls

Role-based access control with granular permissions. Multi-factor authentication is available for all accounts. SAML SSO with Okta, Azure AD, and custom identity providers is offered on Enterprise.

Data Encryption

AES-256 encryption for data at rest. TLS for data in transit. Encrypted backups stored in geographically separated locations.

Monitoring and Response

Logging and alerting is built into the platform from the start. Audit logging covers user and system activity. Incident response procedures are written down, reviewed, and rehearsed.

Trust Account Protection

Trust and operating ledgers are isolated in the data model. Overdraft prevention is enforced before transactions are posted. Three-way reconciliation produces a tamper-evident record.

Business Continuity

Real-time data replication across regions. Point-in-time recovery is built into the database layer. A formal uptime SLA is available on the Enterprise plan.

CJIS Alignment

Criminal defense firms that handle Criminal Justice Information have specific compliance obligations under the CJIS Security Policy. LegalEdge is designed against those technical control requirements: advanced authentication, encryption, audit controls, and personnel security.

For a current CJIS alignment review or to discuss a specific jurisdiction's requirements, contact our security team.

Questions about security?

Our team is available to walk through specific controls and compliance requirements with your firm.

Contact Security Team Start Free

Free migration from Clio, PracticePanther, MyCase, and more.