As an application used for intake of lots of sensitive information, we recognize the importance of excellent security practices. While we are a small team, we work hard to punch above our weight on security.
This document covers our security practices and policies.
Here's how we guard people's data:
All information exchanged between the browser and the server is encrypted while being transmitted and encrypted while saved on disk.
The app is hosted on cloud infrastructure in the United States - in a dedicated stack on Aptible (aptible.com), an application hosting provider that specializes in hosting apps with sensitive data.
We do not hold security certificates like SOC2 or ISO 27001 at this time at the application level - but our underlying infrastructure does (Aptible, which itself relies on AWS).
Any information entered by the attorney or the client user is deemed "User Data" per our terms and conditions - we facilitate the capture, storage and transfer of this information as directed by the user, and do not share it in any way.
We have Two Factor Authentication available to secure your account against compromised passwords, by requiring to generate a 6-digit code from an authenticator app upon sign in.
The information stored in DecisionVault is backed up nightly to guard against the unlikely event of hardware failure in the application hosting infrastructure.
We go through periodic checks (pentest) by a third party security research firm - we last passed this at the end of 2022.
We have error tracking tools in place in the application that monitor for problems and track technical information related to the type of browser, IP address and the action/page users were on when an error occurred.
We have automatic checks and scans in place that monitor the applications dependencies for vulnerabilities.
Any further questions? Email us at email@example.com.