Our focus is clear: implementing and continuously updating best-in-class security policies, procedures, and technologies. We attribute our success in passing the rigorous security and privacy reviews of high courts, prestigious law firms, and government agencies to this unwavering commitment. This section provides an overview of how we manage and uphold trust in our products, ensuring the highest standards of security for our clients.
We employ best practices and adhere to industry standards in security and privacy, ensuring compliance with recognized general frameworks. This approach supports our clients and customers in meeting their own compliance standards.
We undergo regular third-party audits as a part of our SOC 2 Type 1 compliance program. A copy of our most recent SOC 2 Type 1 report is available to Enterprise clients upon request and under NDA.
Available to all clients and customers without signing an NDA.
Available to potential and existing Enterprise customers after signing an NDA. Request the latest SOC 2 Type II report.
We host our Services Data in AWS, Google Cloud Platform, and Microsoft Azure data centers that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant. Learn more about compliance in our data centers.
AWS, Google Cloud Platform, and Microsoft Azure each implement comprehensive and multi-layered physical security measures at their data centers, which include features such as secure perimeter defenses, camera coverage, biometric authentication, and 24/7 guard staff. Learn more about physical security controls that protect our data centers.
All LawCatch data centers and servers are geo-located within the United States.
We perform due diligence activities over new vendors prior to contract execution and on an annual basis thereafter. Due diligence activities include an assessment of information security practices based on the assessed level of vendor risk.
Our network is protected through the use of advanced services from Google Cloud Platform, Amazon Web Services, and Microsoft Azure. These platforms provide robust controls, including:
Our approach includes comprehensive monitoring and logging to detect and address security incidents, rigorous physical security measures at data centers, and stringent incident management protocols.
Access to sensitive resources, such as the development environment, code repository, or databases, is stringently controlled through a ticket-based system that requires review and approval. This procedure, along with regular access reviews and prompt termination of unnecessary access rights, upholds the security and confidentiality of data.
Upon system alert detection, our incident response protocol is immediately activated. Our employees are thoroughly trained in security incident response, including established communication channels and escalation procedures. This ensures a swift, efficient, and coordinated response to any abnormalities detected at both the infrastructure and application levels, backed by the robust security layers of Google Cloud Platform, Amazon Web Services, and Microsoft Azure.
All connections to and from the BriefCatch platform are encrypted both in transit and at rest via industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks, ensuring the highest level of security and data integrity during transmission.
Our Disaster Recovery Plan ensures readiness for any disaster, with regular testing whenever significant procedural changes occur. This comprehensive plan includes organizational communication, disaster declaration, damage assessment, determination of service resumption timelines, and equipping employees for effective response. Managed by the Compliance Team, the plan also undergoes an annual review to maintain up-to-date backup documentation and ensure continuous preparedness.
Users may access our platform using one of two authentication methods. Users have the option to utilize Microsoft Single Sign-On (SSO) for enhanced security and convenience, leveraging your existing Microsoft account. Alternatively, users may choose to authenticate using any valid email address, providing flexibility for users with different preferences.
Management has established comprehensive information security policies and procedures. These policies, reviewed and updated annually, encompass key security lifecycle areas, including data classification, security control selection and implementation, access authorization and management, as well as incident response.
BriefCatch provides awareness training to all employees and contractors on relevant topics such as cybersecurity, data protection, and regulatory compliance.
All new hires are required to sign Non-Disclosure and Confidentiality agreements.
We have a dedicated privacy and data protection program, underscoring our commitment to ensuring transparency and control over our customers’ data.
The Artificial Intelligence Disclosure outlines how we use artificial intelligence technologies within our platform.
The Cookie Policy provides information about how and when we use cookies on our websites and how and when we use cookies within our platform.
The Privacy Policy describes how we collect, use, share, and secure personal data.
Access Management
We do not access or use subscriber data for any purpose other than providing, maintaining, and improving the platform services and as otherwise required by applicable law.
Application Data
We do not collect, log, or retain the text from your documents. No one can use, view, or reconstruct any of your document text at any point in processing.
Certifications
LawCatch, Inc. is SOC-2 Type 1 compliant, having achieved our certification in 2023 with the support of an independent audit by Strike Graph. This audit confirmed our controls related to our information security practices, policies, procedures and operations met the rigorous SOC 2 standards for Security as developed by the American Institute of Certified Public Accountants (AICPA).
Data Location
All data centers and servers are geo-located within the United States.
Retention and Removal
You retain complete control over your data. We comply with all applicable regulatory requirements to enable users to request the deletion of their personal data from our systems. Data retention and destruction policies are maintained to comply with industry best practices. Read more about these practices and how users can exercise their rights at https://briefcatch.com/privacy-policy/.
Our agreements and policies offer clear and comprehensive information about our services, aiding our subscribers in fulfilling their own legal and compliance obligations.
The End User License Agreement (EULA) page for BriefCatch outlines the legally binding terms for using the BriefCatch software.
The Master Terms outline the terms and conditions of the agreement for both customers and subscribers, defining the usage, rights, and responsibilities associated with the services offered.
The Service Level Agreement (SLA) specifies the expected levels of service performance, availability, and responsiveness guaranteed to the customer, detailing the metrics by which service is measured and the remedies or penalties should agreed-upon service levels not be achieved.
The Artificial Intelligence Disclosure outlines how we use artificial intelligence technologies within our platform.
The Cookie Policy provides information about how and when we use cookies on our websites and how and when we use cookies within our platform.
The Privacy Policy describes how we collect, use, share, and secure personal data.
Whether it’s tightening your prose , fine tuning your transitions, or zapping lawyer-specific errors, BriefCatch’s expert interactive suggestions bring out your best writing.
