Trust Center

Our focus is clear: implementing and continuously updating best-in-class security policies, procedures, and technologies. We attribute our success in passing the rigorous security and privacy reviews of high courts, prestigious law firms, and government agencies to this unwavering commitment. This section provides an overview of how we manage and uphold trust in our products, ensuring the highest standards of security for our clients.

Security

We employ best practices and adhere to industry standards in security and privacy, ensuring compliance with recognized general frameworks. This approach supports our clients and customers in meeting their own compliance standards.

Security Compliance

SOC 2 Type I

We undergo regular third-party audits as a part of our SOC 2 Type 1 compliance program. A copy of our most recent SOC 2 Type 1 report is available to Enterprise clients upon request and under NDA. 

Security Documents

Direct Downloads (no NDA required)

Available to all clients and customers without signing an NDA.

NDA Resources

Available to potential and existing Enterprise customers after signing an NDA. Request the latest SOC 2 Type II report.

  • SOC 2 Type I Report
  • Annual Penetration Test Summary

Cloud Security

Facilities

We host our Services Data in AWS, Google Cloud Platform, and Microsoft Azure data centers that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant. Learn more about compliance in our data centers.

Physical Security

AWS, Google Cloud Platform, and Microsoft Azure each implement comprehensive and multi-layered physical security measures at their data centers, which include features such as secure perimeter defenses, camera coverage, biometric authentication, and 24/7 guard staff. Learn more about physical security controls that protect our data centers.

Data Hosing Location

All LawCatch data centers and servers are geo-located within the United States.

Vendor Security

We perform due diligence activities over new vendors prior to contract execution and on an annual basis thereafter. Due diligence activities include an assessment of information security practices based on the assessed level of vendor risk. 

Network Security

Our network is protected through the use of advanced services from Google Cloud Platform, Amazon Web Services, and Microsoft Azure. These platforms provide robust controls, including: 

  • access restrictions, 
  • network security measures like firewalls and intrusion detection, 
  • and data encryption standards (AES, TLS 1.2+) to safeguard data in transit and at rest.

Our approach includes comprehensive monitoring and logging to detect and address security incidents, rigorous physical security measures at data centers, and stringent incident management protocols.

Logical Access

Access to sensitive resources, such as the development environment, code repository, or databases, is stringently controlled through a ticket-based system that requires review and approval. This procedure, along with regular access reviews and prompt termination of unnecessary access rights, upholds the security and confidentiality of data. 

Security Incident Response

Upon system alert detection, our incident response protocol is immediately activated. Our employees are thoroughly trained in security incident response, including established communication channels and escalation procedures. This ensures a swift, efficient, and coordinated response to any abnormalities detected at both the infrastructure and application levels, backed by the robust security layers of Google Cloud Platform, Amazon Web Services, and Microsoft Azure.

Encryption

All connections to and from the BriefCatch platform are encrypted both in transit and at rest via industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks, ensuring the highest level of security and data integrity during transmission.

Disaster Recovery

Our Disaster Recovery Plan ensures readiness for any disaster, with regular testing whenever significant procedural changes occur. This comprehensive plan includes organizational communication, disaster declaration, damage assessment, determination of service resumption timelines, and equipping employees for effective response. Managed by the Compliance Team, the plan also undergoes an annual review to maintain up-to-date backup documentation and ensure continuous preparedness.

Product Security

Authentication Options

Our Disaster Recovery Plan ensures readiness for any disaster, with regular testing whenever significant procedural changes occur. This comprehensive plan includes organizational communication, disaster declaration, damage assessment, determination of service resumption timelines, and equipping employees for effective response. Managed by the Compliance Team, the plan also undergoes an annual review to maintain up-to-date backup documentation and ensure continuous preparedness.

HR Security

Policies

Management has established comprehensive information security policies and procedures. These policies, reviewed and updated annually, encompass key security lifecycle areas, including data classification, security control selection and implementation, access authorization and management, as well as incident response. 

Security Awareness Training

BriefCatch provides awareness training to all employees and contractors on relevant topics such as cybersecurity, data protection, and regulatory compliance. 

Confidentiality Agreements

All new hires are required to sign Non-Disclosure and Confidentiality agreements.

Privacy

We have a dedicated privacy and data protection program, underscoring our commitment to ensuring transparency and control over our customers’ data.

Policies

AI Disclosure

The Artificial Intelligence Disclosure outlines how we use artificial intelligence technologies within our platform.  

Cookie Policy

The Cookie Policy provides information about how and when we use cookies on our websites and how and when we use cookies within our platform.

Privacy Policy

The Privacy Policy describes how we collect, use, share, and secure personal data.

Privacy Within Our Platform

Access Management

We do not access or use subscriber data for any purpose other than providing, maintaining, and improving the platform services and as otherwise required by applicable law.

Application Data

We do not collect, log, or retain the text from your documents.  No one can use, view, or reconstruct any of your document text at any point in processing.

Certifications

LawCatch, Inc. is SOC-2 Type 1 compliant, having achieved our certification in 2023 with the support of an independent audit by Strike Graph. This audit confirmed our controls related to our information security practices, policies, procedures and operations met the rigorous SOC 2 standards for Security as developed by the American Institute of Certified Public Accountants (AICPA).

Data Location

All data centers and servers are geo-located within the United States.

Retention and Removal

You retain complete control over your data. We comply with all applicable regulatory requirements to enable users to request the deletion of their personal data from our systems. Data retention and destruction policies are maintained to comply with industry best practices. Read more about these practices and how users can exercise their rights at https://briefcatch.com/privacy-policy/.

Our agreements and policies offer clear and comprehensive information about our services, aiding our subscribers in fulfilling their own legal and compliance obligations.

End User License Agreement (EULA)

The End User License Agreement (EULA) page for BriefCatch outlines the legally binding terms for using the BriefCatch software.

Master Terms

The Master Terms outline the terms and conditions of the agreement for both customers and subscribers, defining the usage, rights, and responsibilities associated with the services offered.

Service Level Agreement

The Service Level Agreement (SLA) specifies the expected levels of service performance, availability, and responsiveness guaranteed to the customer, detailing the metrics by which service is measured and the remedies or penalties should agreed-upon service levels not be achieved.

Policies

AI Disclosure

The Artificial Intelligence Disclosure outlines how we use artificial intelligence technologies within our platform.  

Cookie Policy

The Cookie Policy provides information about how and when we use cookies on our websites and how and when we use cookies within our platform.

Privacy Policy

The Privacy Policy describes how we collect, use, share, and secure personal data.