Security & Compliance

You trust us with confidential case data protected by attorney-client privilege. We take that responsibility seriously. Attorney Workbench is built with security at every layer — encryption, access controls, audit logging, and compliance with legal industry standards.

How We Protect Your Data

🔒

Encryption at Rest

All data stored in Attorney Workbench is encrypted using AES-256, the same encryption standard used by financial institutions and government agencies.

🔐

Encryption in Transit

All data transmitted between your browser and our servers is protected with TLS 1.3. Every connection is encrypted, including API calls and file transfers.

👤

Access Controls

Role-based access controls ensure team members see only the cases they are assigned to. Firm administrators manage permissions, and all access changes are logged.

📜

Audit Logging

Every action in Attorney Workbench is logged: who accessed what, when, and from where. Audit logs are immutable and available to firm administrators on request.

🏙

Data Residency

All data is stored on secure servers in the United States. We do not transfer data outside the US. Backups are encrypted and geographically distributed for disaster recovery.

🛡

SOC 2 Alignment

We are pursuing SOC 2 Type II certification. Our infrastructure, processes, and controls are designed to meet SOC 2 Trust Service Criteria for security, availability, and confidentiality.

AI Security

Your data is never used to train models

Case data processed by our AI features is used exclusively to provide analysis and drafting for your cases. We do not use customer data to train, fine-tune, or improve AI models for other customers or for general use.

Secure AI processing

AI inference runs within our secure infrastructure. Data is not sent to third-party AI providers without encryption. Processing is ephemeral — case data is not retained in AI systems beyond the immediate request.

Attorney-client privilege preserved

We are designed to operate within the bounds of attorney-client privilege. Our terms of service and data processing agreements are crafted with input from practicing attorneys to ensure privilege is maintained.

Infrastructure Security

Hosting	SOC 2-compliant cloud infrastructure (US regions)
Database encryption	AES-256 encryption at rest
Network encryption	TLS 1.3 for all connections
Backups	Daily encrypted backups with 30-day retention, geographically distributed
Uptime target	99.9% availability SLA
Incident response	Documented incident response plan with 1-hour acknowledgment SLA
Vulnerability management	Regular security assessments and dependency scanning
Employee access	Least-privilege access, MFA required, background checks for all team members

Security FAQ

Is Attorney Workbench SOC 2 certified?

We are pursuing SOC 2 Type II certification. Our infrastructure is hosted on SOC 2-compliant providers, and we implement controls consistent with SOC 2 Trust Service Criteria including security, availability, and confidentiality.

Does AI processing compromise attorney-client privilege?

No. AI processing occurs within our secure infrastructure. Your case data is used only to provide analysis and drafting for your cases. We do not use your data to train models for other customers. We do not share your data with third parties.

Can I export all my data?

Yes. Full data export is available at any time in CSV and PDF formats. Your data belongs to you, and you can take it with you if you leave.

What happens to my data if I cancel?

Your data is retained for 90 days after cancellation in case you decide to return. After 90 days, data is permanently deleted from our systems and backups.

Do you have a Bug Bounty or Vulnerability Disclosure program?

Yes. If you discover a security vulnerability, please report it to security@attorneyworkbench.com. We take all reports seriously and respond within 48 hours.

Questions About Security?

Contact our team to discuss your firm security requirements.