Security

We take the security of your documents seriously. Here's how we protect your data.

Encrypted Connections

All data transmitted between your device and our servers is encrypted using TLS (HTTPS).

Secure Authentication

We use Firebase Authentication with support for Google Sign-In and secure password authentication.

Secure Upload Links

Client upload links use unique, cryptographically secure tokens that can be revoked at any time.

Access Control

Only authorized organization members can access your intake requests and documents.

How We Protect Your Data

In Transit: All data sent between your device and our servers is encrypted using industry-standard TLS encryption. This ensures that your documents and information are protected from interception.

Authentication: We use Firebase Authentication, a trusted service from Google, to handle user authentication. This means your password is never stored on our servers, and you can use secure sign-in methods like Google Sign-In.

Access Control: Your documents are only accessible to authorized members of your organization. Our systems enforce strict access controls to ensure unauthorized users cannot access your data.

Client Upload Security

When clients upload documents through intake links:

Each link uses a unique, cryptographically secure token
Links can be set to expire after a specific date
You can revoke links at any time to prevent further uploads
All uploads are encrypted in transit

AI Processing

To provide document organization functionality, we use AI services to extract text and metadata from your documents. This processing is done through secure API connections to our AI providers (Anthropic and OpenAI). The extracted information is stored to enable you to manage documents efficiently.

Payment Security

All payment processing is handled by Stripe, a PCI-compliant payment processor. We never store your full credit card number on our servers. Stripe handles all payment data with bank-level security.

Your Responsibilities

Security is a shared responsibility. You can help protect your account by:

Using a strong, unique password for your account
Not sharing your login credentials with others
Only sharing upload links with intended recipients
Managing organization member access carefully
Signing out when using shared devices
Keeping your devices and browsers up to date

Reporting Security Issues

If you discover a security vulnerability or have concerns about the security of your account, please contact us immediately. We take all security reports seriously and will investigate promptly.

Questions?

If you have questions about our security practices, please don't hesitate to reach out. We're happy to provide more details about how we protect your data.