Isolation
Per-firm tenant boundary
Data is partitioned by tenant ID at every query. No shared analytics, no shared indexes, no cross-customer retraining.
Security & trust
Built for the privileged work product on your hard drive.
Defense files are some of the most sensitive data in any attorney's possession. Caseflow treats them that way: isolated, encrypted under keys you control, never reused for anything but your case.
Encryption
Customer-managed keys
Every uploaded file is encrypted with a per-tenant AWS KMS CMK. Revoke the key and your data becomes cryptographically unreadable within minutes.
Transit
TLS 1.3 enforced
All traffic between your browser, our servers, and our processing tier uses TLS 1.3 with strict transport security. Internal service-to-service uses mTLS.
Auditability
Immutable audit log
Every file view, API call, and admin action lands in an immutable log we surface in the dashboard and export on request. No discovery request required.
Ethics walls
Conflict-of-interest gating
We actively decline accounts from prosecuting agencies in jurisdictions where our defense customers are active. Surfaced conflicts get migrated to sibling instances.
Deletion
Right-to-delete, signed
Default retention is 90 days after case close, configurable to immediate hard-delete with cryptographic erasure and a signed certificate of destruction.
Technical posture
- TLS in transit
- TLS 1.3 enforced
- At-rest encryption
- AES-256 + per-tenant CMK
- Key management
- AWS KMS (us-east-1)
- Authentication
- OIDC / SAML SSO on Enterprise
- Access control
- RBAC + firm-scoped sessions
- Audit logging
- Immutable, CloudTrail-backed
- Data residency
- USA only (no cross-border replication)
- Backup
- Daily snapshots, 30-day retention
- Penetration testing
- Annual + on material change
- Vulnerability scanning
- Continuous (Snyk + Dependabot)
Certifications
Where we are, where we're going
We don't claim certifications we haven't earned. Below is exactly where Caseflow sits in its compliance trajectory today.
- NowContinuous vulnerability scanning (Snyk + Dependabot) + per-deploy SASTIn progress
- Q3 2026Annual third-party penetration test + remediation reportScheduled
- Q4 2026External security-questionnaire portal for procurement teamsScheduled
- 2027Multi-region deployment options for low-latency tenants (US-West, US-Central)Roadmap
Need a BAA, DPA, or our security questionnaire?
We sign mutual NDAs and turn around questionnaires in under five business days.
Request documentation