Security & Privacy
Your legal documents deserve enterprise-grade protection. Here's how we deliver it.
AES-256 Encryption
All data is encrypted at rest and in transit using industry-standard AES-256 encryption. Encryption keys are held in a dedicated key management service with automatic key rotation, and every connection is enforced over TLS 1.2 or higher.
Per-Tenant Data Isolation
Every organization gets its own completely separate database and dedicated file storage. Your data is physically separated from every other organization. This is not a shared database with access filters; it's true isolation, enforced at runtime.
No AI Training on Your Data
Your documents are never used to train AI models. We use AI for processing your requests only. Your data is not retained by AI providers and is not used to improve their models.
SOC 2 and ISO 27001 Aligned
Our controls follow SOC 2 Trust Service Criteria and ISO 27001 control objectives for security, availability, and confidentiality. We do not currently hold formal SOC 2 or ISO 27001 certification; the architecture is built to support those requirements.
AI Access Mirrors User Access
The AI inherits exactly the access of the user making the request, never more. No grant means the AI cannot reference the file. View-only grant means the AI can read but not edit. Two users get different answers from the same chat based on their own access.
Compliance Pre-Check on Every AI Action
Before any AI-driven document change is applied, Juravie runs a jurisdictional pre-check. Risky edits are surfaced with the specific statute, a risk level (illegal vs unenforceable), and a compliant alternative. The user decides whether to proceed, apply only the safe parts, or cancel.
Audit & Forensics
Every session lifecycle event, every redline accept/reject, every grant change is recorded and retained for seven years. The Sessions Dashboard exposes the full timeline; CSV export feeds your SIEM. Drill into any document or any user in seconds.
Data Residency & Region Selection
Choose where your data is stored: Australia (Sydney) or the United States (Virginia). Your documents, database, and backups stay in the region you select, supporting data sovereignty requirements.
Geographic Access Controls
Access is restricted by country at the network edge. A Web Application Firewall blocks requests from outside your permitted region before they reach the application. The Australia and New Zealand region is reachable only from Australia and New Zealand; the United States region only from the United States. Blocked attempts are logged.
Additional Security Measures
Authentication & SSO
Sign in through your enterprise identity provider. Every request requires a valid authenticated session, and unauthenticated requests are rejected immediately.
Custom Roles & Per-File Restrictions
Build custom roles to mirror your firm's structure (paralegals, associates, partners, contract attorneys). Add per-user permission overrides for one-off exceptions, and per-file restrictions for sensitive matters with four independent access modes (View, Download, Edit, Delete). System role templates ship by default; you can clone, rename, and tune any role to match your needs.
Immutable Audit Trail
Every action is recorded in a tamper-proof audit system stored in your organization's own dedicated log storage and retained for seven years. Over 50 action types are tracked across documents, sessions, approvals, templates, compliance, and authentication.
Automated Backups & Recovery
Automated daily backups with point-in-time recovery within a seven-day window, so your organization's data can be restored after accidental change or loss.
Network & DDoS Protection
Enterprise-grade firewall, threat detection, and distributed denial of service protection block common web attacks and abuse attempts before they reach the application.
Data Export & Portability
Download a complete copy of all your data at any time. Your data belongs to you. Take it with you if you ever decide to leave.
AI Data Handling
AI processing runs independently for each organization under enterprise terms that prohibit data retention by AI providers. Your prompts and outputs are not stored after processing. For full details, see our AI Policy.
Questions About Security?
We're happy to discuss our security practices in detail. If you discover a security vulnerability, please report it responsibly to our security team.
Email [email protected].