Recently updated on April 9th, 2024 at 12:38 am
Security at LegalAtoms
Security is one of the biggest considerations in everything we do. If you have any questions after reading this, or encounter any issues, please let us know.
LegalAtoms forces HTTPS for all services using TLS (SSL), including our public website and the dashboard
- LegalAtoms.com is served only over TLS
- LegalAtoms connects to it's dependencies over TLS and verify TLS certificates on each connection
We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to ensure browsers interact with LegalAtoms only over HTTPS.
All user data is encrypted with AES-256. Decryption keys are stored on separate machines. None of LegalAtoms' internal servers and or computer processes can obtain unencrypted customer data; instead, they can just request that data be sent to a service provider on a static white-list. LegalAtoms' infrastructure for storing, decrypting, and transmitting customer data runs in separate hosting infrastructure, and doesn’t share any credentials with LegalAtoms' primary services (API, website, etc.).
LegalAtoms has two PGP keys to encrypt your communications with LegalAtoms, or verify signed messages you receive from LegalAtoms. Which key you make use of is dependent on the information needing to be transmitted:
if you’re unfamiliar with PGP, check out GPG, and start by importing a public key.
Our security team rapidly investigates all reported security issues. If you believe you’ve discovered a bug in LegalAtoms' security, please get in touch at security@legalatoms.com. We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by LegalAtoms.
Questions?
We're always happy to help with code or other questions you might have! Please contact support.