Security at LegalAtoms
Security is one of the biggest considerations in everything we do. If you have any questions after reading this, or encounter any issues, please let us know.
LegalAtoms has been audited for the following standards:
- National Network to End Domestic Violence's guidelines on Data Security
- NIST Cyber Security Framework
- PCI-DSS, the most stringent level of certification available in the payments industry
Our engineers who have access to client data attended training and successfully acquired Criminal Justice Information Services (CJIS) certification in the state of Washington via King County Prosecuting Attorney’s Office.
HTTPS and HSTS for secure connections
LegalAtoms forces HTTPS for all services using TLS (SSL), including our public website and the dashboard
- LegalAtoms.com is served only over TLS
- LegalAtoms connects to it's dependencies over TLS and verify TLS certificates on each connection
We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to ensure browsers interact with LegalAtoms only over HTTPS.
Encryption of sensitive data and communication
All user data is encrypted with AES-256. Decryption keys are stored on separate machines. None of LegalAtoms' internal servers and or computer processes can obtain unencrypted customer data; instead, they can just request that data be sent to a service provider on a static white-list. LegalAtoms' infrastructure for storing, decrypting, and transmitting customer data runs in separate hosting infrastructure, and doesn’t share any credentials with LegalAtoms' primary services (API, website, etc.).
Our security team rapidly investigates all reported security issues. If you believe you’ve discovered a bug in LegalAtoms' security, please get in touch at firstname.lastname@example.org. We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by LegalAtoms.