Security at LegalAtoms

Security is one of the biggest considerations in everything we do. If you have any questions after reading this, or encounter any issues, please let us know.

LegalAtoms has been audited for the following standards:

Our engineers who have access to client data attended training and successfully acquired Criminal Justice Information Services (CJIS) certification in the state of Washington via King County Prosecuting Attorney’s Office.

secure-png-

HTTPS and HSTS for secure connections

LegalAtoms forces HTTPS for all services using TLS (SSL), including our public website and the dashboard

  • LegalAtoms.com is served only over TLS
  • LegalAtoms connects to it's dependencies over TLS and verify TLS certificates on each connection

We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to ensure browsers interact with LegalAtoms only over HTTPS. 

Encryption of sensitive data and communication

All user data is encrypted with AES-256. Decryption keys are stored on separate machines. None of LegalAtoms' internal servers and or computer processes can obtain unencrypted customer data; instead, they can just request that data be sent to a service provider on a static white-list. LegalAtoms' infrastructure for storing, decrypting, and transmitting customer data runs in separate hosting infrastructure, and doesn’t share any credentials with LegalAtoms' primary services (API, website, etc.).

PGP

LegalAtoms has two PGP keys to encrypt your communications with LegalAtoms, or verify signed messages you receive from LegalAtoms. Which key you make use of is dependent on the information needing to be transmitted:

if you’re unfamiliar with PGP, check out GPG, and start by importing a public key.

Vulnerability disclosure

Our security team rapidly investigates all reported security issues. If you believe you’ve discovered a bug in LegalAtoms' security, please get in touch at security@legalatoms.com. We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by LegalAtoms.

Questions?

We're always happy to help with code or other questions you might have! Please contact support.