Security

Overview

At Lawgical, we prioritize the confidentiality, integrity, and availability of user data. We use layered security controls and defense in depth to protect information in transit, at rest, and at access time.

Data in transit

• HTTPS with TLS 1.3 and strong encryption.
• JWT-based authentication and stateless sessions.
• OAuth2 providers for secure identity workflows.
• Passwordless magic-link sign-ins where supported.

Data at rest

• Encryption at rest for stored data.
• Infrastructure-level disk encryption.
• Additional protection for sensitive fields.

Architecture and isolation

• Multi-tenant architecture with firm-level boundaries.
• Firm-scoped data access in application queries.
• Database-level protections against cross-tenant access.
• Role-based access controls for firm users.

Backups and recovery

• Automated daily backups.
• Provider-managed recovery processes.

Infrastructure

• Containerized compute with workload isolation.
• Managed database services with encryption and backup policies.
• Secure object storage with access controls.
• Global CDN delivery for static assets.

Contact

For security questions or data deletion requests, contact support@lawgical.app.

Lawgical is a product by Gouldian Inc.