Note: LegalAligned is currently in development and coming soon. The information and terms provided on this page are placeholders and subject to change before the official launch.

Security

At LegalAligned, we prioritize the security of your data. This page outlines how we protect your information.

1. Secure Data Transmission

All data transmitted to and from LegalAligned is protected using encrypted connections:

HTTPS encryption for all web traffic
TLS encryption for email communications

2. Document Storage Architecture

We use a secure architecture that minimizes data exposure:

Document content is stored in OpenAI's secure vector stores, not in our database
Only document metadata (filename, size, upload date) is stored locally
Each organization has a dedicated vector store for data isolation
When you delete a document, it's removed from both our system and remote storage

3. Authentication & Access Control

Multiple layers protect access to your account:

Email verification required for every login using time-limited codes
Password requirements enforced (minimum 8 characters, complexity checks)
Passwords hashed using Django's PBKDF2 algorithm
Organization-scoped access - users can only see their organization's data
Workflow-based permissions control which team members can access requests

4. Application Security

Built-in protections guard against common vulnerabilities:

CSRF (Cross-Site Request Forgery) protection on all forms
XSS (Cross-Site Scripting) protection through template escaping
SQL injection prevention through parameterized queries
Input validation and sanitization
Secure session management with time-limited tokens

5. Activity Logging

All significant actions are logged for security and audit purposes:

User authentication events (login, logout, password changes)
Document uploads and deletions
Request creation and status changes
Access to sensitive features

6. Infrastructure Security

Our hosting infrastructure provides enterprise-level protection:

Database security managed by hosting platform
Network-level firewalls and isolation
Regular security updates and patches

7. Third-Party Security

We work with trusted providers for AI and payment processing:

OpenAI: Document storage and AI processing (SOC 2 Type II certified)
Stripe: Payment processing (PCI DSS compliant)
FastMail: Transactional email delivery

8. Data Privacy

We handle your data responsibly:

Data processing aligned with privacy regulations
No sharing of customer data with third parties for marketing
Data Processing Agreements available upon request
You maintain ownership of your content and documents

9. Reporting Security Issues

If you discover a security vulnerability, please report it responsibly:

Email: security@legalaligned.com

We take all security reports seriously and will respond promptly.

10. Questions?

If you have questions about our security practices, please contact us at support@legalaligned.com.