Security
How CaseReady protects your data
Encryption, access controls, and operational safeguards for legal workflows.
Encryption
- Transport: All data in transit is protected with TLS.
- Storage: Files are stored in your designated Supabase storage bucket. Access is controlled via auth/ACLs.
- Optional signed URLs: Downloads use time-limited signed URLs when buckets are private.
Processing & Isolation
- Exhibit processing runs in-memory; no training on your data.
- Uploads are tied to your authenticated account; RLS limits matter access to owners (and explicit shares if enabled).
- Logs exclude document contents; only operational metadata is retained.
Access Controls
- Auth: Supabase authentication with per-user session tokens.
- RLS: Row Level Security restricts matters to the owning user (and shared users if sharing is configured).
- Least privilege: Only authenticated users can upload, download, or delete their exhibits.
Data Retention
- You control your files. Delete matters to remove their metadata; delete storage objects to remove PDFs.
- No secondary use: Files are never used for AI training.
Operational Practices
- Monitoring and alerts on errors; no client content is stored in logs.
- Separation of environments (dev vs. prod credentials).
Your Responsibilities
- Review all outputs for accuracy and compliance with court rules.
- Ensure you have rights to upload and process any content.
- Use proper redactions before filing sensitive materials.