CaseReady logo
CaseReady
Sign in

Security

Built for attorneys who need client-safe workflows

Encryption everywhere, strict access controls, and clear data handling so you can brief judges and clients with confidence.

View plansBack home

Encryption & storage

  • • TLS 1.2+ for all traffic; HSTS enforced.
  • • Files live in your Supabase project storage with AES-256 at rest (per Supabase-managed storage).
  • • Signed URLs for downloads from private buckets; links expire automatically.
  • • Secrets isolated via environment variables; no keys in client code.

Access control & identity

  • • Supabase Auth sessions with per-user tokens; MFA supported through your identity provider.
  • • Row Level Security on the `matters` table keeps exhibits scoped to the owner (and explicit shares if enabled).
  • • Least-privilege service access; no anonymous write paths to storage.
  • • Audit-friendly metadata: uploads tied to user IDs and timestamps.

Processing guarantees

  • • Exhibit generation runs in-memory; outputs stream back to you.
  • • No model training or secondary use of your files, ever.
  • • Logs exclude document contents; only operational events are captured.
  • • PDF/image cleanup avoids external processors beyond sharp/pdf-lib.

Data retention & deletion

  • • You own your data: delete matters to remove metadata; delete files from storage to remove PDFs.
  • • Time-limited session tokens; revoke sessions on sign-out.
  • • Backups are handled by your Supabase project policies; no hidden copies in CaseReady.

Operational safeguards

  • • Environment isolation (dev vs prod credentials, separate storage buckets).
  • • Error monitoring without payload data; PII minimized in logs.
  • • Principle of least privilege for internal tooling and access.
  • • Incident playbook with notification to impacted users if a material issue occurs.

Guidance for legal teams

  • • Validate exports before filing; ensure page ranges and Bates numbers meet local rules.
  • • Apply redactions prior to sharing; beta redaction tools are client-side only.
  • • Avoid uploading privileged material you cannot store in your own cloud bucket.
  • • Need a DPA? Reach out and we’ll provide one aligned to your jurisdiction.

Questions or review requests?

We're happy to walk your firm through our controls and help you configure private buckets, signed URLs, and access policies for your team.

Email usSee roadmap