Paranoid-Level Security
Top-tier security measures to protect your law firm's data.
AES-256 Data Encryption
ID numbers, phone numbers and addresses are stored encrypted at the database level using the AES-256-CBC algorithm. Even if accessed without authorization, personal data cannot be read.
bcrypt Password Hashing
All user passwords are hashed with bcrypt set to cost factor 12. Password history is enforced and old passwords cannot be reused.
JWT Token Security
15-minute access token and 8-hour refresh token stored in an httpOnly cookie. All tokens are transmitted over encrypted channels.
Account Lockout
After 5 failed login attempts, the account is locked for 15 minutes. All parameters can be configured from the admin panel.
Immutable Audit Trail
All events in the system are written to an insert-only immutable log table. No record can be deleted or modified.
Granular Role & Permission System
5 permission levels: System Admin, Branch Admin, Supervisor, Team Lead, Agent. Individual permission customization is supported.
Encrypted Auto Backup
GPG + gzip encrypted backups are automatically taken to an external disk or NAS. The encryption key is only in your office.
Off-Hours Login Alert
Login attempts outside business hours are immediately notified to administrators.