Security & Compliance

Paranoid-Level Security

Top-tier security measures to protect your law firm's data.

AES-256 Data Encryption

ID numbers, phone numbers and addresses are stored encrypted at the database level using the AES-256-CBC algorithm. Even if accessed without authorization, personal data cannot be read.

bcrypt Password Hashing

All user passwords are hashed with bcrypt set to cost factor 12. Password history is enforced and old passwords cannot be reused.

JWT Token Security

15-minute access token and 8-hour refresh token stored in an httpOnly cookie. All tokens are transmitted over encrypted channels.

Account Lockout

After 5 failed login attempts, the account is locked for 15 minutes. All parameters can be configured from the admin panel.

Immutable Audit Trail

All events in the system are written to an insert-only immutable log table. No record can be deleted or modified.

Granular Role & Permission System

5 permission levels: System Admin, Branch Admin, Supervisor, Team Lead, Agent. Individual permission customization is supported.

Encrypted Auto Backup

GPG + gzip encrypted backups are automatically taken to an external disk or NAS. The encryption key is only in your office.

Off-Hours Login Alert

Login attempts outside business hours are immediately notified to administrators.

GDPR Compliance Checklist

Personal data processed only within the office
Record of Processing Activities (RoPA) can be maintained
Zero cloud dependency — no third-party data processing
Encrypted storage — AES-256
Access control — authorized personnel only
Data deletion and anonymization mechanisms
Secure transmission — LAN encryption with TLS
Event logging — immutable audit trail