Security & Compliance

Case Insight360 is built with a security‑first architecture designed for legal teams handling sensitive and confidential information. Every part of the platform — from document ingestion to AI processing — is engineered to protect your data and maintain trust.

1

Our Security Principles

We design every part of Case Insight360 around four core principles:

  • Confidentiality — Your documents and case data remain private and isolated.
  • Integrity — Data is processed accurately and protected from unauthorized modification.
  • Availability — The platform is engineered for reliability and consistent access.
  • Transparency — You always know how your data is handled and protected.
2

Encryption in Transit & at Rest

All documents, extracted text, and case data are encrypted using industry‑standard protocols:

  • TLS/HTTPS for all data in transit
  • Encrypted storage for documents, text, and backups

This ensures your information remains protected at every stage.

3

Role‑Based Access Controls

Access to case materials is restricted using role‑based permissions:

  • unique user accounts
  • secure password requirements
  • optional two‑factor authentication (TOTP)
  • least‑privilege access for internal operations

Only authorized users can view or manage case data.

4

Case‑Level Isolation

Each case is processed and stored in its own isolated environment. This prevents:

  • cross‑matter exposure
  • accidental mixing of facts
  • unauthorized access to unrelated cases

Isolation applies to documents, extracted text, embeddings, and AI‑generated outputs.

5

AI Processing & Data Handling

AI processing is performed within your case boundary. We do not:

  • use your documents to train external models
  • share your data with third‑party AI providers
  • mix your data with other customers' data

Your documents remain your property at all times.

6

Audit‑Friendly Logging

We maintain logs that support:

  • internal review
  • security investigations
  • compliance workflows

Logs include authentication events, system activity, and administrative actions.

7

Continuous Security Hardening

Security is an ongoing process. We regularly:

  • update dependencies
  • review access controls
  • monitor for vulnerabilities
  • improve internal safeguards
  • refine isolation and sandboxing mechanisms

As the platform evolves, so do our protections.

8

HIPAA‑Ready Infrastructure

While Case Insight360 is not a covered entity, the platform supports workflows involving protected health information (PHI) by providing:

  • encrypted storage
  • secure processing
  • access controls
  • audit‑friendly logging
  • isolated case boundaries

A Business Associate Agreement (BAA) is available for Premium and Enterprise plans.

9

Data Ownership & Retention

You control your data at all times.

  • Documents remain in your account until you delete them
  • Deleted documents are permanently removed
  • Backups follow standard retention schedules

Your data is never used to train external AI models.

10

Report a Security Concern

If you believe you've discovered a security issue, contact us at:

security@caseinsight360.com

We take all reports seriously and respond promptly.