Your evidence stays yours.
Legal documents contain the most sensitive facts of your life. We built CasePilot under one constraint: your evidence stays under your control. At upload, at rest, at retrieval, at export. No exceptions, no exports we can’t audit.
Encryption in transit and at rest
All documents are encrypted in transit with TLS 1.3 and at rest with AES-256. Cloudflare R2 object storage provides zero-trust access. No path exists to your files without your authenticated session.
Zero-trust evidence storage
Evidence files are addressed by content hash, not sequential IDs. Presigned upload and download URLs expire within ten minutes. There is no browseable bucket path. Even with a compromised URL, access expires before it can be forwarded.
Tenant isolation by row-level security
All evidence is stored in encrypted, tenant-isolated cloud storage. Each workspace's documents are keyed by workspace ID and isolated by Postgres row-level security policies enforced on every query. A misconfigured query fails with zero results, not a data leak.
Complete audit log
Every evidence upload, AI question, and export is logged with timestamp, user ID, and case ID. Logs are reviewed monthly as part of our security operations. Enterprise customers can export logs to their own SIEM.
Attorney-review-required exports
Every draft is marked [DRAFT — ATTORNEY REVIEW REQUIRED] in the header and footer of every export, regardless of subscription tier. The marker is enforced by the export pipeline; it cannot be removed by a setting.
SOC 2 Type II in progress
CasePilot is on the SOC 2 Type II readiness path. Current controls cover access management, change management, incident response, and availability monitoring. Enterprise sales can request the current trust report and controls matrix.
Transparency, documented.
Enterprise customers and their security teams can request the full controls matrix, penetration test summary, and vendor DPA package. We respond within two business days.
Request trust documentation →