Security and privacy Industry-recognized technologies and security frameworks

We have made it our top priority to safeguard 
your data with robust security measures.

Contact us

Built on trust

Our unwavering commitment to data privacy and security stands at the forefront of our operations. We've designed CaseMark to ensure the utmost confidentiality and protection of legal data, reinforcing the trust legal professionals place in us.
Our Trust Center demonstrates our real-time compliance with security controls. You can also request access to our SIG Lite 2024 and CAIQ questionnaires, pen test summary, and security credentials.
Visit our Trust Center

Security credentials

We use industry standards and verification by independent auditors, and take a comprehensive approach to secure our products and solutions. We are currently undergoing the testing period for SOC2, Type II and HIPAA certification. You can view our compliance with specific controls within our Trust Center.

Third-party penetration testing

CaseMark works with reputable third-party firms to conduct annual external penetration tests on our web application. All findings are addressed in accordance with our formally documented Vulnerability Management policy. We can provide a letter of attestation from the external firm for its most recent pen test upon request.

Data encryption and infrastructure

  • We never train our AI models with customer data.
  • We encrypt all user data at rest (AES-256) and during transit (TLS 1.2).
  • Our platform is hosted on Amazon AWS and Microsoft Azure, backed by guarantees on intrusion detection and physical security.
  • We have a clear privacy policy and terms of service outlining data usage, storage, and user rights.

Product
security

  • Dependency updates are applied daily.
  • User roles and permissions are implemented to control access to sensitive data and functionality.
  • User authentication uses SSO and Multi-Factor Authentication (MFA).

Organizational security

  • All our employees undergo background checks and annual security training.
  • We have vendor risk management practices in place.
  • We are currently undergoing a SOC 2, Type II security audit.
  • 24/7 monitoring and incident response.

Testing and auditing

  • We conduct annual penetration testing and quarterly vulnerability testing to proactively identify and fix security vulnerabilities.
  • Our policies cover IT assets, access controls, internet access, antivirus policies, remote access policies, and more.
  • We provide an audit log feature that tracks and records all user activities and system events.

Personal
expertise

  • Our security team is led by industry veterans.
  • Engineers undergo security training to maintain awareness and best practices.
  • Our policies cover IT assets, access controls, internet access, antivirus policies, remote access policies, and more.
  • We have risk management practices in place.

Frequently asked questions

Q

Does CaseMark receive customer data, and who does it come from?

A

CaseMark receives data from customers when they sign up for their account. We receive data via the legal transcripts that you upload to generate a legal summary.

We treat your  data and your clients’ data as confidential and highly sensitive and take extensive precautions to keep it safe.

Q

Where is the data stored?

A

Data is stored in the US within our AWS environment.

Q

Who has access to the data?

A

CaseMark operates with the principle of least privilege (PoLP) and limit employee access to the minimum level of permissions needed to complete their job.

All of CaseMark’s employees receive background checks and  complete annual security training.

Q

Do you have a Business Continuity / Disaster Recovery Plan?

A

Yes, as part of our preparation for HIPAA compliance we established a Business Continuity / Disaster Recovery Plan.

We are a remote first company. All personnel are equipped and trained to work securely and remotely with no interruption in their ability to provide services.

Q

Do you handle any payment processing?

A

CaseMark does not handle payment processing. We use Stripe for all payment card information storing and transactions.