Security at SignalDocs
Your legal data is sensitive. We treat it that way. Security and privacy are built into every layer of our platform — from encryption to access controls to AI processing.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your documents are never stored in plaintext.
Hosted on enterprise-grade cloud infrastructure (AWS/Azure) with automatic backups, DDoS protection, and redundant failover systems.
Your documents are never used to train our AI models. We have opted out of all AI provider training programs. Your legal data stays yours — period.
Granular permissions ensure that only authorized team members and reviewing attorneys can access your documents. Multi-factor authentication (MFA) is available for all accounts.
We conduct regular internal security reviews, vulnerability assessments, and penetration testing to identify and address potential risks.
Customer data is logically isolated at the application level. Your documents are not visible to other SignalDocs customers or third parties.
Our Security Program
SignalDocs maintains a comprehensive information security program with administrative, technical, and physical safeguards designed to protect customer data. Our security program includes:
- •Access Controls: Multi-factor authentication (MFA), role-based permissions, and regular access reviews to ensure only authorized personnel can access systems.
- •Network Monitoring: Continuous monitoring of error logs, security events, and privileged access to detect and respond to potential threats.
- •Incident Response: Documented procedures for investigating, containing, and remediating security incidents, including customer notification protocols.
- •Employee Training: Regular security awareness training for all team members on data handling, privacy, and security best practices.
- •Secure Development: Security is integrated into our software development lifecycle, including code reviews, dependency scanning, and security testing.
Third-Party AI Processing
When you use SignalDocs, your documents are processed through trusted third-party AI providers (such as OpenAI, Anthropic, and Google) to generate analysis and draft language. We have executed data processing agreements with each provider to ensure:
- •Your data is encrypted in transit and never stored by the AI provider
- •Your documents are not used to train AI models or improve services for other users
- •Data is processed solely to provide the Service you requested and is deleted immediately after processing
- •Providers adhere to SOC 2, ISO 27001, and other industry certifications
Data Retention & Disposal
We retain your documents and account data only as long as necessary to provide the Service or as required by law. Upon account deletion, all customer data is permanently deleted within 30 days using secure deletion methods that render data unrecoverable. You may request deletion of your data at any time by contacting us at support@signaldocs.ai.
Compliance & Standards
GDPR Compliant
Adheres to EU data protection requirements
CCPA Compliant
California consumer privacy protections
AES-256 Encryption
Industry-standard data encryption
TLS 1.3
Secure data transmission protocols
We are actively pursuing SOC 2 Type II and ISO 27001 certifications and will update this page as we achieve them.
Responsible Disclosure
If you discover a security vulnerability, we appreciate your help in disclosing it to us responsibly. Please email support@signaldocs.ai with a detailed description of the vulnerability. We will:
- •Acknowledge receipt within 48 hours
- •Provide an estimated timeline for investigation and remediation
- •Keep you informed throughout the resolution process
Have security questions?
Our team is happy to walk through our security practices, data handling procedures, and compliance roadmap. We can also provide additional documentation for enterprise customers.
Contact Us