How DocLegal.AI Keeps Your Data Secure
At DocLegal.AI, we understand that the security of your data is paramount. As such, we employ industry-standard measures to protect your data. Here’s an overview of our data security practices, including how we handle data retention, storage, and ongoing monitoring.
GenAI Use and Commitment to Data Privacy and Security
- Separation of Data: We keep our documents and customer database separate from third-party LLMs used, ensuring that customer data is protected.
- User Privacy: Your data is stored in a secure cloud database, segregated by user accounts. This guarantees that private and confidential information remains exclusive to you.
- No Data Usage for Training: We do not use private and confidential information including user conversations to train third-party LLMs.
- Transparency: We encourage users to review our Privacy Policy and Terms of Service to understand how your information is collected, used, and stored.
Data Retention by Third-Party LLMs
Third-party LLMs used at DocLegal.AI adopt a zero data retention policy, where personal data from API requests are not retained.
Data Storage and Processing
Your data is securely stored in a cloud-based SQL database designed for high security and reliability. Additionally, we use a specialized vector database for efficient document searching. This dual-layer approach ensures that your data remains both accessible and secure.
Trusted Collaborations
We partner with highly secure and certified service providers who meet rigorous industry standards, ensuring your data is handled with the utmost care.
Database Security Measures
We implement several safeguards to protect our databases from unauthorized access, including:
- IP Blocking: Restricting access to recognized IP addresses.
- Access Controls: Utilizing a Relational Database Management System (RDBMS) for managing permissions.
- Secure Credential Storage: Keeping sensitive information encrypted and secure.
Proactive Vulnerability Monitoring
We actively monitor our systems for vulnerabilities using advanced tools to identify and mitigate risks, ensuring continuous operational integrity.
Encryption Standards
To protect your data, we implement strict encryption standards:
- Data in Transit: All communications are secured using HTTPS protocols.
- Password Security: Customer account passwords are encrypted, making them inaccessible to unauthorized users.
Third-Party Integration Compliance
We strive to ensure that third-party integrations comply with our security protocols for data transfer. Compliance largely depends on the policies of the third-party services we utilize.
Authentication
For your protection, our policy regarding account lockouts is straightforward: after three failed login attempts, you will be prompted to "try again later." This measure helps prevent unauthorized access.
