Courtroom
ProductSecurityCompanyResourcesRequest Access

Built for the most sensitive matters in law

Courtroom protects your most confidential case materials, witness assessments, and litigation strategy — with security built from the ground up for high-stakes legal work.

Your data is yours. Always.

Security controls that match the stakes — built in, and independently verified.

Security Architecture

Pillars of enterprise security

No Model Training — Ever

Your data is never used to train, fine-tune, or improve any AI model. We run self-hosted models entirely within our own secure network, so your case materials never leave your secure environment. This is a contractual commitment in your DPA — not a policy we can change silently.

Enterprise-Grade Controls

Granular audit logs, role-based access control (RBAC), access control lists, and row-level security keep every action scoped and fully accountable. End-to-end encryption, isolated secure environments, and a multi-tenant architecture keep each firm's data separated — with fine-grained controls over user provisioning and access.

Data Sovereignty & Control

All data is stored and processed entirely within the United States — nothing ever leaves US jurisdiction. You set retention rules per matter and stay in control of deletion requests and disclosure, with full command over your data's lifecycle.

Independent Verification

Our security is validated by external experts, not just self-attested. Semi-annual penetration tests, third-party security audits, and ongoing assessments hold us to an objective standard — with critical findings remediated before the next engagement.

Zero Trust Architecture

Bring Your Own Key*, scoped authorization, and end-to-end encryption come together to deliver a complete zero trust architecture across your data.

Data Protection

How we protect your data

E2E Encryption

Your data is encrypted end-to-end — TLS 1.3 in transit and AES-256 at rest — so it stays protected at every stage.

Bring Your Own Keys*

Enterprise customers supply their own encryption keys. Key rotation and revocation are fully customer-controlled.

Access Controls

We enforce a guarded, change-logged approval process for any data access — every approved access is scoped, time-limited, and logged. For users, RBAC and ACLs enforce guarded, least-privilege enablement.

Data Controls

Set retention policies per matter, and request deletion at any time. Your data follows your rules through its full lifecycle and is permanently removed whenever you choose.

Compliance & Certifications

Independently audited at every layer

Our security program is built to the SOC 2 standard and is undergoing independent, third-party examination.

Talk to our team

SOC 2 Type I

In Progress

Our controls for security, availability, and confidentiality are designed and documented to the SOC 2 standard, and under assessment.

SOC 2 Type II

Coming Soon

An independent SOC 2 Type II examination will soon be underway, evaluating how those controls operate over time across all systems handling customer data.