ClientSignal™ was architected from day one for law firm and legal department information security standards, not retrofitted from general enterprise software.
Our architecture documentation, Data Processing Agreement, and Information Security Policy are available on request.
All client data is processed and stored exclusively on AWS infrastructure in US-East-1 and US-West-2. No data ever transits non-US servers. Contractually guaranteed in your DPA.
AWS US-OnlyPostgreSQL Row-Level Security ensures complete isolation. No firm's data is ever accessible by another firm's users, enforced at the database level, not just the application layer.
Zero Cross-ContaminationEvery data access event is written to an immutable PostgreSQL trigger table. Full audit trail available on request, who accessed what, when, and from where.
Tamper-Proof LogsInfrastructure SOC 2 Type II compliance inherited through Supabase, AWS, and Netlify. ClientSignal's own application-level SOC 2 Type II audit is in progress.
SOC 2 CompliantClientSignal™ uses AI analysis on a per-request basis. No client data is retained by the AI model or accessible outside your tenant. Contractually guaranteed.
Zero AI RetentionPKCE OAuth, JWT claims, and four-tier role-based access control. MFA enforcement and SSO/SAML integration are on the H2 2026 roadmap. Breach notification SLAs negotiable by firm.
Enterprise AuthFounding clients receive locked pricing through 2027, priority onboarding, and direct access to the ClientSignal™ product team.