Security & Trust
Security & Trust
Legitym handles sensitive legal data. Here is exactly how we protect it.
AES-256
Encryption at Rest
TLS 1.3
Encryption in Transit
99.99%
Uptime SLA
0
Data Breaches
Encryption
In Transit
TLS 1.3 (HTTPS on all connections)
At Rest
AES-256 (database + file storage)
Documents
Encrypted on Cloudflare R2 (ISO 27001 certified)
Infrastructure
Application
Vercel
SOC 2 Type II
Database
Neon PostgreSQL
SOC 2
Storage
Cloudflare R2, Europe region
ISO 27001
Payments
Stripe
PCI-DSS Level 1
DNS
Cloudflare
ISO 27001
Artificial Intelligence
- State-of-the-art AI models (Google Cloud AI)
- Google does NOT retain API data for training.
- Google Cloud Platform Terms of Service, Section 5.2.
- Requests are processed in memory and deleted after response.
- Vertex AI EU option available for European data residency.
- Roadmap: private server option (self-hosted AI) for ultra-sensitive cases.
Authentication
- OAuth 2.0 (Google, GitHub)
- Passwords hashed with bcrypt (12 rounds)
- Encrypted JWT sessions
- Rate limiting on all APIs (brute-force protection)
Compliance
- GDPR compliant (right of access, rectification, erasure, portability)
- Lawyer professional secrecy: Art. 66-5 of the Law of 31/12/1971
- DPA available on request
- Data anonymized in the marketplace until mutual agreement
Best Practices
- Audited code (automated tests, code review)
- No plaintext data in logs
- Database access restricted and encrypted
- Automatic daily backups (Neon)
- Security headers: HSTS, CSP, X-Frame-Options, X-Content-Type-Options
Certifications In Progress
We are actively working toward industry certifications.
SOC 2 Type I
Planned Q3 2026
ISO 27001
Planned Q4 2026
CNB Validation
Planned Q4 2026
Report a Vulnerability
If you discover a security vulnerability, please report it to our security team immediately.
Bug bounty program coming soon.
security@legitym.com