Security

Updated: February 28, 2020


Thousands of lawyers and dozens of bar associations trust Community.lawyer to collect, store, and transfer sensitive data. We protect our platform, and the apps you build on our platform, using modern, industry-standard security practices similar to those used by companies like Dropbox and Google. We also provide you with fine-grained controls over the data processed by the apps you build.

Physical Security

User data is stored using Amazon Web Services (AWS). AWS infrastructure is designed to meet the requirements of the most security-sensitive organizations in the world. AWS data centers are managed in accordance with leading data security standards, including SOC 1 - 3, PCI DSS Level 1, and ISO 9001 / ISO 27001.

Payment Processing

Community.lawyer complies with the Payment Card Industry’s Data Security Standards and can therefore accept or process credit card information securely. Community.lawyer certifies this compliance annually.

Security Policies

Community.lawyer maintains and regularly reviews and updates its information security policies.

Personnel

Community.lawyer is committed to conducting background screening at the time of hiring any new employees (to the extent permitted or facilitated by applicable laws and countries). In addition, Community.lawyer communicates its policies to personnel and requires new employees to sign non-disclosure agreements.

Encryption

Any data your app collects is encrypted in transit from the end-user's machine to our servers via Transport Layer Security (TLS). All data stored by Community.lawyer is also encrypted at rest.

Breach Notification

No provider of web-based services, including Community.lawyer, can guarantee perfect security of its data or systems. If Community.lawyer learns of a security breach, we will promptly notify affected users so that they can take appropriate protective steps.

Backups

Community.lawyer’s databases are backed up daily.

Your Responsibilities

Keeping your data secure also requires that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems.

Logging and Monitoring

Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorized Community.lawyer personnel. We will provide users with reasonable assistance and access to logs in the event of a security incident impacting their account.