Enterprise-Grade Security

Security lawyers can trust

We understand that legal professionals handle sensitive matters. That's why security and privacy aren't features—they're foundational to everything we build.

BYOK: Bring Your Own Key

Your AI queries never touch our servers

Unlike typical SaaS AI tools that proxy your queries through their infrastructure, LawSignals uses a direct connection model. When you use AI features, your queries go straight from your browser to OpenAI or Claude—we're not in the middle.

This matters for attorney-client privilege. Your research patterns, the bills you're analyzing, and the questions you're asking about legislation—all of it stays between you and your chosen AI provider.

How others do it:

Your query → Their servers → AI
They can see and log everything
Your data may be used for training

How LawSignals does it:

Your query → Direct to AI
We never see your prompts
Your key, your costs, your control

Enterprise security standards

Security controls that meet the requirements of the most demanding legal teams

SOC 2 Type II Certified

Annual third-party audits verify our security controls meet the highest industry standards. Our SOC 2 report is available under NDA.

End-to-End Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your data is protected at every stage.

US-Based Infrastructure

All data is stored in AWS data centers located in the United States. We do not transfer data to international servers.

Access Controls

Role-based access control (RBAC) ensures team members only see what they need. SSO/SAML available for Enterprise plans.

Audit Logging

Complete audit trail of all user actions for compliance and security review. Available on Firm and Enterprise plans.

Regular Backups

Automated daily backups with point-in-time recovery. Your data is protected against loss and can be restored quickly.

Data Privacy

Our privacy commitments

Clear, unambiguous promises about how we handle your data

We never train AI on your data

Your bill tracking data, search queries, and organization information are never used to train machine learning models—ours or anyone else's.

Your AI interactions are private

With BYOK (Bring Your Own Key), your AI prompts and responses go directly to OpenAI/Claude. We never see, store, or log these interactions.

You own your data

Your organization owns all data you create in LawSignals. Export it anytime in standard formats. Delete it anytime—we don't keep copies.

Minimal data collection

We only collect data necessary to provide the service. We don't sell your data or share it with third parties for marketing purposes.

Transparent data practices

Our privacy policy clearly explains what data we collect, why we collect it, and how long we keep it. No legal jargon or hidden clauses.

GDPR compliant

We follow GDPR principles for all users: data minimization, purpose limitation, and respect for data subject rights including deletion.

Data Ownership

Your data belongs to you

We're a tool for your practice, not a data company. Your organization owns everything you create in LawSignals—categories, watchlists, reports, notes, and settings.

Export anytime

Download all your data in CSV, JSON, or PDF formats

Delete anytime

Request complete data deletion—we don't keep hidden copies

No lock-in

Cancel anytime; your data remains accessible for 30 days

What we store vs. what we don't

We store (encrypted):

  • Account information (email, org name)
  • Tracking categories and keywords
  • Alert preferences and settings
  • Generated reports and exports

We never store:

  • Your AI API keys (encrypted client-side only)
  • AI prompts or responses
  • Full bill text (we link to sources)
  • Client information or matter details

Important Disclaimer

LawSignals is not a law firm and does not provide legal advice. The information provided through our platform is for informational purposes only and should not be construed as legal advice.

AI-generated content (summaries, analysis, comparisons) is provided as a research aid only. All AI outputs should be independently verified before relying on them for any legal purpose.

Legislative data is sourced from Congress.gov, LegiScan, and Open States. While we strive for accuracy, always verify critical information against official government sources.

For legal advice, please consult qualified legal counsel licensed in the relevant jurisdiction.

Questions about security?

Our team is happy to discuss our security practices, provide our SOC 2 report under NDA, or answer any compliance questions.