At Legal Robot, we know we’re dealing with some of your most sensitive information by analyzing contracts and other legal documents, that’s why we take the security and confidentiality of our users very seriously. This Security Policy outlines what measures we take to ensure your data is kept secure and confidential.
If you are a security researcher and discover a vulnerability in our product, we would love to discuss your findings and would be grateful for your report. Please do not destroy or degrade the performance of our products and services, or violate the privacy and integrity of user accounts and data. As long as your research stays within the bounds of these criteria, we welcome the dialogue and can promise not to take legal action. To report a vulnerability, please use our HackerOne bug bounty program.
All data exchanged with our website or app is transmitted over a secure connection called Transport Layer Security (TLS), which is the successor to Securt Sockets Layer (SSL). TLS is the standard security technology for establishing an encrypted link between a web server and a browser. This secure link ensures that all data transferred remains private.
Unfortunately, there are different levels of TLS encryption and many newer methods that provide extra security are not yet supported by many companies. At Legal Robot, we pride ourselves on maintaining an A+ grade on the Qualys Labs SSL Report - we welcome you to test our SSL as well as our Security Headers.
Note about email: Unfortunately, email was not designed to be very secure. It’s similar to a postcard - anyone who handles it can read it. Please keep this in mind if you choose to analyze documents by forwarding them to firstname.lastname@example.org. We are working on implementing a secure email mechanism using PGP.
Passwords: we immediately encrypt passwords on the client side and only store hashed and salted passwords. Even if our servers are compromised, your password is safe.
After an analysis is completed and you review the results, Legal Robot can delete the contents of your document from our servers. Even if an attack is successful in the future - your sensitive information cannot be compromised if it doesn’t exist. If you continue to store the data on our servers, it will be secured with an encryption key only you have, so your information is unreadable by hackers, governments, and even our own administrators.
When you pay for Legal Robot services, we do not store any of your credit card information on our servers. Your credit card information goes directly from your browser to Stripe, a company dedicated to secure payment processing on PCI-Compliant servers. For more information, check out Stripe’s security policy.
Legal Robot is committed to working with security experts across the world to stay up to date with the latest security techniques. If you have discovered a security issue that you believe we should know about, we’d welcome working with you.
Please let us know about it through our HackerOne bug bounty program and we’ll make every effort to quickly correct the issue.
We use automated security scanning software to find vulnerabilities before hackers. We also continuously work with ethical hackers for penetration testing and provide rewards through our HackerOne Bug Bounty Program.