Security

Security is the product. This page summarizes the controls AttorneyArmor maintains for its platform. It is maintained by AttorneyArmor and is not an independent certification.

Authentication & access

• SSO via Google with email/password fallback.
• Role-based access enforced by row-level security on every customer-scoped table.
• Least-privilege access for personnel; production access is logged and reviewed.

Encryption

• TLS 1.2+ for all data in transit.
• Customer data encrypted at rest using AES-256 by our managed database provider.
• Secrets stored in a managed vault; never committed to source.

Infrastructure

• Hosted on hardened cloud infrastructure with isolated production environments.
• Continuous dependency scanning and automated patching of platform code.
• Daily encrypted backups with point-in-time recovery.

Application security

• Mandatory code review and CI checks before deployment.
• Webhook signatures verified before processing inbound events.
• Internal penetration tests of the platform we provide to customers.

Responsible disclosure

If you believe you have found a vulnerability, please email security@attorneyarmor.com. We will acknowledge within two business days and coordinate remediation.