Last updated: August 29, 2017
SimpleLegal recognizes your expectation of privacy and security and we greatly value and appreciate the trust you place in us to maintain the privacy and security of your data. We have implemented business practices that limit the availability of confidential information. We have also implemented technical safeguards to reduce the likelihood of an external breach of our systems.
When is data available externally to third parties?
At no point do we share or disclose Submitted Business Information with any third party except for the following trusted third parties who assist us in operating our service:
- Information and files emailed to us may be received via Google Enterprise Email service
- Information and files uploaded to the application are received via inkfilepicker.com service
- Information and files, whether emailed or uploaded, may be saved into the Amazon S3 service or processed by another AWS cloud computing offering
- Raw Data and Analytic results are processed via Heroku PaaS offering
- Usage Data including URLs of pages visited and page response times are processed via Opbeat SaaS offering (https://opbeat.com/)
- Business Information should not be submitted through our customer service chat widget, but in the event that it is, that service is provided by Intercom (https://www.intercom.com/).
Other than the above exceptions, at no point is Raw Data disclosed to any third party not employed directly by SimpleLegal (a W2 employee) or contracted directly by SimpleLegal (a 1099 contractor).
Additionally, access to Submitted Business Information is limited to only those employees and contractors with a need that is critical to delivering our Service.
What business practices are in place to protect data?
SimpleLegal recognizes your expectation of privacy and security and we greatly value and appreciate the trust you place in us to maintain the privacy and security of your data.
To safeguard your information, we have the following business policies:
- Limit access to Raw Data only to specific named, senior-level employees
- Customers will be provided with the list of employees with access to their data at anytime they request
- Customers may contact those named employees
- Employees with access to the raw data will have undergone a thorough background check, including a search for a criminal record
- All employees and contractors required to use SSL connections when accessing email
- All employees and contractor required to only use secure connections when accessing Raw Data
- All application activity is logged including source IP address, user information, page visits, transactions processed, and other relevant information.
What technical safeguards are in place to protect data?
To safeguard your information from external attacks, we have implemented the following technical safeguards:
- Secure Socket Layer (SSL) connections using TLS 1.2 encryption to secure data transmissions
- Infrastructure located on Amazon Web Services with data centers accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1 (for payments)
- FISMA Moderate
- Sarbanes-Oxley Compliance
How are end users encouraged to protect data?
End users are responsible for maintaining the secrecy of their unique password and account information at all times. Each user is required to have their own unique login credentials.