Security
Lawyer ToDo is built with security at its core. We understand the sensitivity of legal data and take every measure to protect it.
Data Encryption
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. Your case data, client information, and personal details are protected at every layer.
Authentication
Passwords are hashed using bcrypt with per-user salts. Session tokens are cryptographically signed and expire automatically. We never store your password in plain text.
Infrastructure
Hosted on Vercel's enterprise infrastructure with automatic scaling, DDoS protection, and global edge network. Database hosted on managed PostgreSQL with automated backups.
Data Ownership
Your data belongs to you. Export all of your data at any time in a standard JSON format. Delete your account and all associated data permanently whenever you choose.
Access Control
Each user's data is strictly isolated. All API requests are authenticated and authorized at the server level. No user can ever access another user's data.
Compliance
We follow industry best practices for data handling. Payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. We do not store any credit card information.
Questions?
If you have questions about our security practices, please contact us at support@lawyertodo.com.