Trust & Security
Built on enterprise security standards, from day one.
LegalInk AI safeguards how India's most trusted firms work with sensitive legal data.
Trust at a glance
Encryption
TLS 1.2+ in transit, AES-256 at rest. All traffic terminates at hardened edge endpoints.
Authentication
Email verification, Google OAuth 2.0, role-based access control across team workspaces.
Hosting
Supabase enterprise infrastructure (Tokyo region). India (Mumbai) data residency on roadmap.
Privacy
DPDP-aligned data practices. Customer drafts and uploads are never used to train AI models.
Security architecture
Data handling
Drafts, uploads, and chat transcripts are stored in isolated tenant rows protected by row-level security policies. Files are processed in-memory for AI generation and are not retained by upstream model providers. We retain only what is required to render your dashboard and history; users can purge any draft at any time.
Access controls
Application access is gated by Supabase Auth with email verification, Google OAuth, and password complexity rules. Database access is restricted by RLS — users can only read and write their own rows; team members access only their organization's data via security-definer functions. Administrative access is limited to authorized LegalInk personnel and is logged.
Audit & monitoring
Enterprise workspaces maintain an append-only audit log covering 22 action types — logins, logouts, invitations, role changes, draft generation, version saves, letterhead changes, template publishes, plan modifications, and more. Every auth event captures IP address and user agent. Draft version history is preserved indefinitely for manual saves and 30 days for autosaves. Application errors are captured server-side with PII redacted before storage.
Incident response
Security incidents are triaged by our security team within 24 hours of discovery. Affected customers receive direct notification with scope, timeline, and remediation. We will publish a written post-mortem for any incident affecting customer data within 7 days.
Compliance roadmap
Honest milestones. We will update this page as each is completed.
Q2 2026 ✓
DPDP §11 compliance package published — data rights procedures, DPA, subprocessor list, and compliance questionnaire live at /trust
Q3 2026
SOC 2 Type 1 audit initiated
Q4 2026
ISO 27001 readiness + India data residency (Mumbai region)
2027
SOC 2 Type 2 attestation