Safeguarding your personal information

Data Protection & Encryption

Data at Rest

We use the Advanced Encryption Standard (AES) 256-bit encryption to store your data, providing a level of security in line with leading US financial institutions.

Data in Transit

NetLaw strictly enforces the use of the Transport Layer Security (TLS) 1.2 encryption protocol when logging in or accessing any web application or service that deals with and/or transmits your personal information. This protocol not only ensures the secure transmission of your data, but also confirms the authenticity of our site.

Data Stored in the Cloud

In partnership with Microsoft Azure, we host all our production applications and databases in a secure cloud environment that meets the highest standards of data security and access controls, including PCI-DSS compliance. To learn more about the stringent security measures employed by Azure, you can visit Microsoft's Trust Center.

Data Ownership

We promise never to share, sell, or transfer any of your details or the data you store using our services without your explicit consent, unless our privacy policy states otherwise. Refer to our Privacy Policy to learn more.

Data Deletion

Your account, your control. If you request to delete your account, we assure the complete and irreversible removal of all data and documents associated with your account, including security backups, within 35 days from your request.

Identity Management & Authentication

Users have the option to use a password or two-factor authentication. We require complex passwords, stored using a non-reversible hash. Two-factor authentication grants access to users who prefer to use an email address or phone number to log in. To ensure additional security, we automatically log out users after a period of inactivity.

Sensitive Information Handling

At NetLaw, we never store credit card information, and we do not collect Social Security numbers. We avoid collecting HIPAA-scoped data whenever possible. However, some of our products, like advanced care directives and HIPAA authorizations, require the collection of some health information.

Certifications

SOC 2 Type II

NetLaw has achieved compliance with the Service Organization Control 2 (SOC 2 Type II) standards, as evidenced by a comprehensive examination and an independent CPA's report. This significant milestone, advancing from our initial SOC 2 Type I compliance, underscores our commitment to maintaining and continually enhancing robust information security policies and procedures. It provides third-party validation that our operations not only meet but exceed stringent controls for the security and privacy of our users' data, reaffirming our dedication to safeguarding our users' information with the highest level of diligence and responsibility.

Third-party support

For comprehensive security management, we work with Kobalt to ensure round-the-clock security monitoring and incident response, thereby maintaining the safety and integrity of your data.

Reporting

In the event of a system outage, we have implemented measures to maintain data security and robust disaster recovery and business continuity plans. If you identify a security issue affecting NetLaw or our users, we encourage you to report it to us at security@netlaw.com. We welcome any other security concerns as well - your safety is our priority.