Reviewing our Core Security Measures

Learn about vLex's core data security measures. We cover our robust encryption, operational security, and legal tech compliance with standards like SOC2 and ISO 27001.

Summary

Learn about Vincent core data security measures. We cover our robust encryption, operational security, and legal tech compliance with standards like SOC2 and ISO 27001 to ensure your firm's sensitive information is always protected.

Why This is Important

We understand that the security and confidentiality of your firm's and your clients' data is a top priority. As an AI engineered for lawyers, Vincent is built on a foundation of trust and transparency. This guide outlines the core Vincent security measures we have implemented to protect your sensitive legal information at every level.

The vLex Trust Center: For the most comprehensive and detailed documentation on our security program, including access to policies and procedures, please visit our official vLex Trust Center.

Our Security Framework

Our security program is built on three key pillars: Data Protection, Operational Security, and Compliance.

1. Data Protection & Encryption

Your data is protected by default using industry-leading encryption and isolation standards.

  • Your Data is Always Encrypted: From the moment you upload a file to when it's stored on our systems, all your data is continuously protected. We use a FIPS 140-2 compliant cryptographic suite, a standard trusted by governments for securing sensitive information, for all data at rest and in transit.

  • Your Data is Always Isolated: To ensure your information is kept completely separate from other clients, each enterprise customer is assigned a unique, dedicated encryption master key. This means your data is encrypted with a key that is exclusive to your firm, making it logically separate and secure.

  • You Control Your Data's Location: We offer the ability to direct where your data is stored to meet your specific compliance and data residency requirements. We can configure your account to ensure that your data and encryption keys are hosted in a specific geographic region of your choice, including the US, AU, or EU. This provides you with maximum control over your data's location. To set up your preferred data residency, please contact our support team.

2. Operational Security

Our internal processes are designed to maintain a secure environment and provide you with full visibility.

  • Regular Penetration Testing: We regularly engage independent third parties to perform security penetration testing on our platform to identify and remediate potential vulnerabilities.

  • Detailed Audit Logs: We maintain detailed, third-party-managed audit logs of all access to data, providing a clear and immutable record.

  • Role-Based Access Control: Access to all internal systems and data is strictly controlled via role-based security, ensuring only authorized personnel can access sensitive information under specific, documented circumstances.

  • Customizable Data Retention: You can select the data retention period for your conversation logs and files (defaulting to one year), after which the data is permanently deleted.

3. Compliance & Third-Party Verification

We are committed to adhering to the highest international standards for security and data protection.

  • Certifications:

    • ISO 27001: vLex achieved ISO 27001 certification in May 2024.

    • SOC2: We successfully obtained our SOC2 certification in 2025.

Requesting Our Reports: For a copy of our official certification reports for your firm's due diligence process, please visit our vLex Trust Center or contact your account representative.

Our Data Architecture

We offer two models to meet the needs of different firms:

  • Multi-Tenant (Standard): By default, Vincent is a multi-tenant application where each client's data is logically isolated and secured. Your firm’s data is always encrypted with its own unique keys, ensuring it stays completely separate and confidential from all other clients.

  • Single-Tenant (Enterprise): For enterprise customers with specific compliance needs, we can provision a private, single-tenant instance of Vincent. This means your firm's version of the application runs on its own separate infrastructure, offering the highest possible level of isolation.

If your firm is interested in learning more about a private, single-tenant instance, please contact your account representative to discuss your specific needs.

Best Practices & Pro Tips

  • For detailed information on how we handle personal data, please review our official Privacy Policy.

  • Use the data residency and retention features to ensure your firm's use of Vincent aligns with your internal compliance policies.

Related Articles

What's Your Next Step?

New to Vincent?

Already a Vincent Customer?

See how Vincent can transform your practice. Request a personalized demo.

If you still have questions or need help with a specific feature, our team is here to assist. Contact our Support team.

Last updated

Was this helpful?