Security
Your clients' data is safe
We handle sensitive immigration data. Security is not a feature — it's the foundation of everything we build.
SOC 2 Type II
Certified infrastructure
TLS 1.3 + AES-256
Encryption in transit & at rest
99.9% Uptime
High availability guaranteed
End-to-end encryption
All data is encrypted in transit with TLS 1.3 and at rest with AES-256. No data travels unencrypted between your browser and our servers.
- TLS 1.3 on all connections
- AES-256 for stored data
- Encryption keys rotated periodically
Secure infrastructure (Supabase)
CasePilot is built on Supabase, which holds SOC 2 Type II certification and complies with GDPR. Your data lives on AWS us-east-1 servers.
- SOC 2 Type II certified
- Automatic daily backups
- 99.9% uptime SLA
Granular access control
Row-Level Security (RLS) ensures each law firm can only see its own data. No user from another firm can access your information.
- Row-Level Security on database
- Automatic session expiration
- Secure refresh tokens
Backups & recovery
We perform full automatic database backups daily. In case of an incident, we can restore to any point within the last 7 days.
- Daily automatic backups
- 7-day retention
- Documented disaster recovery
Regulatory compliance
We comply with GDPR, CCPA, and best practices for handling immigration data. We do not sell or share data with third parties.
- GDPR and CCPA compliant
- No data sold to third parties
- Data processing agreements available
Incident response
We have a documented incident response process. In case of a security breach, we notify affected users within 72 hours.
- Notification within < 72 hours
- Documented response plan
- Direct channel: seguridad@casepilot.app
Your data is yours, always
We do not sell, share, or monetize your firm's or clients' data. If you decide to cancel, you can export all your data at any time. We retain data for 30 days after cancellation before permanently deleting it.