• Login

Security and Privacy

App4Legal’s security is paramount. At the core of our business is the protection of our customers’ personal data. This Security and Data Protection and Privacy Policy details our security measures and procedures on the protection of your information when using our products and services. App4Legal takes multiple steps to ensure that our products and services are encrypted and adhere to industry best practices when handling customer data. We are transparent with our security measures and privacy policies so that you are informed.

App4Legal’s Security Team

Our security team covers multiple areas, including product security, which is responsible for our products and services, Marketplace and add-ons. Our security team is also responsible for determining and responding to any security breaches. App4Legal security also covers security requirements for our products and services, and applications. We provide training to our employees on working securely.

Review of Security Policies

App4Legal regularly reviews security policies to ensure that we are up to date with the latest developments in security and data protection and privacy.

Internal Security Environment

App4Legal has several policies and procedures in place to safeguard our internal environment.

Security Operations

Information assets

App4Legal keeps track of information assets through production systems which are in the Cloud.

Change management 

Our change management process is very agile. Changes to code or infrastructure are reviewed and any adverse consequences are discussed. The number of reviews will depend on the nature of the change, critical or not. Our highly qualified engineers will flag any potential issues before a change is made. If a change poses too big a risk, the status quo will remain in place.

Business continuity and disaster recovery management

We have ensured that business continues as usual in the event of disruptions. App4Legal has plans for disruptions to ensure that our customers experience minimal outfall. Various activities are in place to meet our business continuity and disaster recovery objectives, including resiliency measures, testing and recording improvements. App4Legal monitors metrics to pick up on potential problems as soon as possible. Alerts notify our engineers when there is a supposed threat. Our disaster recovery tests cover our processes and systems. Test results are captured and analyzed. We conduct business impact assessments yearly.

Service availability

When creating a support request through our Service Desk, our Customer Support & Operations team will respond within the Service Level Agreement (SLA) detailed in the table below. We aim to satisfy customer requests within the same business day, to guarantee a high quality of service. We will use reasonable measures to provide support in accordance with the SLA. We will not, however, be responsible for any delays caused by the customer for reasons beyond our control. Our Customer Support & Operations team is available from 04:00 to 20:00 GMT, Sunday through Friday (i.e. all weekdays except Saturday). Our support agents are constantly monitoring the Customer Portal and the support channels to maintain the priority of our customers, especially when it comes to critical incidents. Clients can request support through one of the following channels:

  • Submitting a ticket on the Customer Portal through the Service Desk (signup is required for new customers)
  • Sending an email to: help@app4legal.com

SLA:

Type of Request Priority Definition First Time to response Time to Work-around by Remote Access Time to Final Resolution by Remote Access
Incident / Bug / Question Critical Any Defect, error, bug or malfunction that causes a failure or imminent failure of the software installed at Client servers and or on-cloud 2 Hours 6 Hours 2 Business Days
High Any Defect, error, bug or malfunction that causes significant system degradation, without causing Priority 1 (Critical) issue of the software installed at Client servers or on-cloud 4 Hours 8 Hours 2 Business Days
Medium Any Defect, error, bug or malfunction that affects the use of the Software but that is not: (a) a Priority 2 (High) request; (b) a Priority 1 (Critical) request; or (c) a single question functional or technical on the software installed at Client servers or on-cloud. 6 Hours 2 Business Days 4 Business Days

Our standard support includes:

  • Help with troubleshooting problems
  • Answering support requests related to App4Legal modules and licensing from both technical and functional perspectives
  • Bug fixing, executing of minor patches remotely on client servers in order to fix App4Legal bugs or getting automatically the fixes when on-cloud
  • Access to upgrades and new App4Legal versions for App4Legal on-server

Our standard support does not include:

  • Support and maintenance of App4Legal on client premises unless the client purchases on-site man-days
  • Development requests, including custom code development or support for non-certified third party software
  • App4Legal on-server, database integrity or server’s/networks performance issues, including tuning and technical optimization
  • App4Legal on-server, servers and hardware issues not directly related to App4Legal
  • Client network topology or environment issues

Backups and restore 

The backups of App4Legal are done on a regular basis. The backups are done in a timeframe where there is minimal activity on the servers. The backups are a full backup of all the data. Backups are done on two levels:

  1. Hosting Provider Backup: the backup of the whole image of the infrastructure server that is holding the customer application.
  1. Manual Backups: regular backups that are done on the server level, which is a more detailed backup of the files and folders of the Application and should act as another backup plan in case the first backup failed to restore.

Our recovery time objectives and recovery point objectives attempt to strike a balance between a few factors, including cost, benefits and risk.

Sanity checks and backup resilience

Backup Restoration Tests are periodically conducted to test whether the Backup and Restoration process is working properly. The Sanity Checks of the backups are conducted on local/cloud machines and are done every month after the latest backup is taken.

Regular security tests

At App4Legal, we conduct at least 2 yearly security checks on our platform using the most cutting-edge methods available. These tests are conducted by an independent security consultant company.

Geographic redundancy

App4legal has geographic redundancy in place. This means that we have multiple servers backing up the client data. We backup customers’ data from when they start using App4Legal. In the unlikely event of a server failure or loss, this means that your data will still be accessible to you.

Secure development practices

App4Legal adopts a secure development lifecycle approach throughout the different stages of the development. App4Legal secure SDLC involves security testing into the existing development process. This includes writing security requirements alongside functional requirements and performing risk analysis during the design phase of the SDLC.

Coding practices

App4Legal follows development best practices in order to cater to the highest security standards. The below standards and procedures are followed in App4Legal SDLC:

  • OWASP Top 10 best practices for web applications
  • Data & Input Validation
  • Data & Input Sanitization
  • Peer-To-Peer Code Review

Security training and awareness

App4Legal provides security training sessions for developers, architects, and QA. The focus is on secure design principles, security issues, web security, and encryption.

Data Security 

Data centers

App4legal offers hosting options On Cloud (Microsoft Azure UK) – Private SaaS – On Premise. Read more about Microsoft Azure security Trust your cloud | Microsoft Azure

SSL Encryption

App4Legal uses bank-grade TLS/SSL (Secure Sockets Layer) 256-bit encryption, which protects the data in transit. Any customer data in App4Legal cloud products is encrypted to protect it from unauthorized access. Our implementation of TLS enforces the use of strong ciphers and key-lengths where supported by the browser. Data drives on servers holding customer data in App4Legal products use full disk encryption, using industry-standard AES-256 algorithm. Providers of SSL certificates assure the identity of the website you are visiting by checking references and researching the company before the certificate is awarded. These SSL certificates are used every time you send data between your computer and the hosting server of a website to ensure the identity of the company or entity you are visiting. Once the website is verified by this certificate, an initial connection is made. During this initial connection, both connections agree to an encryption protocol. This is used to establish a secure connection between the two computers – this is the SSL itself. The data is scrambled in transit in order to protect your information, making it difficult for anyone in the middle to intercept and collect your confidential information.

Password policies

App4legal stores passwords using Bcrypt hashing with Salt and utilizes the password strength guidelines to evaluate whether a new password is legitimate.

Login Protection

Login protection will allow up to 3 failed login attempts after which the account will be suspended.

Credit card/subscription information security

To preserve your privacy and the security of your information, SSL encryption is used to secure all sensitive connections, including those involving credit cards.

Mobile device security

Your credentials are shielded from outside sniffing by App4Legal Mobile App’s use of Access Tokens to authenticate with the Core Application.

Permissions

When adding a new user to your App4Legal account, account permissions are a crucial factor to consider. It is important to consider how the responsibilities people perform, in your firm or organization, relate to your account with App4Legal.

Groups

The Groups feature lets you classify different user types into specific categories or groups. The groupings may be “Partners,” “Attorneys,” “Paralegals,” or “Assistants” for various businesses.

Monitoring account sessions

Through App4Legal security settings, you can view which IP addresses your users are using to get into your App4Legal account.

Audit log

For debugging reasons, App4legal’s user audit login collects user email, login date, result, IP address, and other data.

Tenant isolation

We understand that tenant separation is fundamental, therefore we take action to ensure that the data of one customer does not interfere with the data of another customer. We achieve tenant isolation by providing 2 levels of segregation: 1st level, each client has his own database and credentials; 2nd level, every client has his own attachment path.

Personal Data Protection and Privacy

App4Legal takes every reasonable measure and precaution to protect and secure your personal data. We have dedicated procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction. We have several layers of security measures in place. In no particular order, they follow below.

Access to customer data

Customer data is never accessed without direct consent. We understand the importance of treating customer data with absolute privacy. Throughout App4Legal, employees are trained in the importance of handing customer data with the greatest care. Without the client’s consent, the App4legal Team does not have access to the client’s cloud-based data.

Use of personal data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. App4Legal may use Personal Data for the following purposes:

  • To provide and maintain our Service, including to monitor the usage of our Service.
  • To manage your Account
  • To contact you: regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
  • To manage your requests: to attend and manage your requests.
  • To adhere to legal obligations: App4Legal may disclose customer data to third parties and public authorities where such disclosure is regulated by law e.g., to avoid loss of value, including in connection with judgments, public authority orders, the customer’s bankruptcy, death or the like.

Retention of personal data

App4Legal will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and only use your Personal Data to the extent necessary to comply with our legal obligations. App4Legal has an obligation to delete customer data 90 days after termination of the subscription regardless of the reason for termination. App4Legal will not store any customer data after such time.

General Data Protection Regulation (GDPR)

App4Legal is committed to protecting our customers data by ensuring that we are fully compliant with the General Data Protection Regulation (GDPR) and its privacy regulations. The intention of the GDPR is to ensure that individuals have control over how their personal data us used. Articles 5 of the GDPR sets out the spirit of the legislation. It states that data should be processed with consent of the data subject in a transparent manner. Whenever you share your data with App4Legal, we remain accountable to you for how it is used. We ensure that your personal data receives adequate protection and safeguards, and that it is not accessed or shared without your consent. It also states that data must be collected and used for the purposes given, and only data that is needed should be collected. App4Legal will only use your personal data needed for the purposes set out herein. The GDPR also states that data should be maintained for accuracy and deleted where it is no longer relevant. App4Legal will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and only use your Personal Data to the extent necessary to comply with our legal obligations. Further it states that data should be stored in a way that preserves its integrity and confidentiality. App4Legal takes numerous steps to ensure that our products and services are encrypted and protected to ensure the integrity of your data.

Our GDPR actions to date

  • App4Legal has an appointed Data Protection Officer
  • A gap analysis of all our business processes has been performed where personal data is held or collected
  • We are continuously improving our privacy policy on our website to incorporate our GDPR compliance
  • App4Legal has mechanisms to identify potential data breaches where necessary as soon as is reasonably practicable
  • App4Legal provides training to all our employees and raises awareness of GDPR and its importance to business

Built with data residency (and physical security) in mind

App4legal provides hosting choices. Private SaaS – On-premises – On Cloud (Microsoft Azure UK). The hosting facilities used by App4Legal are inspected yearly for security certifications (such SOC 2 and ISO 27001) to make sure they use cutting-edge physical security features like biometrics, CCTV cameras, and round-the-clock on-site security.

SOC 1, SOC 2, SOC 3 and ISO 27001 Certifications

Our hosting provider is SOC 1, SOC 2, SOC 3 and ISO 27001 certified, which ensures that internal controls are in place and effective. For more information refer to https://docs.microsoft.com/en-us/compliance/regulatory/offering-soc-2