Trust Center Security & privacy, in the open

The evidence, before the sales call.

JusticeX handles some of the most sensitive information people have. Here is how it's protected, who processes it, what we retain, where we are on compliance, and how neutrality is verified — labeled honestly, including what isn't finished yet.

01 Security

Protected in transit, at rest, and between parties.

Encryption & isolation

AES-256 at rest, TLS 1.3 in transit, per-tenant isolation, and role-based access controls. No system can guarantee absolute security, and we don't claim it does.

The privilege fence

Each party's private content is walled from the other unless it's meant to be shared, enforced by access controls in the product — not by policy alone. Operational contact details are stored separately and never entered into the comparison.

Redaction before sharing

Personal identifiers are removed before any cross-party sharing, with a reviewable diff and a counsel-signed redaction certificate at the checkpoint.

No training on your content

Customer content is not used to train public or third-party foundation models; we will operate under a zero-data-retention posture with our model provider for that content once that integration is live.

02 Compliance status

Where we're headed — planned and in development, with no certifications we haven't earned.

ItemStatusNote
SOC 2 Type IIPlanned · targeted 2026SOC 2 program planned; no audit engaged yet.
ISO 27001PlannedISMS scoping planned; not yet started.
GDPR / CCPA-CPRAPlannedDPA in development; data-subject rights will be honored per applicable law once live.
NY SHIELD ActPlannedReasonable-safeguards program and breach-response process in development.
HIPAAFuture · not a Business AssociateDo not submit PHI unless and until a BAA is in place. Sensitive health information is handled under applicable state law.
03 Subprocessors

Who processes data — kept current.

Each subprocessor operates under contractual confidentiality and security obligations. Items marked planned are engaged as the corresponding feature launches — not before.

SubprocessorPurposeStatus
NetlifyWebsite hosting and form submissionsCurrent
Cal.comScheduling / call bookingCurrent
Google WorkspaceBusiness email & calendarCurrent
Amazon Web Services (incl. Bedrock)Cloud hosting & AI inferencePlanned · at launch
Anthropic (Claude)AI model provider · zero data retention for customer contentPlanned · at launch
DocuSignE-signature executionPlanned
PlaidBank / identity verification (financial intake)Planned
04 Data handling

Retention, deletion, residency.

Information is retained only as long as needed to provide the Service, maintain the audit trail, and meet legal obligations; you may request deletion, subject to records the law requires us to keep. JusticeX operates in the United States. A Data Processing Agreement is available on request.

05 How neutrality is verified

Symmetry you can check.

Both parties receive the same prompts, the same models, and the same depth; a symmetry check runs on each output before it surfaces. A per-matter neutrality summary documents that the process ran evenly — the artifact a skeptical party or professional can review.

Draft for counsel review

This Trust Center describes current and planned controls; the final subprocessor disclosure, DPA, and jurisdiction-specific commitments are pending review and ratification by JusticeX outside counsel before final adoption. See the Privacy Policy, Terms of Service, and Disclaimer.