Security

Trust earned, not claimed.

What we do today, what we're working toward, and what we won't pretend.

Encryption

All data at rest is encrypted with AES-256. All connections use TLS 1.3 minimum. Document storage hashes (SHA-256) are computed at ingest and re-verified at every production step. Application data lives in a managed Postgres 18 cluster on Railway, US region.

Schema-per-tenant isolation

Each firm's data lives in its own Postgres schema. There is no shared table, no shared row. The database literally does not have a path between two firms' data.

The architecture is built on django-tenants — a battle-tested pattern that physically scopes every query to the firm's schema based on the resolved tenant. A cross-tenant data leak would require a database-level configuration error, not an application bug.

SOC 2 — where we are, honestly

Brevio is pre-audit. SOC 2 Type II audit kicks off Q3 2026. In the meantime:

• MFA required for all firm administrators
• Append-only audit log on every action affecting documents, holds, productions
• Per-firm encrypted credential vault for AI provider keys
• Tenant-isolated Stripe billing with idempotent webhook handling
• JWT in HttpOnly Secure cookies, SameSite=Strict

We won't put a SOC 2 badge on this site until we have one. If your firm's information-security review needs a Type I letter or a DPA, email [email protected].

Audit log

Every meaningful action is recorded with actor, role, timestamp, and scope snapshot. The log is append-only — no edit, no delete. The Defensibility Report renders straight from these records.

Discovery without the vendor

Your data is yours. Export anytime, in standard formats — Concordance DAT, EDRM XML, native files with their original metadata. No retention hostage. No proprietary container format you can't open without us.

Sub-processors

Ready to put it through its paces?