Your Client Data,
Protected at Every Step.
Estate planning involves some of the most sensitive information your clients will ever share. EstateScribe is built from the ground up to keep it safe.
Marital Status:
Widowed
Phone number:
555/555-555
Address:
1425 Willow Creek Drive Napa,
Your Client Data,
Protected at Every Step.
Estate planning involves some of the most sensitive information your clients will ever share. EstateScribe is built from the ground up to keep it safe.
Marital Status:
Widowed
Phone number:
555/555-555
Address:
1425 Willow Creek Drive Napa,
Independent Security Audit-Currently Underway
Our security program is built in accordance with the SOC 2 framework - a widely recognized standard created by the American Institute of Certified Public Accountants (AICPA). We are currently undergoing a formal SOC 2 Type II audit conducted by an independent firm. Once complete, the report will be available to customers and prospective clients under NDA.
Our Team & Policies
Security starts with our people. Every team member is trained and held to a high standard
Security starts with our people. Every team member is trained and held to a high standard
Formal Security Program
We maintain a written security program that every employee knows and follows. It's built in accordance with the SOC 2 framework- one of the most widely used security standards in the industry.
Formal Security Program
We maintain a written security program that every employee knows and follows. It's built in accordance with the SOC 2 framework- one of the most widely used security standards in the industry.
Formal Security Program
We maintain a written security program that every employee knows and follows. It's built in accordance with the SOC 2 framework- one of the most widely used security standards in the industry.
Outside Security Reviews
We don't just check our own work. Independent security firms evaluate our systems and practices to make sure our protections hold up.
Outside Security Reviews
We don't just check our own work. Independent security firms evaluate our systems and practices to make sure our protections hold up.
Outside Security Reviews
We don't just check our own work. Independent security firms evaluate our systems and practices to make sure our protections hold up.
Employee Training
Every team member completes security training covering topics like recognizing phishing attempts, protecting passwords, and handling data responsibly.
Employee Training
Every team member completes security training covering topics like recognizing phishing attempts, protecting passwords, and handling data responsibly.
Employee Training
Every team member completes security training covering topics like recognizing phishing attempts, protecting passwords, and handling data responsibly.
Confidentiality Agreements
All team members sign a confidentiality agreement before their first day. We also run background checks on every new hire in accordance with applicable laws.
Confidentiality Agreements
All team members sign a confidentiality agreement before their first day. We also run background checks on every new hire in accordance with applicable laws.
Confidentiality Agreements
All team members sign a confidentiality agreement before their first day. We also run background checks on every new hire in accordance with applicable laws.
Annual Security Testing
At least once a year, we hire an outside firm to try to find weaknesses in our systems - a practice known as penetration testing. This helps us stay ahead of potential threats.
Annual Security Testing
At least once a year, we hire an outside firm to try to find weaknesses in our systems - a practice known as penetration testing. This helps us stay ahead of potential threats.
Annual Security Testing
At least once a year, we hire an outside firm to try to find weaknesses in our systems - a practice known as penetration testing. This helps us stay ahead of potential threats.
Clear Ownership
Responsibility for protecting your data doesn't fall through the cracks. Every security-related role and duty is clearly assigned and documented.
Clear Ownership
Responsibility for protecting your data doesn't fall through the cracks. Every security-related role and duty is clearly assigned and documented.
Clear Ownership
Responsibility for protecting your data doesn't fall through the cracks. Every security-related role and duty is clearly assigned and documented.
How we protect your data
How we protect your data
Your information is encrypted, monitored and stored securely in the United States
Your information is encrypted, monitored and stored securely in the United States
Trusted Hosting
EstateScribe runs on Amazon Web Services (AWS) - the same infrastructure trusted by major banks, hospitals, and government agencies. Learn more about AWS security →
Trusted Hosting
EstateScribe runs on Amazon Web Services (AWS) - the same infrastructure trusted by major banks, hospitals, and government agencies. Learn more about AWS security →
Trusted Hosting
EstateScribe runs on Amazon Web Services (AWS) - the same infrastructure trusted by major banks, hospitals, and government agencies. Learn more about AWS security →
U.S.-Based Storage
All customer data is stored in data centers located within the United States. Your information does not leave U.S. borders.
Outside Security Reviews
We don't just check our own work. Independent security firms evaluate our systems and practices to make sure our protections hold up.
U.S.-Based Storage
All customer data is stored in data centers located within the United States. Your information does not leave U.S. borders.
Always Encrypted
Your data is encrypted when it's stored and when it's moving between your device and ours - meaning it's unreadable to anyone who shouldn't have access.
Always Encrypted
Your data is encrypted when it's stored and when it's moving between your device and ours - meaning it's unreadable to anyone who shouldn't have access.
Always Encrypted
Your data is encrypted when it's stored and when it's moving between your device and ours - meaning it's unreadable to anyone who shouldn't have access.
Continuous Monitoring
We actively scan for vulnerabilities and monitor our systems around the clock. If something looks off, our team is alerted immediately.
Continuous Monitoring
We actively scan for vulnerabilities and monitor our systems around the clock. If something looks off, our team is alerted immediately.
Continuous Monitoring
We actively scan for vulnerabilities and monitor our systems around the clock. If something looks off, our team is alerted immediately.
Backups & Recovery
Your data is regularly backed up so nothing is lost in the event of a hardware issue. We have monitoring in place to catch service disruptions quickly.
Backups & Recovery
Your data is regularly backed up so nothing is lost in the event of a hardware issue. We have monitoring in place to catch service disruptions quickly.
Backups & Recovery
Your data is regularly backed up so nothing is lost in the event of a hardware issue. We have monitoring in place to catch service disruptions quickly.
Incident Response
If a security incident were to occur, we have a documented plan with clear steps for containment, resolution, and communication - so you're never left in the dark.
Incident Response
If a security incident were to occur, we have a documented plan with clear steps for containment, resolution, and communication - so you're never left in the dark.
Incident Response
If a security incident were to occur, we have a documented plan with clear steps for containment, resolution, and communication - so you're never left in the dark.
Who can access what
Who can access what
We limit access to your data to only the people who need it
We limit access to your data to only the people who need it
Strict Login Security
Access to our internal systems requires multiple layers of verification, including single sign-on and two-factor authentication. Strong password requirements are enforced across the board.
Strict Login Security
Access to our internal systems requires multiple layers of verification, including single sign-on and two-factor authentication. Strong password requirements are enforced across the board.
Strict Login Security
Access to our internal systems requires multiple layers of verification, including single sign-on and two-factor authentication. Strong password requirements are enforced across the board.
Need-to-Know Access
Team members only get access to the systems and data they need for their specific role - nothing more.
Outside Security Reviews
We don't just check our own work. Independent security firms evaluate our systems and practices to make sure our protections hold up.
Need-to-Know Access
Team members only get access to the systems and data they need for their specific role - nothing more.
Quarterly Reviews
Every quarter, we review who has access to what. If someone's role has changed or they no longer need access, permissions are adjusted or removed.
Quarterly Reviews
Every quarter, we review who has access to what. If someone's role has changed or they no longer need access, permissions are adjusted or removed.
Quarterly Reviews
Every quarter, we review who has access to what. If someone's role has changed or they no longer need access, permissions are adjusted or removed.
Password Management
All company devices include a password manager so our team uses strong, unique passwords for every service-reducing the risk of compromised accounts.
Password Management
All company devices include a password manager so our team uses strong, unique passwords for every service-reducing the risk of compromised accounts.
Password Management
All company devices include a password manager so our team uses strong, unique passwords for every service-reducing the risk of compromised accounts.
How we manage Risk
How we manage Risk
We regularly evaluate risks to our systems and carefully vet every vendor we work with
We regularly evaluate risks to our systems and carefully vet every vendor we work with
Annual Risk Reviews
At least once a year, we conduct a thorough review to identify potential risks to our organization and to your data - including fraud and emerging threats.
Annual Risk Reviews
At least once a year, we conduct a thorough review to identify potential risks to our organization and to your data - including fraud and emerging threats.
Annual Risk Reviews
At least once a year, we conduct a thorough review to identify potential risks to our organization and to your data - including fraud and emerging threats.
Vendor Vetting
Before we work with any new vendor or service provider, we evaluate their security practices. We don't let outside companies near your data unless they meet our standards.
Outside Security Reviews
We don't just check our own work. Independent security firms evaluate our systems and practices to make sure our protections hold up.
Vendor Vetting
Before we work with any new vendor or service provider, we evaluate their security practices. We don't let outside companies near your data unless they meet our standards.
Step into the future.
See how EstateScribe is helping lawyers work faster, stay organized, and deliver a better client experience.