Skip to main content
PREDICATE

Security at PREDICATE

We handle attorney-client privileged evidence. Security is not a feature — it is the foundation.

Security Architecture

Every layer of PREDICATE is designed with litigation-grade security requirements in mind.

Encryption

  • AES-256 encryption at rest for all stored data
  • TLS 1.2+ encryption in transit for all connections
  • Database-level encryption for sensitive fields

Access Control

  • Role-based access control (RBAC) with least-privilege defaults
  • Multi-factor authentication supported
  • Session management with automatic timeout
  • Per-case access permissions with audit trail

Audit Trail

  • Immutable, append-only audit log for all data access
  • Chain of custody tracking per document (FRE 901 compliant)
  • Login, search, view, download, and export events recorded
  • Exportable audit reports for compliance reviews

Infrastructure

  • Hosted on SOC 2-certified cloud infrastructure
  • US-based data centers with no cross-border data transfer
  • Automated daily backups with point-in-time recovery
  • DDoS protection and WAF at the edge

Data Handling

  • Attorney-client privilege protections built into access model
  • Privileged documents isolated from general search indexes
  • Data retention and deletion policies configurable per firm
  • No training on customer data — ever

Compliance Roadmap

  • SOC 2 Type I readiness: initiated Q2 2026
  • Annual penetration testing: scheduled Q2 2026
  • Vendor security questionnaire (SIG) available on request
  • SOC 2 Type II certification: targeted Q1 2027

Compliance Roadmap

Our path to enterprise-grade certifications. We believe in transparency about where we are today and where we are headed.

In Progress

Q2 2026

  • Engage SOC 2 readiness consultant
  • Complete initial penetration test
  • Implement security monitoring and alerting
  • Publish vendor security questionnaire responses
Planned

Q3 2026

  • SOC 2 Type I audit begins
  • Achieve SOC 2 Type I certification
  • Upgrade cyber liability insurance to $5M+
  • Complete SIG questionnaire for enterprise prospects
Planned

Q1 2027

  • SOC 2 Type II observation period complete
  • Achieve SOC 2 Type II certification
  • ISO 27001 gap assessment

Responsible Disclosure

If you discover a security vulnerability in PREDICATE, we encourage responsible disclosure. Please do not publicly disclose the vulnerability before we have had a chance to address it.

Contact: security@helmlegal.net

For vendor security questionnaires or to request our current SIG responses, contact security@helmlegal.net