I have a lot of security and privacy questions ... how do I get them answered?

LegalSifter has partnered with VeraSafe and Amazon Web Services to ensure both cloud security and privacy. You can learn more as follows: 1) Please see the following pages, for more information. Cloud Security Privacy Statement California Consumer Privacy Act (CCPA) Notice for California Residents Amazon Web Services Cloud Security 2) Please submit your organization's cybersecurity and privacy questionnaire to help@legalsifter.com or your LegalSifter Growth contact. We will complete it and return it to you.

Does LegalSifter use my contract data?

Only with your permission. We use client and partner contracts to improve the quality of our Sifters for everyone as part of our Sifter Improvement Program. With more clients, partners, and contracts, we make our Sifters more accurate, faster. Essentially, we chop contracts up into little pieces—words, phrases and sentences—and feed them to our algorithms. If you consent, we will use your contracts for Sifter research and development. Under no circumstances will your contracts be disclosed or identifiable to any third party, other than subcontractors involved in Sifter research and development. Without your consent, we will not use your contracts, other than as needed to provide technical support on your account.

Is data encrypted at rest and in transit?

Yes. LegalSifter encrypts data at rest and in transit. Data that is encrypted at rest includes the underlying storage for database instances and its automated backups. Data at rest, which includes Read Replicas, and snapshots, as well as S3 storage buckets, and application server storage, are encrypted using the industry-standard AES-256 encryption algorithm, with keys managed by AWS Key Management Service. For data in transit, LegalSifter utilizes TLS 1.2. LegalSifter received an A+ grade from Qualys’ SSL Labs analyzer. Communications between back-end infrastructure travel exclusively within a private network where connections are whitelisted as needed.

Do you offer Single Sign-On (SSO)?

Yes. At no additional cost, clients may enroll their organizations in Single Sign-On (SSO). You are a good candidate for SSO if you are already using an identity management system. We support a wide variety of identity providers. We support the following: Active Directory Federation Services (ADFS) Active Directory / LDAPSAML Google Workspace Microsoft Azure AD OKTA Open ID Connect PingFederate SAML / SAML 2.0 Others upon request.

Do you offer Multi-Factor authentication (MFA)?

Yes. LegalSifter supports Multi-Factor Authentication (MFA) for all organizations and users. MFA requires knowledge of your password and possession of your cell phone. Passwords must have a minimum of 15 characters, with complexity requirements enforced. Users must select a unique password up to 12 times before they may reuse an old password. Users set their own initial password before logging on for the first time. Accounts are locked after 5 consecutive failed login attempts. User accounts timeout after 30 minutes of inactivity.