Enterprise-grade security for sensitive evidence.
Your clients trust you with their most sensitive information. We take that responsibility seriously with bank-level encryption, independent audits, and comprehensive access controls.
Built on a foundation of security.
AES-256 encryption
All evidence is encrypted at rest using AES-256, the same standard used by banks and government agencies. Data in transit is protected by TLS 1.3.
- Encryption at rest and in transit
- Key management via AWS KMS
- Regular key rotation
- No plaintext storage ever
SOC 2 Type II architecture
Our infrastructure and processes are designed around SOC 2 Type II standards for security, availability, and confidentiality.
- Annual third-party audits
- Continuous monitoring
- Security policies and procedures
- Employee background checks
AWS infrastructure
Built on Amazon Web Services with enterprise-grade security, redundancy, and 99.99% uptime SLA. Optional GovCloud deployment available.
- Multi-region redundancy
- Automatic failover
- 99.99% uptime SLA
- GovCloud option for maximum security
Immutable storage
Evidence is stored using AWS S3 Object Lock, preventing any modification or deletion during the retention period — even by us.
- WORM compliance (Write Once Read Many)
- 7-year default retention
- Legal hold capability
- Tamper-proof audit logs
Control who sees what.
Role-based access
Granular permissions ensure users only access what they need. Attorneys, paralegals, and clients each have appropriate access levels.
Audit logging
Every action is logged with timestamp, user ID, and IP address. Logs are immutable and retained for the full evidence lifecycle.
Multi-factor authentication
MFA is mandatory for Firm Admin and Attorney roles, ensuring privileged access is always protected. All other roles can enable optional MFA. Enterprise plans support SSO/SAML integration.
Independently verified security.
SOC 2 Type II
Independently audited security controls
HIPAA ready
Healthcare data protection standards
GDPR compliant
EU data protection regulations
ISO 27001
Information security management
Common security questions.
Who has access to my evidence?
Only authorized users on your account can access your evidence. Family Evidence employees cannot access your data without explicit permission, and all access is logged. We use zero-knowledge architecture wherever possible.
What happens if Family Evidence is breached?
In the unlikely event of a breach, your evidence remains protected by AES-256 encryption. We maintain comprehensive incident response procedures, will notify affected users within 72 hours, and carry cyber liability insurance.
Can I get a copy of your SOC 2 report?
Yes, our SOC 2 Type II report is available upon request for prospective and current enterprise customers. Contact sales@familyevidence.com to request a copy.
Do you support single sign-on (SSO)?
Yes, Enterprise plan customers can integrate with their identity provider using SAML 2.0. We support Okta, Azure AD, Google Workspace, and other major providers.
Questions about security?
Our security team is happy to discuss our practices in detail. Contact us for our SOC 2 report or to schedule a security review.