Security for Law Firms
Built to protect the most sensitive client data you hold.
Estate planning matters carry family, financial, health, and fiduciary information. Statular collects, drafts, stores, and delivers it through controlled workflows — not unsecured email attachments and scattered files.
Controls
Six controls that matter to firms.
Encryption
Traffic is encrypted with TLS 1.2 or higher. Databases, document storage, and backups are encrypted at rest with AES-256.
Access control
Firm administrators manage team member access, revoke it when people leave, and assign role-based permissions.
Authentication
Attorneys sign in with Microsoft or Google. MFA is available for every account and recommended across attorney and client users.
Tenant isolation
Statular enforces ownership checks so users reach only the firm, matter, client, and document data they are authorized to view.
Auditability
Matter history records significant activity — document generation, questionnaire syncs, downloads, portal publishing, and client portal access.
AI privacy
Statular does not train AI models on customer data, and AI outputs remain first drafts subject to attorney review before use.
Compliance
The facts, stated plainly.
Statular runs a security program your IT and compliance teams can evaluate. Here is where things stand.
- Program
- An information security program aligned to the SOC 2 Trust Services Criteria.
- Infrastructure
- Foundational providers maintain current SOC 2 attestations, with hosting on Amazon Web Services in the United States.
- Encryption
- AES-256 at rest across databases, document storage, and backups; TLS 1.2+ on every connection.
- Authentication
- MFA available for attorneys and clients, with single sign-on through Microsoft and Google.
- AI
- Model access routed through AWS and Google Cloud, with no model training on customer data.
Secure by Workflow
Secure workflows, not just secure storage.
Security is strongest when the workflow changes too. Client questionnaires, uploads, portal messaging, document publishing, version history, and audit logs keep sensitive information inside the matter — from intake to delivery.
Read our full security overviewKeep client data inside a workflow built to protect it.
Move estate planning intake, drafting, and delivery off email and into a secure, audited platform.