Your clients’ data is our highest priority

PII is redacted before AI form processing

When AI assists with form auto-fill and case research, sensitive field values are replaced with redacted placeholders before the data reaches Anthropic or OpenAI. The AI sees only tokens like [REDACTED]. After the AI responds, original values are restored server-side. Initial document analysis (e.g., passport scanning) requires the AI to view the document image to extract data. Both Anthropic and OpenAI guarantee zero training on API data — your documents are never used to improve their models.

Zero training guarantee

Your data is never used to train AI models. Both Anthropic and OpenAI’s API data usage policies explicitly prohibit training on API inputs and outputs. This is their default policy — not a custom agreement.

Minimal data retention by providers

Anthropic retains API data for up to 7 days for safety monitoring, then permanently deletes it. OpenAI retains for up to 30 days. On our side, only the extracted field suggestions are saved — not the full AI conversation history.

Granular AI consent

You control exactly which AI features are enabled. CaseFill works fully without AI — use it as a case management tool with manual form filling. AI features require explicit opt-in via your profile settings.

Prompt injection prevention

All user-provided text and PDF-extracted content is sanitized before AI processing. Protections include Unicode NFKC normalization, zero-width character stripping, AI delimiter removal, instruction override detection, and PDF hidden text scanning. Input length is capped at 10,000 characters per field.

AI usage tracking & audit

Every AI call is logged with model, token count, cost, processing time, and operation type. Usage is persisted to a dedicated audit table with row-level security — attorneys see only their own firm’s AI usage. AI-extracted data auto-expires after 90 days.

Encryption at rest

All data is stored in PostgreSQL via Supabase with AES-256 encryption at the storage layer. Sensitive PII fields receive an additional layer of application-level AES-256-GCM encryption before database storage, with unique initialization vectors per field.

Encryption in transit

All connections use TLS 1.3. This covers browser-to-server, server-to-database, server-to-AI-provider, and all internal service communication.

Authenticated encryption

AES-256-GCM provides both confidentiality and integrity. The authentication tag prevents tampering — if encrypted data is modified, decryption fails. Each encryption operation uses a cryptographically random 96-bit initialization vector.

Key management

Encryption keys are isolated per environment and never stored in code. Key rotation is supported — data encrypted with a previous key is automatically decrypted and re-encrypted with the current key.

Document storage

Uploaded documents (passports, I-94s, supporting evidence) are stored in encrypted Supabase Storage buckets. Access requires valid authentication and passes through row-level security checks.

Multi-factor authentication

TOTP-based two-factor authentication (RFC 6238) is available for all accounts. Backup codes use 128-bit cryptographic randomness (NIST SP 800-63B compliant). TOTP verification uses atomic PostgreSQL advisory locks to prevent race conditions, with replay protection via counter tracking. Rate limited to 5 attempts per 15 minutes.

Row-level security (RLS)

Every database query passes through PostgreSQL row-level security policies — 340+ policies spanning every table in the schema. Attorneys can only access their own firm’s data. Clients can only see cases they are associated with. Soft-deleted records are filtered from all queries, including admin queries. Role escalation is prevented by split UPDATE policies with WITH CHECK constraints.

Multi-tenant firm isolation

All case data is isolated by firm using firm_id-based RLS policies. Helper functions (SECURITY DEFINER) efficiently validate firm membership without recursive policy evaluation. Cross-tenant data access is architecturally impossible — the database engine rejects it before application code is reached.

Role-based access control

Four distinct roles — client, paralegal, attorney, and admin — each with explicitly scoped permissions. Frontend routes are deny-by-default for protected paths. Navigation items are filtered by role. Paralegals can assist with cases but cannot create them or access billing.

Session management

httpOnly, secure, sameSite=lax cookies prevent XSS-based session theft. 30-minute idle timeout with HMAC-signed timestamps (PBKDF2-derived key, 100,000 iterations). CSRF protection uses dual validation: Origin/Referer header checks plus X-Requested-With custom header verification. Content Security Policy with per-request cryptographic nonce blocks inline script injection.

Password security

Passwords are hashed using bcrypt via Supabase Auth — they are never stored in plaintext. Authentication endpoints are rate limited to 5 requests per minute. All secret comparisons use timing-safe functions to prevent timing attacks.

Fail-closed rate limiting

All API endpoints are rate limited using distributed sliding-window counters via Upstash Redis. If Redis is unavailable, the system falls back to in-memory rate limiting — it never degrades to unprotected access. 14 named rate limit tiers are configured for different endpoint sensitivities.

CSRF protection

Two-layer CSRF validation on all state-changing requests (POST, PUT, PATCH, DELETE). Layer 1 validates Origin and Referer headers against allowed origins. Layer 2 requires the X-Requested-With custom header, which browsers enforce CORS preflight for — preventing cross-site form submissions.

Content Security Policy

Strict CSP with per-request cryptographic nonce (128-bit, base64). No unsafe-inline scripts in production. frame-ancestors and object-src set to none. form-action restricted to same-origin. CSP violations are reported to a dedicated endpoint for monitoring.

Additional protections

Open redirect prevention validates all returnUrl parameters. Permissions-Policy disables camera, microphone, geolocation, and USB APIs. Request body size limits of 5MB on standard routes. All responses include unique request IDs for tracing. Input validation via Zod schemas on every API route. Parameterized queries prevent SQL injection.

Upload validation

Every uploaded file is validated before storage: magic byte verification (file signature matches claimed type), extension whitelist (PDF, JPEG, PNG, GIF, WebP, DOC, DOCX only), MIME type consistency checks, 50MB per-file size limit, and heuristic content scanning for suspicious patterns (scripts, executables).

Secure storage

Documents are stored in Supabase Storage buckets with randomized file paths (UUID-based, preventing enumeration). Access requires valid authentication and passes through row-level security checks. Download URLs are signed with time-limited tokens — 10 minutes for preview, 24 hours for download.

Access logging

Every document view, download, upload, and deletion is logged to a dedicated access audit table with IP address, user agent, and timestamp. These logs are protected by RLS and available to firm administrators.

URL validation & SSRF prevention

Internal storage URLs are validated for origin, protocol (HTTPS only), path structure, and path traversal attempts (including encoded variants). Only the documents bucket is accessible.

Comprehensive audit logging

All data changes across cases, documents, forms, and profiles are recorded with old and new values, the user who made the change, IP address, user agent, and timestamp. Audit logs are append-only — entries cannot be modified or deleted.

AI usage audit

Every AI operation is tracked: model used, token consumption, cost, processing time, and the operation type (form autofill, document analysis, drafting, research). Persisted to a dedicated table with RLS — each firm sees only its own AI usage.

Data retention

AI-extracted document data auto-expires after 90 days via database triggers. Audit logs are retained for 7 years per legal requirements, with automated archival support. GDPR deletion requests follow a 30-day recovery window before permanent anonymization.

PII scrubbed from logs

Application logs automatically redact 20+ PII field patterns including passwords, API keys, SSNs, passport numbers, dates of birth, phone numbers, and email addresses. Recursive scrubbing handles nested objects. Sensitive fields are also redacted in audit log entries.

Full AI opt-out

Use CaseFill entirely without AI features. Toggle AI consent off in your profile settings and CaseFill works as a traditional case management platform with manual form filling.

GDPR-compliant data export

Export a complete copy of your data at any time from Settings. Exported data includes cases, documents metadata, form data, and profile information.

Account deletion with recovery

Request account deletion from Settings. Accounts enter a 30-day recovery window, then all personal data is permanently deleted. Deleted accounts are anonymized (email changed to @deleted.casefill.ai). Audit logs are retained for 7 years per legal requirements.

No third-party tracking on client portal

The client portal does not include third-party analytics, tracking pixels, or advertising scripts. Error monitoring via Sentry is configured to exclude PII.