Security

Your client data is our responsibility.

CaseFill is built with the same standard of care you bring to your practice. Here's how we protect your data.

Hosted on Vercel's edge network with automatic HTTPS and DDoS protection

Database powered by Supabase, hosted on AWS infrastructure

99.9% uptime with globally distributed edge servers

PostgreSQL with Row Level Security (RLS) on every table

Every query is filtered by firm_id — Firm A cannot see Firm B's data

Complete tenant isolation verified and enforced at the database level

All data encrypted at rest using AES-256 (AWS/Supabase encryption)

All data in transit protected by TLS/SSL

No unencrypted data leaves our servers

Secure password hashing via Supabase Auth (bcrypt)

Concurrent session limiting — a new login automatically ends previous sessions within 30 seconds

Session timeout detection with automatic redirect to login

No shared logins, no session hijacking

All billing handled by Stripe — PCI-DSS Level 1 compliant

No credit card numbers or financial data stored on CaseFill servers

Secure checkout and customer portal powered entirely by Stripe

Social Security numbers and driver's license numbers are never stored in the database

Attorneys enter sensitive identifiers directly on PDF forms at the moment of filing

No encryption liability — if we don't store it, it can't be breached

CCPA compliant

Published Privacy Policy and Terms of Service

You own your data — export matters and contacts anytime via CSV

No data sold to third parties, ever

Daily automated database backups

Point-in-time recovery available

Disaster recovery procedures in place

Questions about security?