Security Built for Legal Teams
Your contracts contain your most sensitive business information. We treat security as a foundational requirement, not an afterthought.
Our Security Pillars
Comprehensive protection at every layer of the stack.
Encryption at Rest & In Transit
All data encrypted with AES-256 at rest and TLS 1.3 in transit. Your contracts never travel unprotected. We leverage modern OAuth 2.0 flows. For Microsoft 365, we utilize Application Permissions with restricted scopes, ensuring our service only interacts with the specific sites or mailboxes you authorize. We prefer certificate-based authentication over client secrets to mitigate credential-theft risks.
Least Privilege Access
We request only the minimum permissions required to function. For Microsoft 365 integration, we use application-level permissions (app-only) that require explicit tenant administrator consent. Authentication is handled through Microsoft Entra ID with certificate-based authentication preferred over client secrets. Granular permissions ensure the right people see the right contracts.
Tenant Isolation
Every operation is scoped by tenant ID. Data from one tenant cannot be accessed by another, even at the database level. We enforce this through Row-Level Security, per-tenant encryption keys, and strict authorization checks on every API call.
Audit Logging
Comprehensive audit trails for every action. Full visibility into who accessed what and when. These logs are retained for compliance and troubleshooting, and are accessible through our admin interface. They form a permanent, unalterable record of all system activity—the definitive archive of your contract management operations.
Ephemeral Data Minimization
Emails attachments are processed only in memory and never stored. Contract files (those identified as contracts) are stored back on your sharepoint with only minimal metadata (source mailbox, timestamp, file hash, contract dates, etc) stored on GCP or AWS, along with audit logs.
Vendor Security Management
Rigorous assessment of all third-party vendors. Only SOC 2 Type II Compliant Infrastructure partners in our supply chain.
Data Sovereignty Options
For organizations with stringent data residency requirements, DealTracer offers flexible deployment options to ensure your data never leaves your approved boundaries.
- Self-Hosted Deployment
Install within your own VPC, private cloud, or on-premise infrastructure.
- Bring Your Own LLM
Use your own AI models for complete control over data processing.
- Regional Data Centers
Choose your data center location to meet regulatory requirements.
Compliance & Certifications
Meeting the highest standards in data security and privacy.
SOC 2 Type II Compliant Infrastructure
We only use SOC 2 Type II Compliant Infrastructure and annual audits are planned verifying security, availability, and confidentiality controls.
HIPAA Ready
Support available for healthcare organizations when installed in a HIPAA compliant environment.
GDPR Compliant
Full compliance with European data protection regulations.
Ready to Learn More?
Have questions about our security practices? Our team is ready to discuss how DealTracer protects your data and meets your compliance requirements.
Request a Security Discussion