TRUST CENTER
Your Security. Our Priority.
Built from the ground up with attorney-grade security. SOC 2 Type II certified, AES-256 encrypted, and designed for the sensitive nature of family law practice.
SOC 2 Type II Certified
AES-256 Encryption
Zero-Knowledge Architecture
256-bit
Encryption
99.99%
Uptime SLA
Zero
Knowledge
SOC 2
Type II
CERTIFICATIONS
Industry-Leading Certifications
Third-party validated security you can trust. We don't just claim to be secure — we prove it through independent audits and certifications.
SOC 2 Type II
Certified
Annual third-party audit verifying our security controls, availability, processing integrity, confidentiality, and privacy.
Independent auditor review
Security controls validated
Annual recertification
AES-256 Encryption
Implemented
Military-grade encryption protecting all data at rest. TLS 1.3 secures every byte in transit.
256-bit encryption keys
Hardware security modules
Zero plaintext storage
GDPR Compliant
Compliant
Full compliance with European data protection regulations including right to erasure and data portability.
Data subject rights
Privacy by design
Cross-border transfers
AWS Infrastructure
Active
Enterprise-grade cloud infrastructure with 99.99% uptime SLA and automatic failover.
Multi-region redundancy
99.99% uptime SLA
Auto-scaling capacity
SECURITY RESOURCES
Deep Dive Into Our Protection
Detailed documentation on how we protect different aspects of your data. Each resource is designed to answer the tough questions security-conscious attorneys ask.
Most Viewed
Attorney Security
Your Strategy Stays Yours
Complete data isolation even when both parties use Splitifi. Zero-knowledge architecture ensures your case strategy, notes, and draft settlements remain invisible to opposing counsel.
Party isolationWork product protectionZero-knowledge
Learn more
Data Ethics
Judge Analytics Privacy
Aggregated, Anonymized, Ethical
How we collect judicial analytics from 400M+ court records while maintaining strict privacy safeguards. No individual case attribution, no personally identifiable information.
Anonymous aggregationCourt record sourcingNo PII exposure
Learn more
Litigant Protection
Your Personal Journey, Protected
Financial documents, personal notes, and case progress are encrypted with user-specific keys. Even Splitifi staff cannot access your sensitive documents.
User-specific keysDocument encryptionAI conversation privacy
Learn more
Legal
Privacy Policy
Transparent Data Practices
Our complete privacy policy covering what data we collect, how we use it, how long we retain it, and your rights to access, correct, or delete your information.
Data collectionRetention policyYour rights
Learn more
Legal
Terms of Service
Clear, Fair Terms
Service agreement, acceptable use policies, and legal terms governing your use of Splitifi. Written in plain language with no hidden clauses.
Service agreementAcceptable usePlain language
Learn more
Enterprise
Data Processing Agreement
Enterprise Compliance
For law firms and enterprise customers requiring a formal DPA for GDPR, CCPA, or internal compliance requirements. Customizable to your needs.
GDPR readyCCPA compliantCustom terms
Learn more
SECURITY ARCHITECTURE
Defense in Depth Architecture
Security isn't a single feature — it's woven into every layer of our platform. From the application code to the physical data centers, here's how we protect you.
Application Layer
Multi-factor authentication (MFA)
TOTP, SMS, or biometric verification for every login
Session management
Automatic timeout, device fingerprinting, concurrent session control
Input validation
SQL injection, XSS, and CSRF protection on every endpoint
Rate limiting
Intelligent throttling prevents brute force and abuse
Data Layer
AES-256 encryption at rest
All data encrypted before touching disk
TLS 1.3 in transit
Latest transport security for all connections
Field-level encryption
Sensitive fields like SSN encrypted separately
Secure key management
AWS KMS with automatic rotation
Infrastructure Layer
Private VPC
Isolated network with no public internet exposure
WAF protection
Web application firewall blocking malicious traffic
DDoS mitigation
Automatic scaling absorbs volumetric attacks
Intrusion detection
24/7 monitoring with automated response
Operations Layer
SOC 2 audited processes
Documented procedures reviewed annually
Immutable audit logs
Every action logged and tamper-proof
Background checks
All employees vetted before access granted
Incident response plan
Documented, tested, and ready to execute
COMPLIANCE JOURNEY
Our Compliance Journey
Security is a continuous investment, not a one-time checkbox. Here's our ongoing commitment to protecting your data.
2023
Initial SOC 2 Type I certification
2024
SOC 2 Type II certification achieved
2024
GDPR compliance validated
2025
CCPA compliance implemented
2025
Third-party penetration testing
2026
SOC 2 Type II renewal (in progress)
SECURITY FAQ
Questions Attorneys Actually Ask
Direct answers to the security questions that matter most to legal professionals. No marketing fluff — just the facts you need to make an informed decision.
Who can access my case data?
Only you and users you explicitly grant access to. Splitifi uses role-based access control (RBAC) with granular permissions. Our zero-knowledge architecture means even Splitifi engineers cannot read your case documents.
What happens to my data if I cancel?
You have 30 days to export all your data in standard formats (PDF, CSV, JSON). After 30 days, your data is permanently deleted from all systems including backups. We provide a certificate of destruction upon request.
How do you handle subpoenas for user data?
We notify users before disclosing data unless legally prohibited. We challenge overbroad requests. Our published transparency report shows all government requests received and how we responded.
Is Splitifi compliant with state bar ethics rules?
Yes. Our security architecture is designed to meet ABA Model Rule 1.6 (confidentiality) and state-specific technology competence requirements. We provide compliance documentation for bar audits.
Do you sell user data or use it for AI training?
Absolutely not. Your data is never sold, shared with third parties for their benefit, or used to train AI models. Your case data is your data, period.
What about AI conversation privacy with Splitifi IQ?
Splitifi IQ conversations are encrypted and stored only in your account. Conversations are not shared, analyzed, or used to improve our AI. You can delete conversation history at any time.
Have Security Questions?
Our dedicated security team is available to answer detailed questions, provide compliance documentation, discuss penetration test results, or walk through our architecture for your IT security review.
security@mysplitifi.com
Schedule a security call
We can provide SOC 2 reports under NDA
Security Without Compromise
Built for attorneys and litigants who demand the highest security standards for their most sensitive case data. Your security is our mission.