FullProof is purpose-built for litigation—an environment where attorney–client privilege, data confidentiality, and the integrity of case materials are non-negotiable. Security is not an afterthought; it is foundational to every layer of our platform, from infrastructure to AI model integration.
This page outlines our security practices, AI trust commitments, and the safeguards we have put in place to protect the most sensitive legal work.
How we handle your data in an AI-powered platform.
Your documents, testimony, case materials, and AI-generated insights (“Case Data”) are not used to train or improve AI models—ours or any third party’s. Case Data serves one purpose: your case.
Case Data is logically and architecturally isolated. Case Data from one account are not accessible to nor do they influence the outputs for another customer.
We maintain contractual zero-data-retention agreements with our third-party model providers. This means our agreements prohibit the retention or use of inputs and outputs by an upstream provider, beyond the processing necessary to generate a response.
FullProof is designed to augment attorney judgment, not replace it. All insights surfaced by the platform are meant to be evaluated and validated by a licensed attorney in the context of their case.
Our AI is grounded in Case Data using retrieval-augmented generation (RAG). Outputs are tied to source documents within the customer’s dataset that attorneys can verify, minimizing hallucination risk.
Your Case Data is not sold or shared with any third party except as necessary to provide the the FullProof service. Your case materials remain exclusively yours.
Protecting attorney–client privilege is central to how FullProof is built. Our platform is architected to support attorneys in maintaining confidentiality obligations and minimize the risk of inadvertent privilege waiver when using AI-assisted workflows.
FullProof’s patent-pending privilege-protected hardware provides an additional layer of safeguarding specifically designed for the heightened security and compliance demands of litigation. We are built with awareness of ABA guidance on AI use in legal practice and the confidentiality obligations attorneys owe their clients.
All Case Data is encrypted using AES-256 encryption.
All Case Data transmitted between your device and our platform is encrypted using TLS 1.2 or higher, ensuring secure communication in transit.
Encryption keys are managed through industry-standard key management services with automated key rotation policies. Database backups and snapshots are also encrypted.
Access is governed by role-based access control (RBAC) enforcing the principle of least privilege—both for FullProof employees accessing infrastructure and for customer users within the platform.
MFA is required for all internal systems and supported for customer accounts. Enterprise customers can integrate SSO via SAML for centralized identity management.
All access to Case Data is logged with comprehensive audit trails. Access is periodically reviewed to ensure compliance with our security policies.
FullProof is hosted on enterprise-grade cloud infrastructure with network segmentation, web application firewalls, and DDoS protection. Our environment is continuously monitored with real-time alerting to detect and respond to potential threats.
Case Data is architecturally isolated. Each organization’s case materials, configurations, and outputs are separated at the infrastructure level.
We maintain clear data retention policies. When a matter concludes, based on individual user or system actions, customers may request deletion or configure retention settings in accordance with their contractual terms. Case Data is deleted in accordance with documented data retention policies.
Data processing agreements (DPAs) are available for enterprise customers. Sub-processor information is provided transparently. See our Privacy Policy for full details.
We understand the importance of validating the security posture of any vendor handling sensitive legal data. If you have questions about our security practices or would like to request additional documentation, please contact us at [email protected].