Last Updated: January 28, 2026
At PreceviaLaw, security isn't an afterthought — it's foundational. Legal professionals trust us with their most sensitive data: client records, case files, financial information, and privileged communications. We take that responsibility seriously. This page outlines how we protect your practice.
1. Infrastructure Security
PreceviaLaw is built on enterprise-grade cloud infrastructure with multiple layers of protection:
- Cloud hosting: Our application is hosted on Netlify's global CDN with automatic SSL/TLS encryption for all connections.
- Database: All data is stored in Supabase (built on PostgreSQL) with encrypted storage at rest using AES-256 encryption.
- Network security: All data in transit is encrypted with TLS 1.2 or higher. We enforce HTTPS on every connection.
- DDoS protection: Our infrastructure includes automated DDoS mitigation at the network edge.
2. Data Encryption
We use industry-standard encryption at every level:
- In transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+.
- At rest: Database storage uses AES-256 encryption. Document storage uses server-side encryption.
- Passwords: User passwords are hashed using bcrypt with per-user salts. We never store plaintext passwords.
- API keys: All third-party API keys and secrets are stored as encrypted environment variables, never in source code.
3. Access Controls
PreceviaLaw implements strict access controls to protect your data:
- Row-Level Security (RLS): Every database query is scoped to the authenticated firm. One firm can never access another firm's data.
- Role-based access: Attorneys, staff, and clients each have different permission levels. Clients only see documents and messages shared with them.
- Session management: Authentication sessions are managed securely with automatic expiration.
- Client portal isolation: Client portal users are completely isolated from the attorney management interface.
4. Payment Security
We never store credit card numbers on our servers:
- Square: All payment processing is handled by Square, a PCI DSS Level 1 certified payment processor.
- Hosted checkout: Card details are entered directly on Square's hosted checkout page — they never pass through our servers.
- Bank connections: Bank account linking (via Plaid) uses tokenized access. We never receive or store your bank login credentials.
5. AI & Data Privacy
PreceviaLaw uses AI features responsibly:
- No training on your data: Your legal documents, client information, and case data are never used to train AI models.
- Scoped AI access: AI features (Senior Partner, Legal Research) only access data within your firm's scope and only when you initiate a request.
- No cross-firm data sharing: AI responses are generated per-firm. No data leaks between tenants.
- AI receptionist: Call recordings and transcripts from AI receptionist calls are stored only for your firm and are not shared with other users.
6. Document Security
Legal documents require the highest level of protection:
- Secure storage: All uploaded documents are stored in encrypted cloud storage with access controls.
- Signed URLs: Document downloads use time-limited signed URLs that expire after one hour.
- Client sharing: Documents shared with clients through the portal are access-controlled — only the intended client can view them.
- E-signatures: Electronic signature data is stored securely and linked to the specific document and signer.
7. Business Continuity
- Automated backups: Database backups are performed automatically with point-in-time recovery available.
- Redundancy: Our infrastructure spans multiple availability zones to ensure high availability.
- Uptime: We target 99.9% uptime for all production services.
8. Compliance
While PreceviaLaw is not a law firm and does not provide legal advice, we build our platform with legal industry requirements in mind:
- Attorney-client privilege: Our architecture is designed to maintain the confidentiality of privileged communications.
- Data retention: You control your data. You can export or delete your data at any time.
- State bar requirements: Our security practices are designed to help firms meet their ethical obligations for safeguarding client data.
9. Responsible Disclosure
If you discover a security vulnerability, please report it to us responsibly:
- Email: security@precevia.com
- We will acknowledge receipt within 48 hours
- We will not pursue legal action against good-faith security researchers
10. Contact Us
For questions about our security practices:
Flow Network Group, LLC
911 Lowell Ave, Middletown, DE 19709
security@precevia.com
866-346-6410