Security

Data Handling

Your documents pass through our processing pipeline and are never retained. Once a job completes, the document data is purged. No copies, no caches, no residual storage.

Everything lives in your environment. IGRISS acts as the processing layer — we transform and return, we do not collect. This means your client data never leaves your control.

Infrastructure Security

Our infrastructure runs on hardened, isolated environments with strict network segmentation. Each processing job is sandboxed to prevent cross-contamination between clients.

We deploy on trusted cloud providers with SOC 2 certified data centers. Infrastructure is provisioned through code, reviewed, and version-controlled — no manual configuration, no drift.

Encryption

All data in transit is encrypted via TLS 1.2 or higher. Data at rest — limited to account-level metadata — is encrypted using AES-256. API keys and credentials are stored in dedicated secrets management systems, never in application code or configuration files.

Access Controls

Access to production systems is restricted to a minimal set of personnel and requires multi-factor authentication. We follow the principle of least privilege across every layer — infrastructure, application, and data. All access is logged and auditable.

Compliance

Our architecture is designed to support compliance with data protection requirements relevant to legal services. We work with firms to meet their specific regulatory obligations and are committed to maintaining the highest standards of data governance.

Reporting Vulnerabilities

If you discover a security vulnerability, we want to hear about it. Contact us at team@igriss.com with details. We take all reports seriously and will respond promptly.