Security at Case Compass

Law firms trust us with sensitive client intake data. Here's how we protect it — from infrastructure to AI data handling.

AI Data Privacy: BYOK Model

Waypoint, our AI intake scoring engine, uses a Bring Your Own Key (BYOK) model. When you configure Waypoint, you connect your own OpenAI API credentials. Your client intake data is sent directly to OpenAI under your account.

This means:

Your claimant data never flows through Case Compass AI infrastructure
Your data never trains a shared model or any third-party model
You maintain full audit rights and control over your OpenAI account
Data isolation is architectural — not just a policy

Our security foundation

Cloud Infrastructure

Case Compass is hosted on AWS, a SOC 2 Type II certified cloud provider. All data is stored in US-based data centers. Infrastructure is managed with least-privilege access controls.

Data Encryption

All data in transit is encrypted using TLS 1.2+. Data at rest is encrypted using AES-256. Encryption keys are rotated on a regular schedule.

Authentication & Access

Case Compass supports multi-factor authentication and enforces role-based access controls so each user only sees what they need. Identity management is handled through enterprise-grade authentication services.

Audit Logging

Every significant action in the platform is logged — lead access, intake submissions, user changes, and API calls. Logs are retained and available for compliance review.

Microsoft Bot Framework

All intake chatbot conversations are handled through Microsoft Bot Framework and Azure Cognitive Services — enterprise-grade infrastructure designed for sensitive workloads.

Automated Backups

Case Compass data is backed up daily with point-in-time recovery. Backups are retained for 30 days and are encrypted at rest.

Security questions?

We're happy to walk through our security posture with your IT team or compliance counsel.