BatesFlow handles privileged legal documents. We built our architecture from day one around a single principle: the platform operator structurally cannot access your case data.This isn’t a policy — it’s enforced by the system’s design.
Zero Data Retention
Your documents are never retained by third-party AI providers. Content sent for classification and OCR is processed in real time and immediately discarded — it is not stored, logged, or used for model training. BatesFlow maintains enterprise-tier data processing agreements with all AI providers to guarantee this contractually.
Data Residency
All BatesFlow data — documents, database records, backups, and production outputs — is stored and processed exclusively in the United States.
Three-Layer Privilege Boundary
BatesFlow enforces strict data isolation through three independent layers:
Layer 1 — Tenant Isolation
Every law firm operates in a completely isolated environment. Each firm’s data — cases, documents, productions, user accounts — is scoped to their tenant. There are no shared tables, no cross-firm queries, no accidental data leakage. One firm cannot see, access, or even detect the existence of another firm’s data.
Layer 2 — Role-Based Access Control
Within each firm, access is controlled by role. Firm administrators manage their own users. Attorneys see only the cases assigned to them. Staff members have limited permissions. Every action is logged with the user, timestamp, and IP address.
Layer 3 — Platform Operator Exclusion
The platform operator (SKL LLC) has no database-level access to case data. Administrative functions are limited to user management, billing, and system health monitoring. There is no “admin backdoor” to view documents, productions, or case details. This boundary is enforced at the database query level, not just the application layer.
Encryption
- In Transit: All data is encrypted using TLS 1.3 between your browser and our servers.
- At Rest: All documents and database records are encrypted using AES-256 encryption.
- File Storage: Uploaded documents are stored in encrypted object storage with server-side encryption and access logging enabled.
Infrastructure
- Cloud Hosting: BatesFlow runs on isolated cloud compute with managed database infrastructure.
- Document Storage: Encrypted object storage with access policies and audit logging enabled.
- Background Processing: Document processing jobs run in isolated worker processes.
AI Processing
BatesFlow uses enterprise-grade AI for document classification and OCR. Important details:
- Document content sent to the AI provider is not used for model training.
- AI processing uses enterprise-tier APIs with data processing agreements in place.
- Classification results are stored only within your tenant’s isolated environment.
- You can review and override any AI classification before production.
Access Controls
- Password hashing using bcrypt with per-user salts.
- Session-based authentication with per-request validation.
- CSRF protection on all state-changing operations.
- Account suspension takes effect immediately — active sessions are invalidated.
- Firm administrators can deactivate users instantly.
Audit Logging
- Comprehensive Logging: Every user action — logins, document uploads, classifications, production runs — is logged with user, timestamp, and IP address.
- Session Management: 30-minute session timeout with per-request validation. No stale sessions.
- Retention: Audit logs are retained for a minimum of 12 months.
Incident Response
In the event of a confirmed data breach, BatesFlow will notify affected firms within 72 hours, including details of what data was affected, what steps we’re taking, and what actions (if any) the firm should take.
Compliance
- CPLR Compliance: Production outputs are formatted to meet New York Civil Practice Law and Rules requirements for discovery responses.
- Data Retention: You control how long your data is retained. Deletion requests are processed within 30 days.
Responsible Disclosure
If you discover a security vulnerability, please report it to security@batesflow.com. We take all reports seriously and will respond within 48 hours.
Questions
For security-related questions, contact security@batesflow.com.