Security at Legisly

Your data security is our top priority

We've built our platform with security as a foundational principle — not an afterthought.

TLS 1.3In transit AES-256At rest MFAAdmin access SOC 2 Type IIIn progress CCPACompliant

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

Infrastructure

Enterprise-grade cloud infrastructure hosted with SOC 2 Type II providers — we're working toward our own SOC 2 Type II certification.

Access Control

Role-based access controls ensure only authorized personnel can access systems and data.

Monitoring

24/7 monitoring and logging of all system activity with real-time threat detection.

Backups

Automated daily backups with point-in-time recovery and geographic redundancy.

Privacy

Your legislative positions and business data are never shared with other users or sold to third parties.

How we protect your data

Data protection

  • Encryption in transit: all communications between your browser and our servers use TLS 1.3 encryption.
  • Encryption at rest: all stored data is encrypted using AES-256, an industry-standard encryption algorithm.
  • Database security: our databases are isolated within private networks with no direct internet access.
  • Secure backups: backups are encrypted and stored in geographically separate locations.

Application security

  • Regular security code reviews and automated vulnerability scanning
  • Dependency monitoring for known vulnerabilities
  • Secure authentication with password hashing and optional two-factor authentication
  • Protection against common web vulnerabilities (XSS, CSRF, SQL injection)
  • Rate limiting and DDoS protection

Infrastructure security

  • Hosted on enterprise cloud providers that hold SOC 2 Type II certification
  • Network isolation with firewalls and private subnets
  • Automated security patching and updates
  • Multi-region deployment for high availability
  • Regular penetration testing by third-party security firms

Access controls

  • Principle of least privilege for all employee access
  • Multi-factor authentication required for all administrative access
  • Detailed audit logs of all data access
  • Regular access reviews and immediate revocation upon role changes

Incident response

  • 24/7 monitoring and alerting
  • Defined escalation procedures
  • Communication protocols for affected users
  • Post-incident analysis and remediation

Compliance & privacy

  • Working toward SOC 2 Type II certification — currently in progress
  • Compliant with applicable data protection regulations, including CCPA
  • Your legislative positions and business data are never shared with other users
  • Your data is never sold to third parties
Security specifications
In transit
TLS 1.3All browser-to-server traffic encrypted end to end
At rest
AES-256Industry-standard encryption for all stored data
Hosting
SOC 2 Type II providerEnterprise cloud with network isolation & private subnets
Authentication
MFA + hashed credentialsMulti-factor for admin access; passwords never stored in plain text
Backups
Daily, geo-redundantEncrypted, point-in-time recovery across separate regions
Responsible disclosure

Found a vulnerability? Tell us.

We welcome security researchers to report issues responsibly. Email security@legisly.ai with the details — we investigate every report and won't take legal action against researchers who follow responsible disclosure practices. Evaluating enterprise security requirements? Ask us for our security overview.

Contact security@legisly.ai →