Security
Security that runs quietly.
Private by defaultAccess controlAudit trailSource-linked
Built for legal work where private documents, client trust, and source-backed output matter every day.



01Where it livesIn the US.
In the US.
Encrypted throughout.
- US residency. Client data sits on US-based infrastructure.
- Encrypted end to end. TLS 1.2+ in transit, AES-256 at rest.
- Named providers only. The subprocessor list is shared on request under NDA.
02How it's guardedBuilt to clear
Built to clear
a security review.
Security needs to be visible enough for review and quiet enough for daily work. Grow Legal keeps access, audit, and data controls in one operating layer.
Admins can see who has access, what happened in a matter, and how data is handled without asking lawyers to change how they work.

- Access by matter - people see the matters they're on, not the whole firm.
- Full audit trail - every action logged: who did what, and when.
- Zero training - your work never trains a model. It's in the contract.
03Who's in chargeIt's yours.
It's yours.
You keep control.
Bring it in, export it, or delete it on your schedule. When an engagement ends, your data leaves with you.
04CertificationsWe report status.
We report status.
We don't fake a badge.
SOC 2 Type IIIn progress. Scope and reports under NDA.
ISO 27001 / 42001In progress. Status shared honestly on request.
HIPAA / GDPRMapped to your obligations under NDA.
Do you train on our data?
No - contractually, your data never trains any model.
Where is it stored?
On US-based infrastructure, encrypted in transit and at rest.
Can we get it out?
Any time. On exit it's returned or destroyed on your terms.
Are you certified?
SOC 2 and ISO are in progress; we walk your team through scope under NDA.
Get started
Hand it to your security team.
We bring subprocessors, data terms, and current status to the table.
US data residency / No training on your data / NDA day one
