Nothing leaves the room.
Your data is encrypted, isolated, and never used for training. We built this for the people who can't afford to wonder.
Visit Trust Center →SOC 2 Type II
Independent audit of security controls, availability, and confidentiality.
HIPAA
Full compliance for handling protected health information.
AES-256
Encryption at rest for all stored data.
TLS 1.2
Encryption in transit for all data in motion.
How we protect your data
Your data is never used for training.
We do not train AI models on customer data. Ever. Your documents, transcripts, and work product remain yours.
US data residency.
All data is stored in the United States within our AWS and Azure environments. Both providers include guarantees on intrusion detection and physical security.
Least privilege by default.
User roles and permissions restrict access to sensitive data. SSO and multi-factor authentication are required for all accounts.
Tested continuously.
Annual external penetration testing. Quarterly vulnerability assessments. Dependency updates applied daily. Comprehensive audit logging for all user activities and system events.
Background checks and training.
All employees undergo background checks and complete mandatory security training annually.
Payments handled by Stripe.
CaseMark never touches payment data. All transactions are processed by Stripe, a PCI Level 1 certified provider.
Need more detail?
SIG Lite 2024, CAIQ questionnaires, pen test summaries, and attestation letters available on request.