Security Built for Legal Teams
Your contracts contain your most sensitive business information. We treat security as a foundational requirement, not an afterthought.
Our Security Pillars
Comprehensive protection at every layer of the stack.
Encryption at Rest & In Transit
All data encrypted with AES-256 at rest and TLS 1.3 in transit. Your contracts never travel unprotected. Microsoft Entra ID integration with certificate-based authentication preferred.
Least Privilege Access
We request only the minimum permissions required to function. For Microsoft 365 integration, we use application-level permissions (app-only) that require explicit tenant administrator consent. Authentication is handled through Microsoft Entra ID with certificate-based authentication preferred over client secrets. Granular permissions ensure the right people see the right contracts.
Tenant Isolation
Every operation is scoped by tenant ID. Data from one tenant cannot be accessed by another, even at the database level. We enforce this through Row-Level Security, per-tenant encryption keys, and strict authorization checks on every API call.
Audit Logging
Comprehensive audit trails for every action. Full visibility into who accessed what and when. These logs are retained for compliance and troubleshooting, and are accessible through our admin interface. They form a permanent, unalterable record of all system activity—the definitive archive of your contract management operations.
Ephemeral Data Minimization
Email bodies are processed only in memory and never stored. Our system processes attachments ephemerally and only persists contract files (those identified as contracts), minimal metadata (source mailbox, timestamp, file hash), and audit logs.
Vendor Security Management
Rigorous assessment of all third-party vendors. Only SOC 2 compliant partners in our supply chain.
Data Sovereignty Options
For organizations with stringent data residency requirements, DealTracer offers flexible deployment options to ensure your data never leaves your approved boundaries.
- Self-Hosted Deployment
Install within your own VPC, private cloud, or on-premise infrastructure.
- Bring Your Own LLM
Use your own AI models for complete control over data processing.
- Regional Data Centers
Choose your data center location to meet regulatory requirements.
Compliance & Certifications
Meeting the highest standards in data security and privacy.
SOC 2 Type II
Annual audits verifying security, availability, and confidentiality controls.
HIPAA Ready
BAA available for healthcare organizations handling PHI.
GDPR Compliant
Full compliance with European data protection regulations.
Ready to Learn More?
Request our detailed security documentation or schedule a security review with our team.