Causel

Security · Compliance · Data handling

How we handle your firm’s data, your client’s privilege, and our compliance roadmap.

We built Causel after watching generalist legal AI vendors ship without thinking about privilege, work product, or the specific compliance obligations of complex commercial litigation. This page names the decisions we made — not the aspirational ones, the actual ones.

The short version

Pre-SOC 2, with a contractual commitment.

Causel is pre-SOC 2 today. We are pursuing Type II certification with an audit scheduled for Q4 2026. Until then, we commit to the security and data-handling practices described below, backed by contractual indemnification in the design partner agreement.

If your firm requires SOC 2 certification as a precondition to any engagement, we will sign a side letter with a reimbursement clause if we miss our Q4 target. We’d rather tell you the truth now than discover the gap during your GC review.

Certification Roadmap

Where we are. Where we’re going.

SOC 2 Type I
Auditor selected. Controls documentation in progress. Target: Q3 2026.
IN PROGRESS
SOC 2 Type II
6-month observation window begins after Type I. Target: Within 90 days of first production deployment (est. Q4 2026).
IN PROGRESS
ISO 27001
Planned for 2027 in parallel with first international firm engagement.
PLANNED
HIPAA BAA
Not applicable today; will execute on request if a matter involves PHI.
PLANNED
Delaware C-corp formation
Completed. D&O and E&O insurance pending seed close.
COMPLETED

How we handle your data

Five Non-Negotiables.

Encryption

AES-256 at rest, TLS 1.3 in transit. Per-matter encryption keys managed via AWS KMS. Bring-your-own-key (BYOK) available at the Bet-the-Company tier for firms that require key custody.

Isolation

Every matter is logically isolated. Your custodians, documents, and fact graph never touch another firm's data. Multi-tenant at the application layer, single-tenant at the data layer.

Residency

Data stored in AWS us-east-1 by default, with us-west-2 failover. EU residency (eu-west-1) available on request for matters with GDPR exposure.

Retention

Your data is retained for the duration of the matter plus 90 days after termination, unless you instruct otherwise. Deletion is irreversible within 48 hours of request and verified by a signed certificate.

Model Training

Never. We do not use your documents, witness files, motion drafts, or any matter-specific data to train foundation models. Our contract language is explicit and the audit trail is yours on request.

Privilege and work product

The first design decision in the product.

Privilege handling is the single most important design decision in Causel. We built the privilege review workflow before we built the deposition prep workflow.

Detection

At ingestion, a privilege classifier flags potentially privileged documents across four categories: attorney-client (inside counsel), work product (litigation strategy), common interest, and ambiguous (needs partner review).

Quarantine

Flagged documents are quarantined before any substantive agent runs on the corpus. Agents cannot read, cite, or surface quarantined documents until a partner explicitly approves the quarantine.

Override

Partners can override the classifier in either direction (add to quarantine, remove from quarantine) with a logged justification. The audit trail supports defensible waiver arguments if privilege is later contested.

Work product doctrine

All agent-generated artifacts (witness files, cross outlines, weakness flags) are treated as attorney work product under Fed. R. Civ. P. 26(b)(3), prepared at the direction of counsel in anticipation of litigation. Contract language makes this explicit.

Incident response

Detection, notification, recovery.

Detection

24/7 infrastructure monitoring via AWS CloudWatch. Automated alerting on unauthorized access attempts, unusual agent behavior, or data exfiltration patterns.

Notification

Security incidents affecting your firm's data are reported to the designated partner within 4 hours of detection, with a preliminary assessment within 24 hours and a full post-mortem within 10 business days.

Disaster recovery

Point-in-time restore with daily backups. RPO and RTO targets will be formalized before production deployment.

Access control

Role-based, matter-isolated.

Role-based access

Partners have full access. Senior associates have full access. Associates can review and run agents but cannot delete facts. Paralegals can upload documents and read the record but cannot see work product.

Matter isolation

Conflicts are enforced at the matter level. One user can have full access to Matter A and zero access to Matter B within the same firm.

SSO

SSO via WorkOS (SAML 2.0, Okta, Google Workspace) — available to all tiers at launch.

Subprocessors

Who touches your data, and why.

The full subprocessor list is maintained here and included as an appendix to your design partner agreement. We will not add new subprocessors without 30-day written notice to active design partners.

VendorPurposeLocation
Amazon Web ServicesInfrastructure, storage, computeUnited States (us-east-1, us-west-2)
Enterprise LLM ProviderModel inference (zero-retention configuration)United States
WorkOSIdentity and access managementUnited States
VantaCompliance monitoring (metadata only)United States

Honesty

What we don’t do yet.

A security page that doesn't name its gaps is not credible. Here are ours, as of this quarter:

We are not SOC 2 certified (in progress, Q4 2026 target)

We do not yet support private VPC deployment (Bet-the-Company tier, Q2 2026)

We have not completed a third-party penetration test (scheduled, Q3 2026)

We do not have a formally appointed DPO (will appoint before first EU matter)

We will not answer any of these questions differently in a sales conversation than we answer them here.

Questions about anything on this page?

security@causel.ai