How we protect your data.

Infrastructure Security

• Hosted on Vultr cloud infrastructure with dedicated compute instances — not shared hosting
• TLS 1.2+ encryption for all data in transit, enforced via Let's Encrypt certificates with automatic renewal
• AES-256 encryption at rest for all stored documents and database records
• Network segmentation with firewall rules restricting access to application ports only
• DDoS protection and edge caching via Cloudflare, with WAF rules active on all endpoints
• SSH key-only access to production servers — no password authentication
• PM2 process management with automatic restart and zero-downtime deployment

Data Architecture

• Database-per-tenant isolation — your firm's data is in its own database, not a shared table with a tenant column
• Cloudflare R2 object storage with S3-compatible API and WORM (Write Once, Read Many) compliance mode
• 10-year immutable audit retention via S3 Object Lock in COMPLIANCE mode — no administrator, engineer, or court order can alter or delete audit records during the retention period
• Cryptographic hash chain on every document from the point of collection through every processing step, every coding decision, and every production
• Time-travel queries — reconstruct the exact state of any matter at any historical timestamp by replaying the immutable event log
• Dual-cloud redundancy: primary storage on Cloudflare R2, cross-cloud replication to AWS S3, with offline NAS backup encrypted with AES-256-GCM

AI and Data Privacy

Crucible offers three AI review tiers. Each has different data handling characteristics. We are precise about this because your firm's data governance policy depends on it.

Every AI coding decision — regardless of tier — is logged immutably with model version, timestamp, confidence score, and the full decision record. AI decisions never overwrite attorney decisions. They are stored as separate layers in the immutable stack.

Access Controls

• Seven role levels: Admin, Senior Attorney, Attorney, Paralegal, Litigation Support, Client, and Read-Only
• Authentication managed by Clerk with multi-factor authentication (MFA) support, including TOTP and WebAuthn
• RS256 JWT verification via JWKS endpoint — no static keys, automatic key rotation
• Session timeout enforcement — configurable per organization
• All access events logged to the immutable audit trail with timestamp, user identity, IP address, and action
• Role-based access control enforced at the API layer via @Roles() decorators on every GraphQL mutation — users see only what their role permits
• Multi-tenant isolation enforced on every database query — tenantId extracted from JWT, not from user input

Audit and Chain of Custody

The audit architecture is not a feature bolted onto Crucible. It is the mechanism by which Crucible operates. The database is an append-only event log. Current state is derived by replaying events — never stored as mutable state.

• Every action by every user is logged with timestamp, user identity, IP address, and the full content of the action
• Cryptographic hash chain: SHA-256 hash computed at document ingestion, then chained through every processing step, every coding decision, every redaction, and every production
• WORM storage: audit records cannot be altered or deleted by anyone — not engineers, not administrators, not by court order — during the 10-year retention period. This is enforced by S3 Object Lock in COMPLIANCE mode at the storage layer, not by application code
• Spoliation defense: load file compare tool generates a court-ready spoliation defense report showing hash continuity from collection through production
• SHA-256 snapshot hashing on every search term script (STR) run — producing a court-defensible record that the search was run as described
• Designed for adversarial examination under Federal Rule of Civil Procedure 26(g) — the system's outputs are built to withstand hostile expert witness scrutiny

Compliance

• GDPR-compliant data processing — Data Processing Agreement (DPA) available for all customers
• CCPA compliant — California Consumer Privacy Act obligations met
• Data Processing Agreement available at /legal/dpa and executed as part of customer onboarding
• Sub-processor list maintained and disclosed to all customers upon request
• 72-hour breach notification commitment — we notify affected customers within 72 hours of confirming a data breach
• Legal hold preservation enforced at the storage layer — held documents cannot be deleted, modified, or moved by any user or system process
• Annual security review and penetration testing (results available under NDA)

Third-Party Dependencies

Crucible Discovery depends on the following third-party services. We link to their security documentation for your review.

Reporting Security Issues

If you discover a security vulnerability in Crucible Discovery, we encourage responsible disclosure.

Questions