Security at Agee

Protecting attorney-client privileged data with enterprise-grade security, encryption, and continuous compliance monitoring.

SOC 2 Type II (In Progress) AES-256 Encryption Continuous Monitoring

🔒 Data Protection

Agee encrypts all customer data at rest and in transit using industry-standard encryption protocols. Sensitive credentials are managed through dedicated secrets management services with automated rotation.

Encryption at Rest

All stored customer data is encrypted using AES-256 encryption, including databases, document storage, and application data.

Encryption in Transit

All data transmitted between clients and the Agee Platform is encrypted using TLS 1.2 or higher. HSTS is enforced across all domains.

Secrets Management

Application credentials and API keys are stored in a dedicated secrets management service with automated rotation. No long-lived credentials exist in application code.

Data Classification

Agee maintains a formal data classification policy to ensure appropriate handling of public, internal, customer, and company data.

🛡 Tenant Data Isolation

Customer data is logically segregated at the database level. Each tenant's data is isolated through multiple independent enforcement layers, ensuring that no tenant can access another tenant's data — even in the event of an application-level defect.

👤 Access Control & Authentication

Agee uses a managed identity provider with support for multi-factor authentication (MFA). User sessions are managed through industry-standard token-based authentication with short-lived credentials.

Role-based access control (RBAC) with least-privilege permissions
Multi-factor authentication (MFA) support
Short-lived session tokens with automatic expiration
Biometric authentication support on desktop (Touch ID / Windows Hello)
Access deprovisioned within 24 hours of employee termination
Annual access reviews to verify least-privilege compliance

☁ Infrastructure

All production infrastructure is hosted on AWS, leveraging SOC 2 Type II certified cloud services. Application containers are deployed in isolated environments with ingress restricted to HTTPS. Infrastructure is monitored continuously with automated alerting.

Cloud Security

Hosted on AWS with platform-managed network isolation, automatic scaling, and immutable container deployments.

Monitoring & Logging

Comprehensive logging, metrics collection, and automated alerting for security events. Structured logging enables full request traceability.

📡 Application Security

The Agee Platform is built with a defense-in-depth approach, incorporating input validation, output sanitization, and comprehensive security headers on all responses.

Input validation and HTML sanitization to prevent cross-site scripting (XSS)
Parameterized queries to prevent SQL injection
Content Security Policy (CSP) with per-request nonces
Default-deny routing — all routes require authentication unless explicitly allowlisted
Rate limiting on all API endpoints to prevent abuse
Fail-closed error handling — sensitive information is never exposed in responses

💻 Secure Development

Agee follows a documented Systems Development Life Cycle (SDLC) that integrates security throughout the development process.

All source code managed with mandatory code review via pull requests
Automated security scanning on every pull request and deployment
Secret detection scanning to prevent credential exposure
Dependency vulnerability monitoring and alerting
No static credentials in CI/CD pipelines — federated authentication used for deployments
Development and production environments are logically separated

📋 Compliance

Agee is committed to meeting the highest standards of security and compliance for legal technology.

SOC 2 Type II

Currently undergoing SOC 2 Type II examination covering Security, Confidentiality, and Availability trust service criteria.

Continuous Monitoring

Automated compliance monitoring runs continuously across all infrastructure, with real-time detection and remediation of configuration drift.

Vendor Management

All third-party service providers that process or have access to customer data are evaluated for security posture and compliance certifications.

Incident Response

Documented Incident Response Plan with defined roles, escalation paths, and response time SLAs. Tabletop exercises conducted annually to validate procedures.

🔐 Data Privacy

As a legal practice management platform, Agee is entrusted with attorney-client privileged data, which requires heightened privacy protections beyond standard PII handling.

Customer data is used solely for the purposes stated in service agreements
Confidentiality and non-disclosure agreements required for all employees and contractors
Attorney-client privileged data handled with safeguards appropriate to legal practice
Data retention and secure disposal procedures are documented and enforced
Tenant data isolation at the database level prevents cross-tenant access
Your data is never used to train AI models — all AI processing is inference-only

Questions about our security practices?

Our team is available to discuss security requirements, provide additional documentation, or schedule a detailed review.

support@agee.law