TitleTerraTitleTerra
Start Free Trial
Security

Security, in specifics

Not slogans. Here is how your firm's data is isolated, controlled, and accounted for.

Schema-Isolated Tenancy

Every organization gets its own PostgreSQL schema — structural separation, not row filtering. Cross-tenant access is ruled out by design.

Role-Based Access Control

Template roles plus granular per-user grants and denies, scoped down to client, project, or legal description. Containment prevents granting more access than you hold.

Audit Trail

An append-only activity event store with user attribution — including every AI action — and an admin dashboard with per-user drill.

Encryption

Encrypted in transit and at rest. Session cookies are encrypted and HTTP-only; file URLs are signed and expiring.

Hardened Authentication

Rate-limited login, registration, and reset flows; OAuth strategies; HMAC-verified webhooks; CSP; forced HTTPS with HSTS in production.

Least-Privilege Defaults

New users start with the minimum. AI agents are actors under the same policy system as humans — no AI-only fast path, ever.

White-Label & Custom Domains

Your brand, your domain. Run the platform under your own logo, theme, and hostname, with branded transactional email — so clients and counsel see your firm, not ours.

Compliance posture

We are not yet SOC 2 certified — an audit is on the roadmap, and we'd rather tell you that plainly than imply otherwise. Ask us anything about the architecture in the meantime; we answer in specifics.

Talk to us about security