Casexatlas
Sign inTake a tour
Security

Client data, handled like it matters

You're trusting us with injured clients' files. Here is exactly how we protect them — and, just as importantly, an honest account of what's still in progress.

Per-firm tenant isolation

Every query is scoped to your firm in the data layer — not just hidden in the UI. One firm's cases, documents, and communications are never visible to another firm's users.

Role-based permissions

Four role types — Admin, Attorney, Paralegal, Staff — with granular per-role permissions you control, so people see and do exactly what their role requires.

Invite-only onboarding

Creating an account grants access to nothing — every firm workspace is provisioned by us, and every user is invited by their firm's admin. Strangers can't create accounts in your tenant.

Managed authentication

Authentication is handled by Clerk, a dedicated identity provider, with support for multi-factor authentication. We don't roll our own password storage.

Encryption in transit and at rest

All traffic is encrypted with TLS. Data at rest lives in managed Postgres with encryption at rest provided by the hosting platform.

Signed outbound webhooks

Webhooks Casexatlas sends to your systems are HMAC-signed, so the receiving end can verify the payload really came from us and wasn't altered in transit.

Audit logging

Sensitive actions are logged — who did what, and when — giving firm admins an accountability trail.

Recurring security audits

The codebase goes through regular third-party-style security audits. Findings are tracked to resolution, with critical and high-severity issues prioritized first.
Where we are on compliance

We will not claim a certification we don't hold. As of today:

  • —HIPAA readiness program in progress. We are building toward the technical and administrative safeguards HIPAA expects, but we do not claim HIPAA compliance today and do not yet sign BAAs.
  • —SSO / SAML coming soon. Enterprise single sign-on is on the roadmap but is not available yet. Today, authentication is email-based via Clerk, with MFA support.
  • —No certifications claimed. You won't find badge walls here. When we complete a formal certification, this page will say so plainly — with dates.

If a specific compliance requirement is a hard blocker for your firm, tell us — it directly shapes what we build next. Write to info@casexatlas.com.

Security questions before you commit?
Ask us directly — we'd rather answer in detail than in slogans.
Email usRequest access
FeaturesPricingSecurityAboutContactTermsPrivacy
© 2026 Casexatlas. All rights reserved.