OUR COMMITMENT TO

OUR COMMITMENT TO

Privacy and Security

Privacy and Security

Robust security protocols

Enterprise grade encryption and security protocols for end-to-end protection.

Robust security protocols

Enterprise grade encryption and security protocols for end-to-end protection.

Complete data ownership

Complete data ownership

Customizable retention periods and transparency over data collection and use.

Customizable retention periods and transparency over data collection and use.

SOC 2
certification

Type I certification in progress, expected completion Q1 2024.

SOC 2 certification

Type I certification in progress, expected completion Q1 2024.

Overview

Overview

Overview

Law firms' client data is some of the most sensitive information that exists. For this reason, privacy and security are and always will be our top priority. This principle underlies every decision we make in designing, building and scaling PointOne. In addition to keeping your data safe, we are also committed to providing transparency and control over how your data is collected, used and retained.

Security Controls

Security Controls

Security Controls

PointOne captures timekeeping logs as attorneys perform work. Those logs are stored locally on the attorney's computer, and are encrypted in transit and at rest to prevent unauthorized access. Once the attorney is finished working, the timekeeping logs are uploaded to Amazon Web Services, where they are prepared for interpretation by AI models. There, we maintain segregated storage for each firm, ensuring the data is ring-fenced and there is no risk of contamination. We also take advantage of AWS's advanced security measures including comprehensive network and application firewall protections. Additionally, their strict adherence to global privacy standards and ongoing security monitoring provides further protection against unauthorized access.

Responsible AI

Responsible AI

Responsible AI

Once the data logs are prepared for inference, we use AI models to review them and determine what tasks a lawyer has performed. We only use foundation models backed by enterprise-caliber privacy and security standards. Your firm's data is never retained by these models nor is it used to update these models. PointOne also does not cross-train models between firms, meaning that your data will only ever be used to improve your service and will not be used in any other firm. This effectively eliminates any risk of data leakage via the model's outputs.

Data Ownership

Data Ownership

Data Ownership

We believe that firms should have the right to determine when and how their data is collected, used, and retained. We use your data only in very limited ways. First, to deliver the service requested — that is, generating automated time entries. Second, our systems learn from any edits you make to your time entries so that we can deliver better outputs in the future (this information is user-specific, and is never shared across firms). Third, we hope to be able to use your time logs to deliver other useful features in the future — but only with your explicit consent. We also give firms the ability to set custom retention periods, ranging from daily to indefinite retention.

Policies & Governance

Policies & Governance

Policies & Governance

Privacy and security measures are only as good as the policies and controls that underpin them. We take a number of measures identified as industry best practices to ensure the highest caliber of compliance.


  • Role-Based Access Controls: Ensure data accessibility is limited to authorized personnel only.

  • Login Security with MFA: Add an additional layer of authentication for robust protection.

  • System Monitoring and Audit Logs: Maintain vigilance over activities for enhanced security and compliance.

  • Adaptive Policy Updates: Modify strategies in response to evolving cyber threats and industry standards.

  • External Compliance Audits: Conduct regular evaluations to ensure adherence to regulatory requirements and identify improvement opportunities.

  • Staff Training: Continuously enhance knowledge with cybersecurity best practices.