Law firms' client data is some of the most sensitive information that exists. For this reason, privacy and security are and always will be our top priority. This principle underlies every decision we make in designing, building and scaling PointOne. In addition to keeping your data safe, we are also committed to providing transparency and control over how your data is collected, used and retained.
PointOne captures timekeeping logs as attorneys perform work. Those logs are stored locally on the attorney's computer, and are encrypted in transit and at rest to prevent unauthorized access. Once the attorney is finished working, the timekeeping logs are uploaded to Amazon Web Services, where they are prepared for interpretation by AI models. There, we maintain segregated storage for each firm, ensuring the data is ring-fenced and there is no risk of contamination. We also take advantage of AWS's advanced security measures including comprehensive network and application firewall protections. Additionally, their strict adherence to global privacy standards and ongoing security monitoring provides further protection against unauthorized access.
Once the data logs are prepared for inference, we use AI models to review them and determine what tasks a lawyer has performed. We only use foundation models backed by enterprise-caliber privacy and security standards. Your firm's data is never retained by these models nor is it used to update these models. PointOne also does not cross-train models between firms, meaning that your data will only ever be used to improve your service and will not be used in any other firm. This effectively eliminates any risk of data leakage via the model's outputs.
We believe that firms should have the right to determine when and how their data is collected, used, and retained. We use your data only in very limited ways. First, to deliver the service requested — that is, generating automated time entries. Second, our systems learn from any edits you make to your time entries so that we can deliver better outputs in the future (this information is user-specific, and is never shared across firms). Third, we hope to be able to use your time logs to deliver other useful features in the future — but only with your explicit consent. We also give firms the ability to set custom retention periods, ranging from daily to indefinite retention.
Privacy and security measures are only as good as the policies and controls that underpin them. We take a number of measures identified as industry best practices to ensure the highest caliber of compliance.
Role-Based Access Controls: Ensure data accessibility is limited to authorized personnel only.
Login Security with MFA: Add an additional layer of authentication for robust protection.
System Monitoring and Audit Logs: Maintain vigilance over activities for enhanced security and compliance.
Adaptive Policy Updates: Modify strategies in response to evolving cyber threats and industry standards.
External Compliance Audits: Conduct regular evaluations to ensure adherence to regulatory requirements and identify improvement opportunities.
Staff Training: Continuously enhance knowledge with cybersecurity best practices.
At PointOne, we take the security of our systems and applications seriously. We welcome reports of potential security vulnerabilities from ethical security researchers and members of the security community. If you believe you have found a security vulnerability in any of our products or services, please report it to us via email at security@pointone.ai. Read more about our Responsible Vulnerability Disclosure Policy here.