Security and Privacy

MyLegal is built upon the AgilePoint platform, which can be set up as a secured, cloud-hosted service in both private and public cloud infrastructures, in AWS and Azure.

The platform is securely deployed behind a WAF (Web Application Firewall) and segmented via VPC (virtual private clouds) and AWS security groups. Data in S3 buckets is encrypted, and permissions are restricted based on the principle of least privilege. Versioning enables you to recover objects from accidental deletion or overwrite. Disk level encryption on user workstations and all production data at rest is encrypted with AES 256 or higher. Encryption keys are rotated periodically. All data in transit is encrypted with TLS 1.2 or higher.

AgilePoint platform is PCI and HIPAA compliant and carries an ISO 27001 Certification. A secure SDLC process is followed during the entire development lifecycle with clearly defined security requirements, application of threat modeling, and security architecture reviewers.

Security testing is carried out at every stage of the iterative development lifecycle, and penetration testing is carried out on an annual basis and after every major release. CIS Benchmarks are followed to ensure secure configurations baselines are adhered to for each asset type. Any changes in baseline configurations follow a Change Management Process.

MyLegal and AgilePoint are committed to protecting our customer’s privacy and data globally. Our software and internal practices are designed with privacy regulations compliance at the core. Our role-based security model provides clear separation and access permission structure for the product and third parties. We make data governance easy, including data encryption, API and SDK components.

Read the AgilePoint policies and privacy statements: