Data ownership
You own your data, period. Firm data is fully segregated, with customizable data retention.
Responsible AI
Data is never used to train AI models. We maintain zero data retention policies with all model providers.
Overview
Law firms' client data is some of the most sensitive information that exists. For this reason, privacy and security are and always will be our top priority. This principle underlies every decision we make in designing, building and scaling PointOne. In addition to keeping your data safe, we are also committed to providing transparency and control over how your data is collected, used and retained.
Certifications
PointOne has been certified for SOC 2 Type 1 as of November 4, 2024. Our independent audit report is available upon request. We are currently in the process of obtaining SOC 2 Type 2, ISO 27001, GDPR, and HIPAA compliance.
Security Controls
PointOne captures timekeeping logs as attorneys perform work. Those logs are stored locally on the attorney's computer, and are encrypted in transit and at rest to prevent unauthorized access. Once the attorney is finished working, the timekeeping logs are uploaded to Amazon Web Services, where they are prepared for interpretation by AI models. There, we maintain segregated storage for each firm, ensuring the data is ring-fenced and there is no risk of contamination. We also take advantage of AWS's advanced security measures including comprehensive network and application firewall protections. Additionally, their strict adherence to global privacy standards and ongoing security monitoring provide further protection against unauthorized access.
Responsible AI
Once the data logs are prepared for inference, we use AI models to review them and determine what tasks a lawyer has performed. We only use foundation models backed by enterprise-caliber privacy and security standards. We maintain "zero data retention" agreements with model providers to ensure your firm's data is never retained by these models nor is it used to update these models. PointOne also does not cross-train models between firms, meaning that your data will only ever be used to improve your service and will not be used in any other firm. This effectively eliminates any risk of data leakage via the model's outputs.
Data Ownership
We believe that firms should have the right to determine when and how their data is collected, used, and retained. We use your data only in very limited ways. First, to deliver the service requested — that is, generating automated time entries and reviewing pre-bills. Second, our systems learn from any edits you make to your time entries so that we can deliver better outputs in the future (this information is user-specific, and is never shared across firms). Third, we hope to be able to use your billing data to deliver other useful features in the future — but only with your explicit consent. We also give firms the ability to set custom retention periods, ranging from daily to indefinite retention.
Policies & Governance
Privacy and security measures are only as good as the policies and controls that underpin them. We take a number of measures identified as industry best practices to ensure the highest caliber of compliance.
Role-Based Access Controls: Ensure data accessibility is limited to authorized personnel only.
Login Security with MFA: Add an additional layer of authentication for robust protection.
System Monitoring and Audit Logs: Maintain vigilance over activities for enhanced security and compliance.
Adaptive Policy Updates: Modify strategies in response to evolving cyber threats and industry standards.
External Compliance Audits: Conduct regular evaluations to ensure adherence to regulatory requirements and identify improvement opportunities.
Staff Training: Continuously enhance knowledge with cybersecurity best practices.
At PointOne, we take the security of our systems and applications seriously. We welcome reports of potential security vulnerabilities from ethical security researchers and members of the security community. If you believe you have found a security vulnerability in any of our products or services, please report it to us via email at security@pointone.ai. Read more about our Responsible Vulnerability Disclosure Policy here.
PointOne Technologies, Inc.
153 W 27th St Ste 705
New York, NY 10001
Contact us at team@pointone.com or jeremy@pointone.com
