Trust & Compliance

Cryptographic Paranoia.

Causel is built on the assumption that every layer of the stack will be attacked. Our architecture enforces defense-in-depth across compute, storage, transit, and access control — designed from day one to satisfy the most demanding AmLaw 50 information security reviews.

SOC 2 Type II & HIPAA

Causel maintains SOC 2 Type II compliance with continuous monitoring via Vanta. For matters involving healthcare-related claims, our infrastructure is HIPAA-eligible with a Business Associate Agreement available upon request. All customer data is encrypted at rest using AES-256 via AWS KMS (customer-managed keys available) and in transit via TLS 1.2+.

SOC 2 Type IIHIPAA EligibleAES-256

Zero Training Policy

We sell infrastructure, not your data. Causel categorically guarantees that no customer data, legal briefs, or discovery materials are ever used to train, fine-tune, or improve our foundation models or any third-party models. Your intellectual property remains exclusively yours. This commitment is contractually binding and survives termination.

Zero Data TrainingContractual Guarantee

Single-Tenant Isolation

Every customer firm receives a dedicated AWS VPC with isolated compute, storage, and networking. No shared databases, no shared inference endpoints, no cross-tenant data flow. Your infrastructure is yours alone.

Encryption Everywhere

AES-256 encryption at rest for all data stores (RDS, S3, EBS volumes). TLS 1.2+ for all data in transit. Customer-managed KMS keys (BYOK) available for firms requiring key custody. All encryption keys are rotated on a configurable schedule.

Access & Audit

Role-based access control with ethical wall enforcement. Every data access event is logged to an immutable CloudTrail audit trail. Quarterly access reviews. Annual third-party penetration testing. Real-time anomaly detection on authentication events.

Infrastructure Stack

Compute

  • SageMaker Inferentia (real-time)
  • SageMaker Async + Spot (batch)
  • AWS Bedrock (reasoning)

Storage

  • RDS PostgreSQL + pgvector
  • S3 (document store)
  • ElastiCache Redis (session)

Orchestration

  • Temporal (workflow engine)
  • LangGraph (agent framework)
  • EventBridge (async events)

Security

  • AWS KMS (encryption keys)
  • CloudTrail (audit logging)
  • IAM + SSO (access control)

Data Lifecycle & Deletion

Upon termination of a Matter ID or an Enterprise Contract, Causel initiates a cryptographically verified deletion protocol. All associated vector databases, RDS instances, S3 buckets, and inference model caches are permanently destroyed within 72 hours. A certificate of destruction is issued to the customer upon completion. We retain zero lingering metadata, embeddings, or derived data products after deletion.

01

Termination signal received

Matter closed or contract expired

02

Cryptographic shred initiated

All storage volumes queued for destruction

03

Certificate of destruction issued

Verifiable proof within 72 hours

For security inquiries, vulnerability disclosures, or to request our SOC 2 Type II report, contact security@causel.ai