How JustineAI™ protects your firm’s data.
This whitepaper is the procurement-grade companion to the Trust posture page. Every statement here is verified against the code that runs the JustineAI™ service, the Microsoft Azure platform we run on, or the contractual framework Eve-Legal, LLC executes with customers. We do not claim what we do not ship.
1. The three-layer trust model
Security responsibility sits in three distinct layers, and we are precise about which is which. Azure platform (Microsoft): data-center security and Microsoft’s own attestations for Azure services — inherited at the infrastructure layer only. JustineAI product (Eve-Legal, LLC): the application, controls, people, and processes — the subject of our own SOC 2 Type II examination. Customer (the firm): user provisioning, matter uploads, internal permissions, and attorney review of output. We do not present Azure’s certifications as our own.
2. Architecture & residency
JustineAI™ runs on Eve-Grid™ — our deployment architecture on Microsoft Azure — in the US East US 2 region. Compute on Azure Container Apps behind Azure Front Door; data in Azure Database for PostgreSQL (private-only); documents in Azure Blob Storage (firewall default-deny, private endpoint, soft-delete + versioning); secrets in Azure Key Vault via Managed Identity. Primary matter data is stored in the US region of record; encrypted backups may replicate to the Azure paired US region for disaster recovery. Availability outside the United States is not offered today.
3. Access control
Token-based authentication (bcrypt-hashed passwords), email-verified accounts, and single-use expiring tokens for verification, reset, and invitations. Authorization is role-based and matter-scoped: a non-administrator may act only on matters they are assigned to; firm-administrators retain firm-wide access. Multi-tenant isolation is enforced at the database layer by PostgreSQL row-level security — fail-closed, under a non-privileged role that cannot bypass it. Deactivating a member blocks both login and token refresh. SSO (SAML/OIDC, incl. Microsoft Entra ID) and MFA are on the enterprise roadmap.
4. Encryption
All matter data and documents are encrypted at rest with Azure-managed keys; customer-managed keys are on the enterprise roadmap. Transit is TLS 1.2+ end-to-end — the database requires secure transport, storage enforces a TLS 1.2 minimum, and application ingress is HTTPS-only behind Azure Front Door.
5. Data handling & AI governance
No training on customer data. Matter data is never used to train or fine-tune any model; Eve-Genesis™ is synthetic by construction, in a storage/subscription/identity boundary separate from customer data. Inference stays in-tenant: all model calls route to Azure OpenAI / Azure AI Foundry endpoints inside MindHYVE.ai™’s Azure tenant via Managed Identity; providers are contractually barred from retaining or training on inference content. Grounding: AI-suggested citations are verified against the CourtListener corpus and marked verified only when they resolve to a real opinion — unverified suggestions are labelled research leads. Human-in-the-loop: client intake discloses it is automated AI, not an attorney, not legal advice; work product is produced under the supervision of the attorney of record. The AI reasons; the attorney decides.
6. Audit logging & monitoring
Every state-changing action is written to a structured, typed audit log with actor identity, timestamp, action type, and matter reference. The log records actions, not matter content. Records older than 90 days are moved nightly to long-term storage as HMAC-SHA256-signed batches, verifiable on retrieval; logs are exportable as JSON and retained for the contracted period. Daily case- and behavioral-auditors surface matter-level and user-level anomalies. Platform monitoring uses Azure Monitor and Microsoft Defender for Cloud.
7. Retention, legal hold & deletion
Matter and audit data are retained while an account is active and for the contracted period. Deletion is a soft-delete; matter records are never hard-deleted in normal operation (ABA Model Rule 1.15). A matter under legal hold cannot be deleted. On offboarding or erasure request, a tenant’s matter data and documents are permanently deleted and a deletion attestation is produced, while the audit trail is preserved for the contracted period. See the retention & deletion policy.
8. Incident response & continuity
Detection via Azure Monitor + Microsoft Defender for Cloud. Four severity tiers; Severity-1 (confirmed exfiltration of customer matter data) triggers the most aggressive response. Customers are notified of confirmed incidents in the most expedient time possible and without unreasonable delay — the standard set by California Civil Code § 1798.82 and the breach-notification statutes of every other US state — or any shorter window committed in the DPA, whichever is most protective. Encrypted geo-redundant backups and a documented DR runbook support recovery. See incident response.
9. Attestations & the report
Azure platform (inherited): ISO 27001, ISO 27018, SOC 1/2/3, PCI DSS, HITRUST. JustineAI product: an independent SOC 2 Type II examination is in progress; on completion the report is available to qualified customers under NDA. HIPAA / BAA posture is tracked under counsel where medical records are central to the workflow.
Request the report under NDA. Security teams can request the SOC 2 report and full security package (subject to NDA) via our contact form — note “security review” and we’ll route it to the right owner.