Skip to main content
All CollectionsTrust, Security, and Privacy
How can I comply with my ethical duties of confidentiality while using CoCounsel?
How can I comply with my ethical duties of confidentiality while using CoCounsel?

Understand the key ethical obligations imposed on lawyers transmitting or storing confidential client information on CoCounsel.

Tyler Alexander avatar
Written by Tyler Alexander
Updated over 11 months ago

Most state bars have released ethics opinions on cloud computing for lawyers. These opinions make clear that lawyers can use cloud computing to transmit or store confidential client information, so long as they do the appropriate due diligence. Across almost all the jurisdictions that have published ethical guidance, the consensus is that a lawyer must choose a vendor that can be reasonably relied upon to keep client information confidential. This requires the lawyer to evaluate the nature of the technology, available security precautions, and limitations on third-party access.

Fortunately for Casetext customers, we have made the due diligence process easy by providing detailed information concerning our security practices. Our robust security practices establish a clear expectation of security so that lawyers can rest assured that their client’s confidential information stays privileged when they transmit or store sensitive information on CoCounsel.

Security features

  • All user access is protected through strong authentication.

  • Perimeter firewalls block unauthorized ports and protocols.

  • Customer instances and data are logically separated.

  • Access to data sources, queries, and query results are captured and can be audited.

  • We have a Business Continuity Plan in place and is it tested annually.

  • Enterprise customers can activate SSO for authentication.

  • Data source credentials are encrypted and stored in a secrets manager.

  • Data are encrypted at rest.

  • Data are encrypted in transit.

  • User access is logged and can be audited

  • Network vulnerability scans are performed monthly.

  • A third party executes an annual penetration test.

  • All third party vendors and contractors are fully vetted for security.


If you have questions about our security program, please email us at support@casetext.com.

Did this answer your question?