Yes, CoCounsel is secure.
CoCounsel is operated by Casetext, which uses a sophisticated, externally-audited data security program to protect its software programs and customer data. All data you provide to Casetext when you use CoCounsel, including any and all information and documents you choose to upload to CoCounsel, are encrypted and protected in accordance with Casetext’s comprehensive security program.
Casetext's security program includes the governance and technical controls to ensure that the platform, data, and code are secure and monitored. Our security program has passed security review at all of our AmLaw 100 law firm customers. A summary of the security features protecting the CoCounsel platform is provided below in the chart below.
In addition, none of your information or documents are shared or used to train the CoCounsel platform or the underlying large language model. These security measures do not exist with chatGPT or other public large language models, where your data can be accessed and used by others.
B. Security features
All user access is protected through strong authentication.
Perimeter firewalls block unauthorized ports and protocols.
Customer instances and data are logically separated.
Access to data sources, queries, and query results are captured and can be audited.
We have a Business Continuity Plan in place and is it tested annually.
Customers can utilize SSO for authentication.
Data source credentials are encrypted and stored in a secrets manager.
Data are encrypted at rest.
Data are encrypted in transit.
User access is logged and can be audited
Network vulnerability scans are performed monthly.
A third party executes an annual penetration test.
All third party vendors and contractors are fully vetted for security.
C. Specific questions
1. Does CoCounsel store my uploaded files and interactions?
Casetext retains search history, metadata, prompts, and completions only for the purpose of providing the application to users and for no other purpose. Data is stored and encrypted at rest with AES-256 in Casetext’s GCP US-West environment. All data is deleted immediately and completely when:
a user deletes their content in the application, or
we receive a request to remove data from a firm admin, or
upon contract termination.
2. Who owns CoCounsel's responses to my requests?
Customers fully own the response data and it can be deleted upon request.
If you have questions about our security program, please contact email@example.com.