Skip to content Skip to footer
Menu Close
Close
Get in Touch

Data Storage, Security & Retention Policy

Last Updated: October 13, 2025 | Effective: October 13, 2025

1. Overview

This Policy describes how Cliont stores and protects data, including intake content (text, documents, audio, video), and sets retention schedules.

2. Hosting & encryption

Region. Primary hosting is in the United States (customer-selected regions may be offered contractually).

Encryption. TLS in transit; industry-standard encryption at rest.

3. Segmentation & access controls

Tenant-aware data segregation; least-privilege access; SSO/MFA options; role-based permissions; logging and alerting; periodic reviews.

Employee confidentiality and security training; background checks where permitted.

4. Backups & disaster recovery

Encrypted backups with tested restorations; documented RTO/RPO objectives.

5. Vulnerability & change management

Regular vulnerability scanning/patching; secure software development lifecycle; change control and approvals.

6. Incident response & breach notification

We maintain a written incident-response plan with 24/7 escalation. If a security breach compromises PI, we will notify affected customers and/or individuals without unreasonable delay under applicable law and contract.

7. Retention & deletion (defaults)

Retention may be shortened on request or extended for legal holds or active litigation.

Data type | Default retention

Account & billing records | 7 years

Audit & security logs | 24 months

Website analytics | Up to 26 months (then aggregate)

Intake text & documents | Matter life + up to 3 years (or earlier per law-firm instruction)

Audio/video recordings | Matter life + up to 3 years (or earlier per law-firm instruction)

Biometric identifiers/templates (if used) | Purpose satisfied or ≤ 3 years after last interaction, whichever is first; publicly posted schedule; no sale/profit.

8. Subprocessors

We use vetted subprocessors under written agreements requiring confidentiality, security, and deletion at end of services. We maintain a list of material subprocessors on request.

9. Data localization & transfers

Primary storage in the U.S.; cross-border transfers (if any) use appropriate safeguards.

10. Contact

Robert.Gevorkianesq@gmail.com | 460 S Central Ave, Glendale, CA 91204

Questions? Contact us at Robert.Gevorkianesq@gmail.com