Data security

SOC2-Certified

Security is at the heart of midpage. Therefore, we have prioritized enterprise-ready security controls and compliance since inception. We have achieved SOC 2 Type I compliance in accordance with American Institute of Certified Public Accountants (AICPA) standards for SOC for Service Organizations also known as SSAE 18 since October 3rd, 2023. We are on track to obtain our Type II attestation in H1 2024.

Rigorous Access Policies

Our security program incorporates both governance protocols and technical measures, including that of our vendors, to ensure the platform, data, and code are secure and monitored. All user access is protected by industry standard, role-based authentications.

Entering Background Facts Is Optional; We Have No Access to them

Adding more context about your case will be helpful to do research with more accuracy. For example, adding background facts to your midpage workspace allows users to generate fact comparisons. But adding such context is not required to use midpage. In any event, midpage does not use any information provided by users for training. Nor does midpage store such information any longer than needed to help with your research.

Our employees or vendors don’t have access to this. Not even in an anonymized form.

Where is our data stored

We don’t use any local servers, all data is stored in US-based, SOC2-compliant & end-to-end encrypted cloud hosting solutions: Google Cloud Platform and Render.

Verified by independent Auditors

We partner with independent external security resources to validate the integrity of our security program. This involves regular vulnerability assessments and comprehensive reviews of our policies, vendor management, and risk management practices.

We Do Not Train On Your Data

Neither midpage nor the AI model providers perform any training on your data.

Usage Statistics Do Not Contain Sensitive Data

We track who uses our features. We don’t track what they use it for. For example, in our fact-comparison feature, we track which user triggered this feature but not which case was compared or what the result was.

When creating case summaries, we store the summary, but not who requested it, and we only do this for documents that we obtained from public sources like court reporters.

Using the Browser Extension

We don’t track which pages you visit, and we don’t store any text or content of any website.

This extension inserts AI features when you read cases on the web. It runs on any popular case law website. The extension has no access to any website that is not on the permitted list of case libraries.

In order to show summaries for citations, we scan that case for citations. For things like our AI summaries, we don’t read that page but instead look for the citation in our own database and read and summarize the case from there.

Delete All Data at Any Time

Per account or per organization, you can request the deletion of all data that we have stored. This happens automatically if you delete your account.

Precise Control for Enterprise Clients

Transparency via dashboards

We provide you with dashboards to facilitate monitoring usage statistics within your firm. Those don’t reveal what the tool is being used for, only how much each feature is being used per employee. If requested, we can disable the monitoring.

Account Management for IT Administrators

We offer SSO for enterprise clients as an additional package.

We permit connecting to isolated Microsoft Azure cloud instances for OpenAI access as an additional package.

Administrators can use their existing tools to bulk install or remove midpage apps for employees. We are happy to assist with that process if needed.