Your Data Security Is Our Priority
Immigration case data demands the highest level of protection. VeriMatter is built from the ground up with security, privacy, and compliance at its core.
Security at Every Layer
We employ defense-in-depth security practices to protect your firm's most sensitive data across infrastructure, application, and operational layers.
Cloud Infrastructure
Hosted on industry-leading cloud infrastructure with enterprise-grade physical security, redundancy, and global availability.
Encryption Everywhere
AES-256 encryption at rest and TLS 1.2+ encryption in transit ensure your data is protected at every stage.
Access Controls
Role-based access control (RBAC) and multi-factor authentication (MFA) ensure only authorized personnel access your data.
Continuous Monitoring
24/7 automated monitoring, intrusion detection systems, and real-time alerting to identify and respond to threats.
Automated Backups
Regular automated backups with point-in-time recovery capabilities ensure your data is never lost.
Regular Audits
Routine security audits, vulnerability assessments, and penetration testing to proactively identify and address risks.
Infrastructure Security
VeriMatter is hosted on enterprise-grade cloud infrastructure that provides world-class physical security, redundant power and networking, and comprehensive compliance certifications.
- SOC 2 Type II Compliance: VeriMatter is actively pursuing SOC 2 Type II certification to provide independent, third-party validation of our security controls, availability, and confidentiality practices.
- Data Encryption: All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher. Encryption keys are managed using industry-standard key management services with automatic rotation.
- Network Security: Our infrastructure employs firewalls, network segmentation, DDoS protection, and intrusion detection and prevention systems to protect against unauthorized access.
- Regular Audits: We conduct regular security audits, vulnerability assessments, and penetration testing performed by qualified security professionals.
Application Security
Security is woven into every layer of the VeriMatter application, from authentication to data access to API design.
- Role-Based Access Control (RBAC): Granular permissions allow firm administrators to control exactly what each user can see and do — from attorneys to paralegals to support staff.
- Multi-Factor Authentication (MFA): Add an extra layer of protection to user accounts with MFA support, reducing the risk of unauthorized access from compromised credentials.
- Session Management: Automatic session timeouts, concurrent session controls, and secure token handling protect against session hijacking.
- Secure API Design: All API endpoints are authenticated, rate-limited, and validated to prevent injection attacks, cross-site scripting, and other common vulnerabilities.
- Penetration Testing: Regular penetration testing is conducted to identify and remediate application-level vulnerabilities before they can be exploited.
Data Protection
Immigration case data and trust accounting records demand exceptional care. VeriMatter is designed with data protection as a fundamental requirement, not an afterthought.
- IOLTA/Trust Accounting Isolation: Trust account data is logically isolated from operating fund data within our platform, supporting your firm's compliance with state bar trust accounting rules.
- Attorney-Client Privilege Awareness: VeriMatter is designed to preserve and protect attorney-client privileged communications and work product. Our access to data for service delivery does not constitute a waiver of privilege.
- Automated Backups: Data is backed up automatically with point-in-time recovery capabilities. Backups are encrypted and stored in geographically separate locations.
- Data Retention Policies: Clear, documented data retention and deletion policies ensure your data is kept only as long as needed and securely purged when no longer required.
- Data Portability: Your firm owns its data. You can export your data at any time in standard, machine-readable formats — no lock-in, no barriers.
Compliance
We build with regulatory and professional compliance in mind, helping your firm meet its obligations with confidence.
- State Bar Ethics Requirements: VeriMatter is designed with awareness of ABA Model Rules and state bar ethics requirements for technology use, data security, and client confidentiality in legal practice.
- CCPA Compliance: We comply with the California Consumer Privacy Act and applicable state privacy laws, including providing transparency about data collection and honoring consumer rights requests.
- Data Processing Agreements: We offer Data Processing Agreements (DPAs) for firms that require them, providing contractual assurances about how we handle and protect your data.
- SOC 2 Type II: We are actively pursuing SOC 2 Type II certification, demonstrating our commitment to maintaining the highest standards of security, availability, and confidentiality.
Incident Response
Despite the best preventive measures, security incidents can occur. We maintain a comprehensive incident response program to detect, contain, and remediate threats quickly.
- 24/7 Monitoring: Our systems are continuously monitored for anomalies, unauthorized access attempts, and potential security events.
- Incident Response Plan: We maintain a formal, documented incident response plan with defined roles, escalation procedures, and remediation protocols.
- Notification Procedures: In the event of a security incident affecting your data, we will notify you promptly in accordance with applicable law and our contractual obligations, providing details about the incident and steps being taken.
- Post-Incident Review: Following any security event, we conduct a thorough post-incident review to identify root causes and implement measures to prevent recurrence.
Security Contact
We take security reports seriously. If you have a security concern, have discovered a vulnerability, or need to discuss your firm's specific security requirements, please don't hesitate to reach out.
Security Inquiries
For vulnerability reports, security questions, or to request our security documentation.
[email protected]General Support
For general questions about your account, platform features, or data handling.
[email protected]Security Is a Continuous Commitment
We continuously invest in improving our security posture. As threats evolve, so do our defenses. Your trust is something we earn every day.
This page reflects our current security practices as of February 2026. For the most up-to-date information or to request detailed security documentation, please contact [email protected].