Security and Data Privacy in Confido Legal

Confido Legal employs industry-leading security tools, processes and standards to protect your data and help you comply with the rules of professional conduct. Here's how we do it.   

Security

• Our application undergoes continuous vulnerability testing using a private bug bounty program through Bug Crowd. Please contact Bug Crowd to participate in the program. 
• All Confido Legal payment pages are served over the Hypertext Transfer Protocol Secure (HTTPS) extension.
• Stored Payment Methods are Tokenized. This allows us to enable firms to use payment information repeatedly without exchanging sensitive information each time.
• We use Amazon Web Services (AWS) to host the Confido Legal software and data. This allows us to access industry-leading security tools.
• Confido Legal uses monitoring software to identify vulnerabilities in any third-party code packages we use. 
• Confido Legal uses Amazon Web Services Cognito and Stych to handle user authentication.
• All Confido Legal software and data reside in a Virtual Private Cloud (VPC) and are accessible only by carefully secured and audited entry points.
• We support multifactor authentication through your preferred authenticator application. Account administrators can enforce multifactor authentication across your firm's user accounts. 
• Our Confido Legal administrative account privileges used by our operations personnel are tiered and tightly controlled. Access is limited to vetted individuals using multifactor authentication. Our team does not have access to payers' full card or banking data through the Confido Legal application.   

Rules of Professional Conduct

Confido Legal is designed specifically for law firms. As a result, we focus on ensuring our platform makes it easy for you to comply with the rules of professional conduct. These features include, but are not limited to:

• No fees are deducted from your firm's trust account(s). Fees are only debited from a designated fee account.
• No client surcharges are deposited into your firm's trust account(s).
• Chargebacks are removed from your firm's operating account, so you have control over how these disputes are accounted for.

For more info, we have created several state-by-state guides on common topics related to handling client property and other common issues at the intersection of money and the rules of professional conduct:

• State-by-state guide to surcharging.
• State-by-state guide to auto-billing clients using stored payment methods.
• State-by-state guide to third-party financing.
• State-by-state guide to disbursing contingency fees electronically. 

Standards

• Confido Legal undergoes annual PCI-DSS audits.
• The Confido Legal software has undergone multiple SOC-2, type 2 audits.
• Confido Legal adheres to Nacha guidelines, which govern ACH transactions.

Data Privacy and Storage

• Confido Legal does not store card or bank account data. We use tokenization methods to allow law firms to recharge or disburse money to stored payment methods. 
• Identifiable client data stored on our system is limited to transaction information, including payer/payee name and email address. In some cases, we also collect the client and matter names. We do not collect or store any information related to the legal work associated with a client/matter. 
• Any data collected on your firm for underwriting and compliance purposes is stored and updated while you are a Confido Legal customer. Confido Legal does not share or sell this data. This data is deleted within 90 days of account closure.  

Reliability

• We are committed to 99.95% or greater uptime.
• Our real-time status page provides updates on any downtime. 
• We employ continuous monitoring and alerting on the Confido Legal application, so our team is notified when issues occur and can react swiftly.