Security & data
Attorneys carry confidentiality and malpractice exposure on every filing. Here is exactly how StareLaw treats the work you put into it.
All customer data — research queries, citation extractions, matter records — is encrypted at rest with AES-256 and in transit via TLS 1.3. Database backups are encrypted with separate keys.
Your work is not used to train any model — ours or any provider's. Anthropic API calls run with training opt-out flags set. We do not share prompts or completions with third parties beyond what's required to fulfill the request.
Every verification step is logged and exportable. When a citation resolves, you can click through to the source record. When it doesn't, you can see exactly what was queried and what came back.
Application and database hosted in U.S. data centers (Vercel + Neon). Customer data does not transit outside the U.S. except for AI inference, which routes through Anthropic's U.S. endpoints.
Certifications roadmap
We are publishing our compliance roadmap rather than waiting for the badge. If a certification is required to evaluate StareLaw inside your firm, tell us where you are in your diligence cycle.
SOC 2 Type I
In progress · Targeted Q3 2026
SOC 2 Type II
Targeted Q1 2027
GDPR readiness
DPA available on request
HIPAA
Not in scope (legal data, not PHI)
Privacy
What we collect. Account information (name, email, billing), the text you submit for verification and research, and product usage telemetry (events, errors, performance). We use PostHog for product analytics and Clerk for authentication.
What we don't do. We do not sell your data. We do not use your submitted documents or queries to train any model. We do not share your content with third parties beyond the LLM and search provider calls necessary to fulfill the verification request.
Retention. Submitted documents and queries are retained while your account is active so you can reference past matters. On account closure, all customer data is purged within 30 days. Encrypted backups age out within 90 days.
Your rights. Export your data, correct it, or request deletion at any time from your account settings. Formal data-subject requests can be sent to privacy@starelaw.com (response within 30 days).
Terms
Not legal advice. StareLaw is a research and verification tool. It does not provide legal advice and is not a substitute for professional judgment. Every citation should be independently confirmed by a licensed attorney before filing.
Acceptable use. StareLaw is licensed to the attorney or firm named on the account. Don't share credentials. Don't use the service to violate court rules, ethical obligations, or law.
Service availability. We target 99.5% uptime. Outages, planned maintenance, and incident reports are posted to status.starelaw.com (coming soon).
Liability. Our liability is limited to the fees paid in the prior 12 months. You remain responsible for the final form of any work product you file under your signature.
Full Terms of Service and Data Processing Addendum available on request: legal@starelaw.com
If you're evaluating StareLaw inside a firm and need a security questionnaire response, DPA, or pen-test summary, contact us directly.
security@starelaw.com · response within 2 business days