Security & Trust
Legal teams entrust us with depositions, testimony, and case materials. We treat that with the rigor the record deserves — encryption, access controls, and compliance commitments are specified in the architecture, not bolted on afterward.
The controls legal teams expect — encryption, access management, audit logging, and data isolation — are built into the platform from the ground up.
AES-256 encryption at rest. TLS 1.3 in transit. Customer-managed KMS keys available on enterprise plans.
SSO integration (SAML, OIDC) with workspace-scoped permissions. Fine-grained role management is in active development.
Every access, export, edit, and permission change is recorded in a tamper-proof log — exportable for defensible review at any time.
US or EU region selection on enterprise plans. Data does not leave the elected region except to serve the requested function.
Depositions, documents, and transcripts are used solely to serve the customer request. Nothing enters a training pipeline — contractually guaranteed.
Architected to preserve attorney-client privilege and work-product doctrine. No customer content is shared, aggregated, or used across accounts.
The questions legal, IT, and procurement teams ask us most.
No. Verlo does not train, fine-tune, or otherwise use customer inputs or outputs to improve any model — ours or any third party's. Depositions, documents, and transcripts processed through Verlo are used solely to serve the customer request and are never routed into training pipelines. This commitment is contractually binding and reflected in our agreements with foundation model providers.
Our security team is happy to walk through architecture diagrams, data flow maps, or draft a DPA. Reach us at hello@verlo.ai.