Security & Trust

We handle sensitive client data. We take that seriously. Here's how we protect it.

Encryption everywhere

All data encrypted in transit (TLS 1.3) and at rest (AES-256). API communications use HTTPS exclusively. No exceptions.

Isolated environments

Each firm's data is logically isolated. Documents, agent outputs, and correction logs are never shared across clients.

No training on your data

Your documents and work product are never used to train AI models. The learning loop is scoped to your firm's instance only.

Human-in-the-loop by design

No email sent, no database updated, no status changed without explicit human approval. Agents draft; your team decides.

Role-based access

Granular permissions by role — attorneys, analysts, supervisors, laterals team. Users see only what they need to see.

SOC 2 Type II

SOC 2 Type II certification is in progress. Contact us for our current security documentation and assessment timeline.

Infrastructure

Cloud providerAWS / Railway (US regions)

DatabasePostgreSQL with encrypted connections

File storagePersistent volumes with access controls

AI modelsAnthropic Claude (via API) — no data retention by model provider

AuthenticationRole-based with session management

MonitoringApplication-level logging with audit trails

Deployment options

Mykros can be deployed as a hosted SaaS or within your firm's own cloud environment. For firms with strict data residency or air-gapped requirements, we offer private deployment options.

Hosted (SaaS)

Managed by Mykros. Fastest deployment. Automatic updates. Data isolated per firm.

Private deployment

Deployed within your firm's Azure, AWS, or GCP environment. Full data sovereignty. Contact us to discuss.

Questions about security?

We're happy to walk through our security posture, share documentation, or discuss your firm's specific requirements.

Talk to us