Security

Your contract data. Protected by design.

Contracts contain your organization's most sensitive commercial terms. We build security controls into every layer of the platform.

Request Pilot
Visual concept representing enterprise data security and encrypted contract document protection

Security Principles

Controls built for contract data sensitivity

Encryption in Transit & at Rest

All contract data encrypted with AES-256 at rest and TLS 1.3 in transit. Encryption keys managed per-tenant.

Role-Based Access

Granular access control — counsel, managers, and admins see only what their role permits. Custom role definitions available.

Dedicated Tenancy

Enterprise customers receive isolated data environments — no shared storage with other tenants. Logical and physical isolation options available.

SOC 2 Type II In Progress

We are actively pursuing SOC 2 Type II certification. Controls are designed, implemented, and operational. Audit in preparation.

No Training on Your Data

Your contracts and terms are never used to train or fine-tune AI models. Your data does not influence behavior for other customers.

DPA Available

Data Processing Agreement available for enterprise customers on request. Defines data handling obligations and sub-processor chain.

Data Handling

How contract data moves through Proculr

Ingestion and processing

When a contract enters Proculr — via email, API, or document connector — it is stored in your tenant's isolated environment and processed exclusively for your account. The document never traverses shared infrastructure.

  • Document stored in encrypted tenant storage
  • AI analysis runs in isolated compute context
  • Analysis results stored with document in tenant partition
  • Audit log captures all access events

Retention and deletion

Contract data is retained for the period specified in your agreement. You can delete individual contracts, project-level collections, or request full tenant data deletion at any time.

  • Configurable retention periods per contract type
  • Self-service deletion for individual documents
  • Full tenant deletion on 30 days notice
  • Deletion confirmation and certificate on request

Compliance Readiness

Our compliance readiness roadmap

We believe security posture should be transparent. Here is where we are.

Complete

Security controls design and implementation

AES-256 encryption, TLS 1.3, RBAC, tenant isolation, and audit logging all implemented and operational. Controls documented against SOC 2 Trust Service Criteria.

Complete

Security policies and procedures

Information security policy, incident response plan, access management procedures, and vendor management program all documented and approved.

In Progress

SOC 2 Type II audit engagement

Qualified auditor engaged. Observation period underway. SOC 2 Type II certification is an active operational milestone — not a distant aspiration.

Upcoming

SOC 2 Type II report issuance

Report to be made available to enterprise customers under NDA upon issuance. Customers will be notified when available.

Security questions before starting a pilot?

We welcome security review questions. Reach out and we'll provide the documentation your team needs.

Request Pilot