Security at Troup

At Troup, protecting your data — and your clients' — is our highest priority. We apply industry-standard best practices across our infrastructure, AI systems, and internal processes to ensure your legal data remains safe, encrypted, and private.

🔐Data Encryption

• In Transit:All data transferred between your device and Troup is encrypted using TLS 1.3.
• At Rest:All stored data — including files, documents, and metadata — is encrypted at rest using AES-256 encryption.

👥Access Controls

• All user data is logically isolated and accessible only to authenticated users within your organization.
• Role-based access is enforced through dynamic permissions and row-level security (RLS) policies.
• Uploaded files and case materials are never shared outside your account unless explicitly authorized.

🧠AI Data Handling

• Documents used in AI-powered workflows are never used to train third-party models.
• AI requests are routed securely and processed in-memory only. No legal data is retained by OpenAI or Claude.

🧪Vulnerability Management

• We conduct regular security audits and monitor platform activity for suspicious behavior.
• Critical dependencies are kept up-to-date and patched promptly.

🧾Data Retention & Deletion

• You may request permanent deletion of any document, matter, or account data at any time.
• Backups are encrypted and retained for disaster recovery.

🔍Transparency & Compliance

• Troup is committed to GDPR and CCPA compliance.
• We sign Data Processing Agreements (DPAs) for qualifying clients.
• Subprocessors (e.g. OpenAI, Supabase) are reviewed and approved for legal-grade security.

🧰What's Coming

We are actively working on:

• • Client-side document encryption (Troup Vault)
• • Full audit logs and version history
• • SOC 2 readiness