Security

How we protect your data

Our Security Commitment

At Pact, security is foundational to everything we build. We understand that you trust us with sensitive legal documents and business-critical information. We take that responsibility seriously and implement comprehensive security measures to protect your data.

Data Protection

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Encryption keys are managed using industry-standard key management practices.

Infrastructure Security

Our infrastructure is hosted on enterprise-grade cloud providers with SOC 2 Type II certification. We use isolated environments, network segmentation, and regular security patching.

Access Controls

We implement strict access controls including role-based permissions, multi-factor authentication for all internal systems, and principle of least privilege for data access.

Application Security

  • Regular security assessments and code reviews
  • Automated vulnerability scanning in CI/CD pipeline
  • Input validation and output encoding to prevent injection attacks
  • CSRF protection on all state-changing operations
  • Content Security Policy (CSP) headers
  • Rate limiting to prevent abuse
  • Secure session management with automatic timeouts

Account Security

Authentication

Secure authentication with support for email/password, Google, and Microsoft SSO. Passwords are hashed using bcrypt with appropriate work factors.

Team Management

Role-based access control for team accounts. Administrators can manage permissions, revoke access, and view audit logs of account activity.

Incident Response

Security Incident Handling

We maintain an incident response plan that includes:

  • 24/7 monitoring for security events
  • Defined escalation procedures
  • Prompt notification to affected customers
  • Post-incident analysis and remediation

AI and Data Processing

When processing your documents with AI:

  • Your documents are processed in isolated, secure environments
  • We do not use your data to train AI models
  • AI providers are bound by data processing agreements
  • Document content is not retained by AI providers after processing

Compliance

Our security practices are designed to support compliance with:

  • GDPR (General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • SOC 2 Type II principles

Responsible Disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover a security issue, please report it to security@closepact.com. We commit to:

  • Acknowledging receipt within 24 hours
  • Providing regular updates on remediation progress
  • Not pursuing legal action against good-faith security researchers

Contact

For security questions or to report a vulnerability:

Email: security@closepact.com