Enterprise-grade security
We implement comprehensive security protocols, including:Security and control
- End-to-end encryption: AES-256 for data at rest and TLS 1.2+ for data in transit
- SSO + MFA: Microsoft 365 single sign-on with optional multi-factor authentication
- Role-based access control (RBAC) with audit logs
- SOC-2 Type II certified with report available under NDA
- Annual third-party penetration tests and static analysis on every deploy
- Daily dependency updates to address known vulnerabilities
- US-only infrastructure: All servers and data hosted exclusively in the United States
LLM provider security
LOIS for Word works exclusively with AI providers that maintain rigorous data protection standards:- OpenAI: Zero-data retention with no model training on API inputs (API Data Usage Policies)
- Anthropic: Zero-data retention with no model training on API inputs (Acceptable Use Policy)
- Google Gemini: Dedicated API service with no model training on customer data (API Terms)
- Cohere: No model training on customer data (Terms of Use)
Infrastructure security
- GCP hosting with strict network segmentation and physical safeguards
- All customer data encrypted and stored in the US
- Redundant infrastructure to ensure uptime and high availability
- RTO/RPO tested regularly
Incident response
- 24/7 monitoring
- Documented response plan tested regularly
- SLA-backed breach notification timelines
- Clear escalation paths in case of detected threats
Vendor risk management
- All vendors assessed using a formal security review process
- Contractual data protection terms for all subprocessors
- Access reviewed regularly to maintain compliance
Security expertise
- Security team includes former GitHub security product lead
- All engineers receive mandatory security training
- Contact security@filevine.com for any concerns or disclosures