How do you keep the client data on your web site secure?
Family Law Software web data entry follows current best practices for secure communications, including the
All data files are maintained on our Amazon S3 cloud storage servers.
Access to our Web Sites and to our cloud storage servers at Amazon S3 have "in-transit" TLS
protection. (TLS stands for "Transport Layer Security," and it is the current industry standard
protocol for secure communication between PC and server, replacing legacy SSL protocols).
Every client user account is password protected and accessible only with e-mail and password.
Passwords must be of a secure nature (including both uppercase and lowercase letters, and numbers).
When files are uploading to and downloading from the desktop software to Cloud storage, or, when saving and
retrieving from the web server to Cloud storage, we use Transport Layer Security (TLS). We use RSA 2048 bit
(SHA256 with RSA) certificates.
Each client registers on our site and establishes his or her own password. This password is encrypted at the
moment of creation and no one is ever able to view it. Passwords may not be viewed by anyone (not even by the
people at Family Law Software).
Passwords may be changed only by someone who can log in to the client's email (GMail, Yahoo, MSN, etc.)
corresponding to their user account.
Every client data file is internally encrypted by our software with AES 256 bit encryption.
When files are "at rest" on Amazon S3 servers, the files are encrypted a second time, again with AES
256 bit encryption and a second key.
We have removed from our data entry any fields asking for full social security number. We ask only for "last
4 digits." Attorneys who file forms that require full SSN now have to write that information by hand on
When a client file is transmitted to the professional, we make a copy of the file and store it in a location
that is accessible only by that professional's firm, with the same security parameters that apply to
clients (TLS, encryption, password protection, and so on).
Client's data and Professional's data are stored in separate locations on Amazon's S3 servers.
Clients are not able to create, delete, copy, download, email, send, or share their data file with anyone other
than the Attorney or Professional who registered the client.
Data center: Amazon's data center.
Subcontractors: No subcontractors or third parties are working on the software.
Data Loss Security: All data stores are non-public and protected by AWS.
Intrusion detection and prevention: Provided by AWS.
PCI Data: No PCI data is entered into our system.
Policies that we have in place, copies of which are available upon request, include: