Security & Trust

Built for Sensitive Legal Data

Harlan Intelligence is designed with attorney-client privilege and data security as foundational requirements — not afterthoughts.

TLS 1.3 in Transit
AES-256 at Rest
No Data Training
90-Day Auto-Purge
Security Posture

How We Protect Your Data

Every layer of the Harlan stack is built with legal confidentiality obligations in mind.

Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). No case data is stored in plain text.

Access Controls

Role-based access with least-privilege. Admin accounts require strong passwords. Audit logging on all data access.

Data Retention

You control your data. Case evaluations can be deleted on request. We retain evaluation data for 90 days by default, then auto-purge.

AI Processing

Case data is sent to Anthropic's Claude API for analysis. Anthropic does not train on your data. Processing is ephemeral — no case data is stored by Anthropic.

Subprocessors

Anthropic (AI analysis), Stripe (payments), Vercel/VPS (hosting), SQLite (local database). No third-party analytics or tracking on case data.

Incident Response

24-hour response commitment. Contact security@tryharlan.ai for any security concerns.

Compliance Roadmap

Our Path to Enterprise Compliance

We're building toward full enterprise-grade compliance. Here's where we stand today and where we're headed.

  1. HTTPS / TLS 1.3
    Implemented
  2. Encrypted Database
    Implemented
  3. No Third-Party Case Data Sharing
    Implemented
  4. SOC 2 Type I
    In Progress Q3 2026
  5. Penetration Testing
    Planned Q2 2026
  6. HIPAA BAA Availability
    Planned Q4 2026

Request Security Documentation

For firms requiring formal security review, we provide detailed documentation under NDA — including architecture diagrams, data flow maps, access control policies, and subprocessor agreements.