LawSafe Systems, LLC
Security Statement
LawSafe® is owned and operated by LawSafe Systems, LLC, a Michigan limited liability company, and it may be referred to in this Security Policy as “LawSafe,” or “us,” “we,” or “our.” Whether you are an owner storing his or her private Documents and Information, a member of any owner’s Circle of Trust, or a Professional that assists such users, you may be referred to as a “user” and sometimes “you” or “your.” Your documents, financial or personal information, data, files, records, and images stored in your LawSafe shall be known here as your “Documents and Information.”
Security as a Prime Concern
We know storing your Documents and Information online raises concerns about data breaches and security. So, we have implemented security measures to protect your Documents and Information from hackers and cyber-attacks.
What You Can Do
The security of your online data depends in part on you. With LawSafe it also depends upon your Circle of Trust®. Be sure to choose the members of your Circle of Trust wisely and be careful about the access and permission you give them. Seeking the advice of an attorney or other qualified professional is advisable.
Electing to use Two Factor Authentication. 2FA may be the best way to increase the security afforded your LawSafe.
Do not share your passwords with anyone and do not enter them in your LawSafe. Do not enter your complete financial account numbers, social security numbers, driver’s license nor passport number, nor your date of birth (“Critical Information”).
While all your Critical Information will be needed in an emergency and after you pass away, you should consider maintaining it physically on paper or in a safe place. We prompt you throughout LawSafe to specify where items like your password list, marriage certificate and social security card might be found. Physically maintaining those items in a safe place is important.
We use one of the largest online credit card processors (online payment gateway) in the United States, authorize.net. Authorize is used by over 43,000 merchants and handles more than 1 billion transactions each year. When you enter your credit card information to purchase a LawSafe that information is handle by and protected by them, and securing that data is what they do best.
Two-Factor Authentication
If you enable Two Factor Authentication (2FA) for your LawSafe Account, whenever you or members of your Circle of Trust sign into your LawSafe we will send a unique code to the user’s mobile phone or designated email address that will be required before you gain access. This extra layer of security ensures that even if your passcode is compromised no one can access your LawSafe. We strongly recommend electing to use 2FA. If you do, it will apply to you and members of your Circle of Trust.
Data Secured at Rest and in Transit
As recommended by the United States Department of Commerce, National Institute of Standards and Technology Special Publication 800-132, all your data is stored using Advanced Encryption Standard (AES) 256 which uses uniquely derived keys for each user. We encrypt all the data fields and documents in the database. For searching and indexing, we hash a small number of fields using HMAC (hash-based message authentication code). We apply the same encryption technique to all documents that you upload.
All communications between you, members of your Circle of Trust, and/or LawSafe itself, are encrypted via Secure Sockets Layer (SSL) and 2048-bit certificates and we require SSL on all communications. We support perfect forward secrecy so that even if someone eavesdrops on your communication, they will still not be able to decrypt the data in the event that the LawSafe key is compromised.
Operational Procedures
From time to time we audit the LawSafe environment and code for security issues and apply patches where applicable. We use commercial services that regularly check our site (including McAfee Secure) and we retain independent security experts to probe and verify the security of LawSafe.
Administrative Access to your Information
Our officers, contractors, and employees, as well as any LawSafe professionals who may assist you in establishing and/or maintaining your LawSafe, are contractually prohibited from gaining access to your LawSafe Account except to carry out their duties for your benefit as described in our Privacy Policy and Terms of Service. LawSafe administrators can never see the content of your LawSafe. LawSafe logs and regularly audits access to your LawSafe account, whether by you, a LawSafe Professional, or members of your Circle of Trust.
Effective Date: October 26, 2019