Legal data demands the strictest controls. LexOps is designed — at every layer — for confidentiality, isolation and auditability.
Bcrypt-hashed passwords, JWT sessions, httpOnly cookies, SameSite protection. Activation-link based onboarding for clients.
TLS in transit across the whole platform — internal app, public site, client portal.
Every row in every user-facing table carries a firm_id foreign key. Every query is firm-scoped at the middleware layer.
Admin / partner / lawyer / expert / assistant. Per-page permissions, matter-level restrictions, confidential flags.
Two separate auth layers and JWT issuers. A client token can never read internal routes and vice-versa — enforced at every endpoint.
Every mutation logs who did what and when — status changes, activity, assignments, uploads, invoices.
Payment provider integration is isolated to the firm admin surface. No client or staff can act on billing without explicit permission.
Mark any matter confidential — and restrict access to a named team. Never appears in global lists for non-members.
Password strength meter, activation links, expirable tokens, force-change-on-first-login, admin reset.
Daily automated backups, 30-day retention. Point-in-time restore available on Enterprise plans.
Environment-based configuration, separation of staging vs production, no demo credentials shipped on the public surface.
GDPR-aligned architecture, EU hosting, data-processing agreement available on request. SOC-2 roadmap in progress.
We share our security whitepaper and DPA on request for firms evaluating LexOps.
Request security pack