LitiSync, Inc. (“LitiSync,” “we,” “our,” or “us”) is committed to protecting the confidentiality, integrity, and availability of information processed through the LitiSync platform (the “Service”). This Security & Data Protection Overview describes the administrative, technical, and organizational safeguards designed to protect customer and intake-related information.

This overview is intended to provide a high-level summary of security practices and should be read together with the applicable Master Service Agreement, Data Processing Agreement, Privacy Policy, and other governing agreements.

1. Security Program Overview

LitiSync maintains a risk-based security program designed to protect information processed through the Service using administrative, technical, and organizational controls aligned with industry-recognized security practices appropriate to the size and nature of the Service.

Security controls are designed to reduce the risk of unauthorized access, disclosure, alteration, or destruction of information. No system can guarantee absolute security.

2. Data Protection Controls

To protect customer information, LitiSync employs safeguards including:

Encryption of data in transit using industry-standard protocols
Encryption of stored data at rest
Role-based access control mechanisms
Authentication controls designed to protect user accounts
Secure infrastructure hosting environments
System logging and activity monitoring

Security measures are periodically reviewed and may evolve as the Service and risk landscape change.

3. Access Management

Access to customer data is limited to authorized users and personnel who require access to perform operational, support, or security functions.

Administrative access is restricted and subject to internal authorization procedures.

Participating law firms control user access to their own case-related information through account-level permission settings and are responsible for managing user credentials within their organizations.

4. Infrastructure Security

The Service is hosted in professionally managed infrastructure environments designed to support:

Network-level security protections
System monitoring and logging
Redundancy and availability safeguards
Controlled physical access to infrastructure facilities

Infrastructure providers are selected based on reliability, security posture, and contractual safeguards.

5. Monitoring and Incident Response

LitiSync maintains monitoring systems designed to detect potential security events.

LitiSync maintains incident response procedures designed to:

Investigate confirmed security incidents
Contain and remediate identified risks
Notify affected customers in accordance with contractual and legal obligations

Incident response processes are periodically reviewed and updated as appropriate.

6. Vendor and Subprocessor Security

LitiSync may engage trusted infrastructure and service providers to support hosting, communications, analytics, transcription, and operational services.

Such providers act as authorized subprocessors and are contractually required to implement appropriate security and confidentiality safeguards consistent with applicable agreements.

Vendor risk and security practices may be evaluated as part of operational security processes.

7. Security Reviews and Continuous Improvement

Security practices are periodically reviewed and updated to address evolving risks, operational needs, and industry standards.

Enterprise or custom-license customers may request additional security documentation, summaries, or questionnaires where available under applicable agreements.

8. Customer Responsibilities

Participating law firms and users are responsible for:

Maintaining the confidentiality of account credentials
Implementing appropriate internal access controls
Ensuring authorized users follow secure usage practices
Configuring retention and access settings consistent with their legal obligations

Security of exported data outside the Service environment is the responsibility of the participating law firm.

9. Limitations of This Overview

This overview provides a summary of security practices and does not describe every operational control used to protect the Service.

Nothing in this document creates additional contractual obligations beyond those set forth in applicable agreements.

10. Changes to This Overview

LitiSync may modify this Security & Data Protection Overview from time to time to reflect updates to the Service, legal requirements, or security practices. Unless otherwise required by applicable law, updates become effective upon posting the revised version. Continued use of the Service after the effective date constitutes acceptance of the revised Overview.

11. Contact

Security-related questions or vulnerability reports may be directed to:

LitiSync, Inc.
Security Team
Support@LitiSync.com
c/o Law Office of Andrea Paparella, PLLC
134 W. 29th Street, Suite 1001
New York, NY 10001-5304
United States