> ## Documentation Index
> Fetch the complete documentation index at: https://docs.loisforword.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security overview

> How LOIS for Word protects contract data with enterprise-grade security architecture, including encryption, access controls, audit logging, and SOC 2 controls.

LOIS for Word is built for legal teams that demand the highest level of trust, control, and transparency. Our security architecture reflects industry best practices and legal-grade confidentiality requirements.

## Enterprise-grade security

We implement comprehensive security protocols, including:

### Security and control

* **End-to-end encryption**: AES-256 for data at rest and TLS 1.2+ for data in transit
* **SSO + MFA**: Microsoft 365 single sign-on with optional multi-factor authentication
* **Role-based access control (RBAC)** with audit logs
* **SOC-2 Type II certified** with report available under NDA
* **Annual third-party penetration tests** and static analysis on every deploy
* **Daily dependency updates** to address known vulnerabilities
* **US-only infrastructure**: All servers and data hosted exclusively in the United States

### LLM provider security

LOIS for Word works exclusively with AI providers that maintain rigorous data protection standards:

* **OpenAI**: Zero-data retention with no model training on API inputs ([API Data Usage Policies](https://openai.com/policies/api-data-usage-policies))
* **Anthropic**: Zero-data retention with no model training on API inputs ([Acceptable Use Policy](https://www.anthropic.com/legal/aup))
* **Google Gemini**: Dedicated API service with no model training on customer data ([API Terms](https://ai.google.dev/terms))
* **Cohere**: No model training on customer data ([Terms of Use](https://cohere.com/terms-of-use))

LOIS for Word does not train AI models on your data.

### Infrastructure security

* GCP hosting with strict network segmentation and physical safeguards
* All customer data encrypted and stored in the US
* Redundant infrastructure to ensure uptime and high availability
* RTO/RPO tested regularly

### Incident response

* 24/7 monitoring
* Documented response plan tested regularly
* SLA-backed breach notification timelines
* Clear escalation paths in case of detected threats

### Vendor risk management

* All vendors assessed using a formal security review process
* Contractual data protection terms for all subprocessors
* Access reviewed regularly to maintain compliance

### Security expertise

* Security team includes former GitHub security product lead
* All engineers receive mandatory security training
* Contact [security@filevine.com](mailto:security@filevine.com) for any concerns or disclosures

LOIS for Word delivers legal-grade AI with infrastructure and controls trusted by enterprise legal teams.
