Your data security is our top priority.
Firmfy is built with enterprise-grade security from the ground up. We protect your firm's most sensitive data with the same standards trusted by the world's largest organizations.
Security Features
SOC 2 Type II
Our infrastructure and processes are independently audited annually to meet the rigorous SOC 2 Type II standard for security, availability, and confidentiality.
256-bit AES Encryption
All data stored on our platform is encrypted at rest using AES-256, the same standard used by governments and financial institutions worldwide.
TLS 1.3 in Transit
Every connection to Firmfy is encrypted with TLS 1.3, ensuring your data is protected as it travels between your devices and our servers.
Role-Based Access Control
Fine-grained permissions let firm administrators control exactly who can view, edit, or manage sensitive data across the platform.
99.9% Uptime SLA
We guarantee 99.9% uptime backed by a service-level agreement. Our redundant infrastructure ensures your firm is never left without access.
Daily Automated Backups
Your data is automatically backed up every day to geographically separate locations, with point-in-time recovery available for the past 30 days.
Audit Logging
Every significant action is tracked with user, timestamp, and details. A complete activity trail ensures full visibility for security and compliance reviews.
Employee Data Privacy
Notes to Self are completely private — invisible to managers and admins. Employees can trust that their personal notes remain confidential at all times.
Strict Role-Based Access
Three permission levels (Employee, Manager, Admin) with strict feature access control. Sensitive data and administrative features are only visible to authorized roles.
Compliance & Certifications
Firmfy meets and exceeds the compliance requirements that law firms demand. Our platform is regularly audited against leading security frameworks.
How We Handle Your Data
Data Storage
All data is stored in US-based AWS data centers with multi-region redundancy. Our infrastructure is isolated per tenant to prevent cross-contamination.
Retention Policies
We retain your data only as long as your account is active. Upon cancellation, data is permanently deleted within 30 days. Backups are purged on a rolling 90-day cycle.
Deletion Rights
You can request full deletion of your data at any time. We provide a self-service data export tool so you can download everything before closing your account.
Multi-Tenant Data Isolation
Complete Firm Isolation
Every firm's data is completely isolated in our infrastructure. Employees can never see another firm's information.
Strict Tenant Separation
Our database architecture ensures strict tenant separation at every layer — from data storage to API queries to caching.
Role-Based Access in Firmfy
Three permission levels — Employee, Manager, and Admin — ensure people only see what they're authorized to see. Employees see their own tasks, goals, rewards, and pay. Managers additionally see their team's data. Admins see everything firm-wide. Sensitive features like Employee Scorecards and Automations are restricted to firm leadership.
Integration Security
Connections to Clio, GoHighLevel, Practice Panther, and MyCase use secure OAuth 2.0 with scoped permissions. We never store your platform credentials. All data synced from external platforms is encrypted in transit and at rest, with the same AES-256 protection applied to all Firmfy data.
Responsible Disclosure
We value the security research community. If you discover a vulnerability in our platform, please report it responsibly and we'll work with you to resolve it promptly.
security@firmfy.comReady to see Firmfy in action?
Schedule a demo to learn how Firmfy keeps your firm's data safe while streamlining your practice.
Request a Demo