Security Policy

We are proud to provide enterprise-class security and data management services to businesses worldwide. Built on leading edge infrastructure and technologies, we are committed to keeping your confidential information as safe as possible.

Redundant Information Security

We handle sensitive information for hundreds of organizations around the world. To do this, we employ multiple levels of data protection:
  • We encrypt all data transmissions over 256 bit SSL security.
  • Unique keys are generated for each customer, making multiple account hacking almost impossible.
  • Finally, we use document encryption for extra safe measures.
  While it’s common for Software-as-a-Service (SaaS) providers to provide SSL-security connections, the truth is that most compromises start after your data is in the hands of a service provider. We have taken a leadership role in protecting our customers’ information. We took the time to build additional maintenance tools so that we can ensure customer data isn’t compromised.  

ISO 27001:2013 Certification

Legisway Essentials (previously called effacts) is the only smart repository for legal information that is ISO/IEC 27001:2013 certified as an information security management system (ISMS). This is the highest level of global information security assurance available today, and provides customers assurance that Legisway Essentials meets stringent international standards on security.  

Proven Uptime and Disaster Prevention

We are committed to providing our customers with exceptional uptime and availability. You can trust that we are aligned with your availability expectations:
  • 99.9% uptime service level commitment.
  • Fully redundant primary internet connections.
  • 24x7x365 network operations control.
  Our private cloud has been constructed with true real-time redundancy. With live data synchronization, every application and database server has an active fail-safe unit ready to take over in the event of a disaster. Reinforcing this real-time fail-safe, on a nightly basis, customer databases are backed up in full, from the active fail-over server, ensuring backup processes do not disrupt access to customer data. Backups are shipped off-site over a dedicated fiber link to another secure location, ensuring that even in the event of a critical disaster, customer data is secure.  

Operational Best Practices

Our customers enjoy security controls such as fully guarded premises and physical access management that are economically unfeasible with typical in-house, on premise deployments. Dedicated around-the-clock availability and security monitoring provide added layers of assurance.  

Serious About Security

All the data centers are locked and guarded, and can only be accessed by authorized personnel. Monitored closed circuit television systems and onsite security teams vigilantly protect the data centers around the clock, while military grade pass card access and bio-metric finger scan units provide even further security.  

Regulated Climate Control

The heating, ventilation, and air-conditioning (HVAC) systems have full particle filtering and humidity control. The climate within each of our data centers is maintained according to ASHRAE Guidelines. This ensures your mission-critical dedicated server and hardware is functioning at its best.  

Redundant Power—Just in Case

The data centers don’t rely solely on the local power grid to guarantee around-the-clock power. The onsite diesel-powered generators and uninterruptible power systems (UPS) deliver redundant power if a critical incident occurs, so that all operations are uninterrupted and your dedicated servers remain online. We regularly test our infrastructure to make sure it performs as designed in the event of an emergency. And we back it all up with our 99.9% Uptime SLA.  

International Privacy Standards

Privacy is part of our DNA. As part of our promise to you, we adhere to stringent international data management controls and policies to ensure 24×7 protection of your data.  

Our Privacy Policy

Your privacy is important to us and to better protect your privacy we provide a public Privacy Policy explaining our online information practices and the choices you can make about the way your information is collected and used. To make this easy to find, we make it available on our homepage and at every point where personally identifiable information may be requested.  

Data Privacy

Personal data is subject to the various local implementations of Directive 95/46/EC of the European Parliament and of the Council of October 24, 1995, replaced by the General Data Protection Regulation (GDPR), on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Under the terms of the directive, personal data includes any information about a living identifiable individual, including their name, address, phone number, email address and any other information about the individual.  

Data Portability Commitment

We have made data safety and portability a key principle. Unlike many service providers, we provide every organization its own unique database with private connection credentials. This means that your data always remains secure. Further to this, our data portability commitment is clear: you own your data, and can take it with you at any time. As much as we’d hate to lose you as a customer, we will never hold your data hostage. You can easily export your data in a commonly accepted format, or make use of our various APIs to request data as needed.  

Personnel Security

We use a combination of background checks and confidentiality agreements to reduce the risk of personnel related security breaches. We also perform monitoring via a dedicated compliance team to make sure staff is operating in accordance with security and compliance guidelines.  

Full Audit logging

Our products offer a full audit logging of all user activity with self-service reporting. With these reports you can readily see who has access to what content as well as see access activity across all content in the product.  

24×7 Support

The Network Operations Center (NOC) staff monitors the network 24x7x365, while our network engineers and facility staff are available at any time in the event of an emergency.  

Our Operations

Outside of the core data center operations, we designed our physical office to eliminate any central on-premise servers, ensuring employees and guests have no direct access to customer data. Our employees are unable to access customer data without explicit permission in the course of delivering support services. When requesting support, either at the time of request submission or during the course of interaction with our team, customers have the opportunity to grant any necessary access rights—all such grants are tracked and visible to customers at any time.