Discover Docket

Trust

Security and confidentiality, by design.

Discover Docket handles privileged work product and confidential client data. Protecting it is a baseline requirement, not a feature.

Compliance & certifications

Discover Docket was architected from day one around the posture that protected health information, attorney-client privilege, and ethical walls actually require.

SOC 2 Type II

Built on SOC 2 Type II compliant infrastructure.

Discover Docket is hosted on infrastructure independently certified to SOC 2 Type II standards. All customer data is stored, processed, and transmitted through this audited environment. Discover Docket's firm-level SOC 2 Type II certification is on the roadmap for post-launch.

HIPAA-aligned

PHI handled per the Security Rule.

For matters touching protected health information, data is handled per the HIPAA Security Rule — access controls, audit controls, integrity controls, and transmission security — so PHI in a litigation file is treated to the same standard it carries everywhere else.

TLS 1.3 / AES-256

Encrypted in transit and at rest.

All traffic is encrypted in transit with TLS 1.3, and data is encrypted at rest with AES-256. Encryption is the default on every surface, not an upgrade tier.

Ethical walls

Enforced at the database layer.

Conflict screens are enforced in the database itself, not merely hidden in the interface. A walled-off user has no query path to a restricted matter — the restriction holds even if the UI is bypassed.

Operational security posture

  • Encryption at rest and in transit

    Firm and client data is encrypted both while stored and while moving across the network.

  • Role-based access control

    Access is scoped to a user's role on each matter — people see what their role permits, and nothing else.

  • Audit logs on every read and write

    Every access and change is recorded, producing a defensible record of who did what, and when.

  • Ethical walls at the data layer

    Screens are enforced in the database itself, so walled-off users cannot reach restricted matters.

  • US-based infrastructure

    Data is hosted on infrastructure located in the United States.

  • No third-party AI training on firm data

    Your data is never used to train third-party AI models.

  • Annual security review

    Security practices are reviewed on a recurring annual basis.

How AI outputs are validated and recorded is covered in the DDEAS framework.

The work gets done. You get to be the lawyer.

Join the waitlist. California firms first.