Privacy & Security
Last updated: March 13, 2026
Our Commitment
MaxLaw is built for legal professionals who handle sensitive, privileged, and confidential client information every day. We understand that attorney-client privilege and data confidentiality are not optional — they are ethical obligations under ABA Model Rules 1.6 and 1.1. Our platform is designed with these obligations at its core.
Data Handling & Storage
All data you enter into Max — including cases, contacts, time entries, invoices, notes, and documents — is stored in a secure, encrypted database. Your data is protected both in transit (TLS/HTTPS encryption) and at rest (AES-256 encryption).
Encryption in Transit
All connections use TLS/HTTPS. Data cannot be intercepted between your browser and our servers.
Encryption at Rest
All stored data is encrypted using AES-256, the same standard used by financial institutions and government agencies.
Per-User Data Isolation
Every user account on MaxLaw operates in complete isolation. Your cases, contacts, time entries, invoices, chat history, and all other data are accessible only to you. No other user — including platform administrators — can view, access, or modify your data.
This isolation is enforced at the database query level, meaning every single data request is filtered by your unique user ID before any results are returned. There is no shared data space between users.
AI Features & Confidentiality
MaxLaw includes AI-powered features such as AI Legal Chat, AI case analysis, AI email drafting, and AI-enhanced time entry descriptions. These features use large language models (LLMs) to process your inputs and generate responses.
Our AI Data Policy
- ✓No Training on Your Data: Your inputs, prompts, and AI-generated outputs are never used to train, fine-tune, or improve AI models.
- ✓No Persistent Storage of AI Interactions: AI conversations are processed in real-time. The AI provider does not retain your prompts or responses after generating a reply.
- ✓Server-Side Processing Only: All AI requests are routed through our secure backend servers — your data never goes directly from your browser to a third-party AI provider.
- ✓Chat History Under Your Control: Conversation history stored in Max is encrypted and accessible only to you. You can delete it at any time.
Important Notice for Attorneys
Pursuant to ABA Formal Opinion 512 (2024) and the ruling in United States v. Heppner (S.D.N.Y. 2026), attorneys have an ethical obligation to understand how AI tools process client data and to obtain informed consent from clients before inputting confidential information into any AI system. We recommend that you: (1) review your firm's AI usage policy, (2) obtain specific informed consent from clients before using AI features with their confidential information, and (3) exercise professional judgment in supervising all AI-generated outputs. MaxLaw is designed as a closed, enterprise-grade platform, but the ultimate responsibility for maintaining attorney-client privilege rests with the attorney.
Authentication & Access Control
MaxLaw uses industry-standard authentication practices to protect your account:
- •Passwords are hashed using bcrypt with salt — we never store plaintext passwords
- •Session tokens use JWT with cryptographic signing (HS256)
- •Cookies are httpOnly, secure, and SameSite-protected to prevent XSS and CSRF attacks
- •Sessions expire automatically after a period of inactivity
Embedded Third-Party Tools
MaxLaw integrates certain third-party legal research tools (such as JudgeFinder.ai and CourtListener) within the dashboard for convenience. These tools access publicly available legal information — court records, judge profiles, and case law — and do not involve the transmission of your client data or confidential information.
When using embedded tools, you are interacting with those third-party services directly. MaxLaw does not transmit any of your case data, client information, or account details to these services. Your use of embedded tools is governed by those services' own privacy policies.
Data We Collect
| Data Type | Purpose | Shared with Third Parties? |
|---|---|---|
| Name & Email | Account creation and authentication | No |
| Case Data | Case management functionality | No |
| Contact Data | Contact and CRM management | No |
| Time & Invoice Data | Billing and time tracking | No |
| AI Chat Inputs | Generating AI responses | Processed by AI provider (not retained) |
| Usage Analytics | Platform improvement | Anonymized only |
Questions About Our Privacy Practices?
If you have questions about how we handle your data, our security practices, or need documentation for your firm's AI usage policy, please contact us at [email protected].