Tellcrest

Security at Tellcrest

How we protect your evidence

Encrypted storage: Files are encrypted at rest before they are stored. The encryption is performed before the file touches the disk, so the file is not readable on the server in plaintext form.

Secure connections: All data between your browser and our servers is encrypted in transit.

Case isolation: Cases are isolated by account and access controls. Other users cannot access a case unless access is explicitly granted.

Audit trail: Uploads, case actions, and report events are logged with timestamps and user identifiers where audit logging is implemented.

AI and your data

  • Tellcrest currently uses Claude by Anthropic for document analysis.
  • Evidence is processed through Anthropic’s commercial API under its current data-use terms.
  • In the current production workflow, evidence is not routed to OpenAI, Google, or other AI providers.
  • The AI analyzes the documents you upload. In the current workflow, it does not browse the web or pull from external sources.

Authentication

  • Passwords are securely hashed. They are never stored in readable form, and the hashing is one-way, even Tellcrest cannot recover them.
  • Your login session stays active for 7 days, then you sign in again for security.
  • Every action requires you to be signed in. No anonymous access.
  • Login sessions are stored in HttpOnly, Secure cookies. JavaScript in your browser cannot read the session token.

Security and compliance posture

Tellcrest is NDA-ready for pilot firms reviewing sensitive matters.

SOC 2 and ISO 27001 are on our security roadmap. We do not currently claim SOC 2 certification or ISO 27001 certification.

Current controls include encrypted file storage at rest, HTTPS in transit, account-level case isolation, HttpOnly Secure session cookies, hashed passwords, and audit logging where implemented.

Coming soon

These features are on our roadmap but not live yet.

  • Two-step login verification (a code sent to your phone in addition to your password)
  • Firm-wide login (sign in once with your firm's existing credentials)
  • Different permission levels for partners, associates, paralegals, and reviewers
  • Invite team members to specific cases without sharing your full account
  • A complete record of who accessed each piece of evidence, when, and what they did with it
  • Download your full audit trail as a file

Contact

If you find a security issue or have questions, email hello@tellcrest.com