Security, privacy, and confidentiality are crucial to legal teams, and our team here at LawVu ensures that we adhere to the highest privacy standards and security regulations.
These security features will enable your in-house legal teams to gain complete control over their sensitive data from inside LawVu.
In this article:
Two-factor authentication (MFA)
Enabling this feature will require all users within your organization to be authenticated with an additional one-time password sent via email when they log in.
Please note that once SSO is configured by your IT team, MFA settings within LawVu will no longer apply. With SSO in place, the MFA process will follow the policies defined by your corporate identity provider.
To know more about this, click here.
External communication
We have applied stricter security settings to prohibit sensitive information from LawVu from being shared with any third parties via email by disabling external communication.
Organization administrators can enable or disable this functionality by going to Organization Settings > General Settings > Security.
When disabled, this will:
Remove the email address of a matter, contract, or associated conversation from any email correspondence.
Eliminate the option to share files by sending them via email. Users will no longer be able to share a contract document or a file within the 'Files' tab of a matter by sending them via email. This will also remove the option to add email recipients from Conversations.
Logout inactive users
You can add an extra layer of security and data protection by automatically signing users out after a period of inactivity.
This feature is available for all organizations. Administrators can go to Organization Settings > General Settings > Security and toggle "Automatically sign users out after a period of inactivity" on or off.
When enabled, Administrators can select an inactivity timeout period from the following options:
Timeout Options |
5 minutes |
10 minutes |
15 minutes |
20 minutes |
25 minutes |
30 minutes |
45 minutes |
1 hour |
2 hours |
4 hours |
8 hours |
12 hours |
Default timeout: When enabled for the first time, the default inactivity timeout is 1 hour for standard organizations. When not enabled, users are logged out after 24 hours of inactivity.
When a user is inactive beyond the configured timeout, they will be signed out and prompted to sign in again.
If your organization already has an inactivity timeout configured, your existing setting will be preserved.
Compliance Security
Compliance Security enforces HIPAA/CJIS-aligned security controls for your organization. If Compliance Security is enabled, tighter security settings are automatically applied, with no option to switch them off.
Having Compliance Security turned on for your organization will:
Permanently disable external communication - This will remove the email address of a matter, contract, or associated conversation from any email correspondence and eliminate the option to share files via email.
Enforce inactivity logout - The Logout inactive users setting is mandatory and cannot be disabled. Organizations can set their own timeout period in LawVu. The default inactivity timeout for Compliance Security organizations is 10 minutes. Administrators can adjust this from the same dropdown options listed above (5 minutes to 12 hours). A guidance note will display: "HIPAA compliance: LawVu recommends 15 minutes or less."
Restrict information in email notifications - All information, such as the matter or contract name and the content of conversations/assignments, will be automatically removed.
To enable Compliance Security for your organization, please reach out to your CSM or Implementation Manager.
Email security
LawVu utilizes Sendgrid for external email from our product. For each geographically isolated stack of our product, a discrete Sendgrid configuration is utilized as detailed below. Please note that the Sendgrid instance itself is not paired to the same region, as outlined in our Subprocessor list. Some organizations opt to have the emails generated to be generic notifications and omit any matter or contract details.
LawVu Product Email Hostnames
The following are the email service hostnames associated for each LawVu geographical stack:
mail.lawvu.com | Australia stack |
mail-can.lawvu.com | Canada stack |
mail-eu.lawvu.com | Europe stack |
mail-us.lawvu.com | USA stack |
mail.lawvu-gov.com | USA Gov stack |
Email Format
Email notifications generated by the LawVu product are sent using the syntax “id@mail-host”. For example:
The identifier relates to a contract or matter. This email is formed in such a way to mitigate any attempt to manipulate a contract or matter.
Email Security
LawVu implements the following security and authentication measures to ensure delivery of email is as secure as possible:
TLS (Transport Layer Security)
DKIM (DomainKeys Identified Mail)
SPF (Sender Policy Framework)
DMARC (Domain-based Message Authentication, Reporting and Conformance)
Email Delivery
In line with industry security practices, all platform emails to and from Sendgrid are mandated to transfer over a minimum TLS 1.2 connection, with full identity verification to ensure that traffic cannot be intercepted.