Security, privacy, and confidentiality are crucial to legal teams, and our team here at LawVu ensures that we adhere to the highest privacy standards and security regulations.
These security features will enable your in-house legal teams to gain complete control over their sensitive data from inside LawVu.
In this article:
Two-factor authentication
Enabling this feature will require all users within your organization to be authenticated with an additional one-time password sent via email when they log in.
To know more about this, click here.
External communication
We have applied stricter security settings to prohibit sensitive information from LawVu from being shared with any third parties via email by disabling external communication.
Organization administrators can enable or disable this functionality by going to Organization Settings > General Settings > Security.
When disabled, this will:
Remove the email address of a matter, contract, or associated conversation from any email correspondence.
Eliminate the option to share files by sending them via email. Users will no longer be able to share a contract document or a file within the 'Files' tab of a matter by sending them via email. This will also remove the option to add email recipients from Conversations.
Logout inactive users
You can layer on security and data protection by logging users out after a certain inactivity period.
The timeout inactivity feature is available for all organizations, and you can reach out to your CSM if you want this enabled for your org. (Note: If you choose not to, the settings are set to default. Users will be logged out after 24 hours of inactivity.)
Once we enable the feature for you, Administrators can go to Organization Settings > General Settings > Security and choose to enable or disable "Logout inactive users" and/or adjust the default inactivity periods accordingly (as shown in the clip below):
The timeout period for inactivity can be aligned based on the organization's specific security policy from a minimum of 15 minutes to a maximum of 12 hours. When not enabled, the settings are set to default - users are logged out after 24 hours of inactivity.
Compliance Security
Compliance Security is a set of standard settings aimed at ensuring the privacy of data. If Compliance Security is enabled, then tighter security settings are automatically applied without the option of switching them off.
Having Compliance Security turned on for your organization will:
Permanently disable external communication
This will remove the email address of a matter, contract, or associated conversation from any email correspondence and eliminate the option to share files by sending them via email.
Enforce timeout inactivity
The Logout inactive users setting will be enabled by default, but you will still be able to adjust the timeout period based on the organization's security requirements.
Restrict information on email notifications
All information, such as the matter or contract name and the content of conversations/assignments on email notifications, will be automatically removed.
To enable Compliance Security for your organization, please reach out to your CSM or Implementation Manager.
Email security
LawVu utilizes Sendgrid for external email from our product. For each geographically isolated stack of our product, a discrete Sendgrid configuration is utilized as detailed below. Please note that the Sendgrid instance itself is not paired to the same region, as outlined in our Subprocessor list. Some organizations opt to have the emails generated to be generic notifications and omit any matter or contract details.
LawVu Product Email Hostnames
The following are the email service hostnames associated for each LawVu geographical stack:
mail.lawvu.com | Australia stack |
mail-can.lawvu.com | Canada stack |
mail-eu.lawvu.com | Europe stack |
mail-us.lawvu.com | USA stack |
mail.lawvu-gov.com | USA Gov stack |
Email Format
Email notifications generated by the LawVu product are sent using the syntax “id@mail-host”. For example:
The identifier relates to a contract or matter. This email is formed in such a way to mitigate any attempt to manipulate a contract or matter.
Email Security
LawVu implements the following security and authentication measures to ensure delivery of email is as secure as possible:
TLS (Transport Layer Security)
DKIM (DomainKeys Identified Mail)
SPF (Sender Policy Framework)
DMARC (Domain-based Message Authentication, Reporting and Conformance)
Email Delivery
In line with industry security practices, all platform emails to and from Sendgrid are mandated to transfer over a minimum TLS 1.2 connection, with full identity verification to ensure that traffic cannot be intercepted.