top of page
Color Logo.png

SECURITY POLICY

Effective Date: April 1st, 2025

TACJAC LLC ("Company", "we", "our", or "us") is committed to maintaining the security, integrity, and confidentiality of your personal and business information. This Security Policy outlines the measures we take to protect the data entrusted to us as part of our subscription-based Services, which include general legal information via automated systems and referrals to licensed attorneys.

 

1. Our Commitment to Security

We recognize that our users trust us with sensitive information. We implement technical, administrative, and physical safeguards to protect that data from unauthorized access, disclosure, alteration, and destruction.

Our security program is designed to:

  • Protect the confidentiality, integrity, and availability of user information;
     

  • Comply with applicable privacy and data protection laws;
     

  • Continuously monitor and improve our security posture.
     

 

2. Data Encryption

  • In Transit: All data transmitted between your device and our servers is encrypted using industry-standard TLS (Transport Layer Security) protocols.
     

  • At Rest: Sensitive data stored on our systems is encrypted using AES-256 encryption or equivalent standards.
     

 

3. Access Controls

  • Access to user data is strictly limited to authorized personnel who require it to operate, develop, or improve our Services.
     

  • Role-based access controls (RBAC) are enforced internally to ensure minimum necessary access.
     

  • Administrative access is logged and monitored for unusual activity.
     

 

4. Authentication and Account Security

  • All user accounts require secure passwords that meet defined complexity requirements.
     

  • Account authentication sessions are encrypted and time-limited.
     

  • Two-factor authentication (2FA) is supported or required for administrative dashboards and internal tools.
     

 

5. Application & Infrastructure Security

  • Our platform is hosted with reputable cloud providers that maintain robust physical and network security controls.
     

  • Firewalls, intrusion detection systems (IDS), and automated monitoring tools are in place to detect and prevent unauthorized access or anomalous behavior.
     

  • Regular vulnerability scanning and patch management are performed across our infrastructure and codebase.
     

 

6. Third-Party Services and Integrations

  • We work with third-party service providers (e.g., payment processors, hosting, customer support platforms, AI platforms) who are contractually required to maintain appropriate security and privacy standards.
     

  • All integrations are evaluated for compliance with our security protocols before implementation.
     

  • We do not sell or share user data with third parties for marketing purposes.
     

 

7. AI-Powered Informational Assistance

  • Information submitted through our automated platform is processed using secure internal systems designed to return general informational content.
     

  • No sensitive legal data or personally identifiable information is knowingly used to train or improve any external AI models.
     

  • Users are instructed not to input confidential or privileged legal information into automated response fields.
     

 

8. Employee Security Practices

  • All employees undergo background screening and security training as part of onboarding.
     

  • Team members are trained regularly on privacy, security best practices, and incident response protocols.
     

  • Employee access to production systems is logged, monitored, and restricted by role.
     

 

9. Incident Response and Breach Notification

We maintain a documented Incident Response Plan that includes:

  • Immediate identification and containment of the incident;
     

  • Notification to affected users where required by law;
     

  • Remediation steps and root cause analysis to prevent recurrence;
     

  • Cooperation with regulators or legal authorities if necessary.
     

In the event of a confirmed data breach that affects your personal information, we will notify you without undue delay, as required by applicable law.

 

10. Data Retention and Disposal

We retain personal information only as long as necessary to provide the Services or comply with legal obligations. Upon expiration of retention periods or account termination:

  • Data is securely deleted or anonymized using industry-standard methods.
     

  • Backups are purged in accordance with our data retention schedule.
     

 

11. User Responsibilities

To help us keep your data secure, we encourage you to:

  • Use strong, unique passwords and enable 2FA where available;
     

  • Do not share your login credentials;
     

  • Avoid entering sensitive or privileged information into general response fields;
     

  • Immediately report any suspected unauthorized use of your account.
     

 

12. Policy Updates

We may update this Security Policy periodically to reflect improvements, regulatory changes, or updates to our practices. Changes will be posted on this page with an updated effective date. Your continued use of the Services constitutes acceptance of any changes.

 

13. Contact Us

If you have questions or concerns about this Security Policy or would like to report a security issue, please contact us at:

TACJAC LLC dba LawCierge AI

Email: info@lawcierge.ai

bottom of page