intake.link

Security at intake.link

We understand that legal intake forms often contain sensitive client information. Security is built into every layer of our platform to protect your data and your clients' privacy.

Data Protection

Your data is encrypted at every stage

  • Encryption in transit using TLS 1.2+
  • Encryption at rest with AES-256
  • No plain-text storage of sensitive data
  • IP addresses hashed for privacy

Infrastructure

Built on enterprise-grade cloud providers

  • Vercel hosting (SOC 2 Type 2, ISO 27001)
  • Upstash Redis database (SOC 2 Type 2)
  • Clerk authentication (SOC 2 Type 2)
  • Global edge network with DDoS protection

Access Controls

Strict controls over who can access data

  • Role-based access control (RBAC)
  • Organization-level data isolation
  • Multi-factor authentication support
  • Comprehensive audit logging

Compliance Readiness

Architecture designed for regulatory requirements

  • HIPAA-ready architecture
  • SOC 2 aligned security controls
  • 90-day default data retention
  • BAAs available at Enterprise tier

Security Headers

Every response from intake.link includes security headers to protect against common web vulnerabilities.

Strict-Transport-Security: max-age=63072000; includeSubDomains; preload

X-Frame-Options: SAMEORIGIN

X-Content-Type-Options: nosniff

Referrer-Policy: strict-origin-when-cross-origin

Permissions-Policy: camera=(), microphone=(), geolocation=()

Enterprise Security

For organizations with advanced security and compliance requirements, our Enterprise plan includes additional features and support.

  • Business Associate Agreement (BAA) for HIPAA
  • Custom security reviews and documentation
  • Dedicated security contact
  • Extended audit log retention
Contact Enterprise SalesLearn About firmops.io

Security Questions?

If you have questions about our security practices or need additional information for your compliance review, we're here to help.

Contact Security Team