Security

Access control

Workspace access is intended to be limited to authenticated users with an authorized role in the relevant tenant. Client portal access is intended to be limited to the client and case access records associated with the relevant portal session.

Customers remain responsible for who they invite into a workspace and for the security of their own endpoints and credentials.

Document handling

Documents are uploaded and downloaded using time-limited signed URLs. The application is designed so that document objects are not intended to be publicly listed or publicly retrievable without a valid signed request or other authorized access path.

Communications security

Email and WhatsApp are used as delivery channels for notifications, secure links, and reminders. Those channels are not a substitute for legal confidentiality analysis, internal firm policies, or independent identity verification.

Infrastructure providers

Docvera relies on third-party infrastructure and service providers, including Clerk, Amazon Web Services, Neon, Vercel, Resend, and Twilio.

Customer responsibilities

• Use strong authentication and protect account credentials.
• Invite only authorized users and review access regularly.
• Verify client contact details before sending secure links.
• Keep local devices, browsers, and networks reasonably secure.
• Use lawful and professionally appropriate procedures for handling client records.

Incident handling

If we become aware of a confirmed security issue affecting Docvera, we may investigate, take corrective action, and provide notices as appropriate under our contracts, operational practices, and applicable law.

No absolute guarantee

No online service can guarantee complete security, uninterrupted availability, or zero risk.