Security & Data Handling

Last updated: June 2026 · Questions? ramtekintelligence@gmail.com

How Your Data Is Handled

Ramtek Intelligence processes legal documents, client communications, and firm data exclusively to provide the services you request. We do not sell, share, or monetize your data in any form.

Encryption & Transmission

• All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
• Authentication tokens are stored in httpOnly, Secure cookies — never in localStorage — making them inaccessible to JavaScript and resistant to XSS attacks.
• Our database (PostgreSQL via Supabase) uses encrypted connections for all queries.

AI Processing — Anthropic API

Ramtek Intelligence uses Anthropic's Claude API to power its AI tools. Here is what that means for your firm's data:

• No training on your inputs. Per Anthropic's API usage policy, data submitted via the API is not used to train Anthropic's models. Your documents and client information do not become part of any AI training dataset.
• No persistent storage by the AI. Prompts and responses are processed in real time and are not retained by Anthropic beyond the duration of the API call.
• Inputs are processed, not stored, by the model. Each request is stateless — the AI has no memory of prior sessions or other firms' data.
• Anthropic's full data handling policy is available at anthropic.com/legal/privacy.

Data Storage & Retention

• Firm data (users, documents, workflows, contacts) is stored in our database and retained for the duration of your subscription.
• Upon cancellation, you may request full data deletion by emailing ramtekintelligence@gmail.com. Deletion is completed within 30 days.
• We do not retain copies of documents you submit for AI analysis beyond what is stored in your account.

Access Controls

• Each firm's data is isolated by firm ID — users at one firm cannot access another firm's data.
• Passwords are hashed using bcrypt before storage. We never store plaintext passwords.
• Team member access is managed by the firm admin. Removed users immediately lose all access.
• Rate limiting and CSRF protection are enforced on all authenticated endpoints.

Subprocessors

• Anthropic — AI inference (Claude API). Data processed per API terms, not retained for training.
• Supabase — PostgreSQL database hosting. SOC 2 Type II certified.
• Render — Application hosting. Data processed in the United States.
• Stripe — Payment processing. PCI DSS Level 1 certified. Ramtek never stores card numbers.
• Resend — Transactional email delivery (password resets, invitations).

Attorney-Client Privilege

Ramtek Intelligence is a software tool, not a legal service provider. We are not a party to the attorney-client relationship. Data you submit through our platform remains under your firm's control. We recommend against submitting highly sensitive client information (e.g., sealed case materials, grand jury matters) through any cloud-based platform without first consulting your malpractice carrier.

Incident Response

In the event of a data security incident, we will notify affected firms within 72 hours of discovery via the email address on file. We will provide a clear description of what occurred, what data was affected, and the steps taken to remediate.

This document is provided for informational purposes and does not constitute a Data Processing Agreement (DPA). Firms requiring a formal DPA for compliance purposes should contact us at ramtekintelligence@gmail.com.