Legal

Security at Eksana

Your Trust is Our Foundation. Our Security is Your Peace of Mind.

At Eksana, we recognize that legal data is among the most sensitive information. The confidentiality of your research, client details, and case strategies is not just a priority—it is the foundation of our service.

We have engineered our platform with a multi-layered, defense-in-depth security posture to safeguard your data and maintain your trust.

Our Core Security Philosophy: Zero-Trust Architecture

We operate on a Zero-Trust security model. Unlike traditional perimeter-based security, Zero-Trust assumes no implicit trust within the network.

  • Principle: Never trust, always verify
  • Every access request—regardless of origin—must be explicitly authenticated and authorized.
  • Benefit: Drastically minimizes the risk of unauthorized access and ensures only the right people can access the right data at the right time.

Data Protection & Privacy

Encryption at Every Stage

  • In Transit: All communication between your device and Eksana uses TLS 1.2+ to prevent interception.
  • At Rest: Stored data, including research history and saved documents, is encrypted with AES-256.

GDPR & Data Governance

  • Built for Compliance: Eksana is designed to align with GDPR principles, including:
    • Data minimization
    • Purpose limitation
    • User-centric data control
  • Your Data, Your Control: Tools to manage your data, including rights to:
    • Access
    • Rectify
    • Request deletion

*Note: Eksana follows GDPR principles but has not obtained third-party certification.

Infrastructure & Application Security

Robust Cloud Infrastructure

  • Hosted on leading, secure cloud infrastructure with:
    • World-class physical security
    • Continuous network monitoring
    • Compliance certifications (SOC 2 Type II, ISO 27001)

Secure Software Development Lifecycle (SSDLC)

  • Code Reviews & Analysis: Rigorous peer review and automated scanning.
  • Vulnerability Management: Continuous scanning and timely patching.

Strict Access Controls

  • Principle of Least Privilege enforced for all staff and systems.
  • Research data is not accessible to employees, except when required for system maintenance or support.
  • All such access is logged, audited, and tightly controlled.

Operational Vigilance

24/7 Monitoring & Threat Detection

  • Continuous system monitoring.
  • Advanced intrusion detection and prevention systems.
  • Real-time threat identification and response.

Incident Response Plan

  • Predefined and tested procedures for:
    • Threat containment
    • Impact mitigation
    • Transparent communication with users

Your Partner in Security

We view security as a shared responsibility. While Eksana provides enterprise-grade safeguards, we encourage users to:

  • Use strong, unique passwords
  • Enable MFA where possible
  • Stay vigilant against phishing attempts