Our approach
Security by design, not afterthought.
Approval-Gated AI
No document is filed, no email is sent, and no case data is changed without your explicit approval. Every AI action goes through a staging queue where you review and decide.
Firm-Level Isolation
Each firm's data is completely separated. Your matters, documents, and case facts are never accessible to anyone outside your practice - by design, not by policy.
Encryption Everywhere
Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Agent reasoning traces and case files are stored at the same encryption level.
Source-Grounded Output
AI output is tied to documents you've uploaded. Every fact in a case synopsis links back to its source with a trust level, so you can always verify what the AI is relying on.
PII Detection
Social Security Numbers and sensitive information are automatically flagged before filing. Redaction tools remove protected data from service copies.
Session & Workspace Security
Case data is loaded into temporary workspaces during active sessions and wiped on termination. No residual client data persists in working memory.
Access control
The right people see the right data.
Role-based permissions
Attorneys have full access to billing, approvals, and settings. Staff can work within cases but can't approve filings, access billing, or change firm settings.
Authentication & identity
Identity management through Clerk with JWT-based authentication. Sessions are validated on every request - credentials are never cached or assumed.
Per-request authorization
Every API request is checked against the user's firm and role. Attempting to access another firm's data returns an error, not the data.
Ethics & compliance
Built with California Rule 1.1 in mind.
The duty of competence now includes understanding the technology you use to serve clients. Cedent is designed to help you meet that obligation.
Human oversight by default
AI assists; the attorney decides. The staging queue ensures a human reviews every output before it affects a client's case.
Traceable reasoning
See what the AI did and why. Tool traces log every action; thought traces show the reasoning chain with references to statutory rules.
Data residency
Your data stays in the United States. We do not transfer client data outside the country or use it to train AI models.
SOC 2 roadmap
We are actively working toward SOC 2 Type II certification. Our security practices already align with the framework - formal audit is on our near-term roadmap.
Questions about security?
We're happy to discuss our security practices in detail. Reach out or join the waitlist and we'll be in touch.