Security

Legal matters involve some of the most sensitive information a person has. This page summarizes, without jargon, how the portal protects that information today and what is planned as the platform moves from demo to production.

• HTTPS everywhere. Every connection to the portal is encrypted in transit. The site also tells browsers to refuse insecure connections in the future (HSTS).
• Security headers. The portal ships with a content security policy and headers that block it from being embedded in other sites (clickjacking protection), prevent content-type sniffing, limit what other sites learn when you click a link, and turn off browser features the portal does not need.
• Demo data stays in your browser. In the current demo phase, your intake answers and document records are stored only on your own device. They are not transmitted to a server, which means there is no central database of demo client data to breach.
• You control deletion. The Delete my data button in Settings wipes everything stored on your device immediately.
• Hardened endpoints. The portal's server functions validate input, cap message sizes, restrict which websites may call them, rate-limit abusive traffic, and avoid logging personal information.

Before the portal handles live client files at scale, the plan adds:

• Encrypted cloud storage. Client data and documents encrypted at rest, not just in transit.
• Multi-factor authentication (MFA). A second verification step at sign-in for both clients and firm staff.
• Role-based access. Firm staff see only what their role requires; clients see only their own case.
• Audit logging. A tamper-evident record of who accessed or changed what, and when. The firm dashboard already keeps an action audit trail, and production extends it to all data access.

• Use the portal on a device you control, not a shared or public computer.
• Sign out from Settings when you are done on a shared device.
• Keep sensitive identifiers (full Social Security numbers, full account numbers) out of the chat box; use the document vault instead.

If you believe you have found a security problem in this portal, please report it to the firm at (305) 792-9100 or in writing to Recalde Law Firm, P.A., 1111 Brickell Ave, 10th Floor, Miami, FL 33131. Reports are appreciated and taken seriously.