This website uses cookies to ensure you get the best experience on our website.By clicking "Allow all",you consent to our use of cookies. Privacy Policy

image alt

Security


DISCLOEZY helps family law professionals streamline financial disclosure. Trust and transparency are foundational. You should trust us to keep your data safe, and you should know how we do it. We collect and use information solely to provide and improve our services, in line with applicable Canadian privacy laws. See our Privacy Policy for details.

Data encryption

In transit: All traffic to and from DISCLOEZY is protected with TLS over HTTPS.
At rest: Customer data is stored using strong encryption.
Key management: Encryption keys are managed using hardened, access-controlled services.

Access controls

Account security: Email-based accounts with strong password requirements and optional multi-factor authentication.
Least privilege: Employee access to production systems and customer data is strictly limited by role and reviewed regularly.
Auditability: Administrative actions and sensitive events are logged and monitored.
Session security: Idle sessions expire automatically. Tokens are scoped and short-lived.

Infrastructure and system security

Hardened cloud infrastructure: DISCLOEZY runs on a leading cloud platform whose data centers maintain certifications such as ISO/IEC 27001 and PCI DSS for the underlying facilities.
Network protection: Restrictive firewalls, private networking, and security groups minimize exposure.
Endpoint security: Company devices use full-disk encryption, screen lock, and strong authentication.
Vulnerability management: Regular scanning, dependency monitoring, and prompt patching. Periodic third-party assessments and penetration testing.
Email security: SPF, DKIM, and DMARC are configured to reduce spoofing and phishing risk.

Privacy and compliance in Canada

PIPEDA: As a private-sector service, DISCLOEZY aligns its privacy program with the federal Personal Information Protection and Electronic Documents Act (PIPEDA).
Alberta PIPA: For Alberta customers, we also follow Alberta’s Personal Information Protection Act (PIPA).
Breach notification: We maintain incident response procedures that include notifying affected customers and, when required, regulators under Canadian law.

Application security

Secure SDLC: Code review, automated testing, and security checks are embedded in our development pipeline.
Dependency hygiene: We track and remediate third-party package vulnerabilities.
Secrets management: Secrets are stored in a centralized, access-controlled vault.
Change management: All production changes are tracked, peer-reviewed, and subject to automated checks.

Data governance

Data minimization: We collect only what is necessary for disclosure workflows.
Data residency options: We can discuss regional hosting and storage options to meet organizational policies.
Retention: Retention periods are documented. Data is deleted or anonymized when no longer needed or upon verified request.
Customer controls: Export tools and role-based sharing controls help firms manage files appropriately.

Business continuity and availability

Backups: Encrypted backups with regular restoration testing.
Redundancy: Critical services are designed for high availability with health checks and auto-recovery.
Disaster recovery: Documented runbooks with Recovery Time Objective (RTO) and Recovery Point Objective (RPO) targets.

Vendor and subprocessors

Due diligence: We assess security and privacy practices of subprocessors handling personal information.
Contracts: DPAs include confidentiality, breach notification, and minimum-security clauses.
List: We will maintain an up-to-date subprocessor list and notify customers of material changes.

How you can help

Security is a shared responsibility. You can help by:

  • Using a strong, unique password and a password manager

  • Enabling multi-factor authentication for your account

  • Verifying DISCLOEZY emails come from our official domain

  • Limiting file access to those who need it and reviewing access regularly

Reporting vulnerabilities

We welcome reports from security researchers. If you believe you have found a vulnerability, please email service@discloezy.com with details and reproduction steps. We will acknowledge receipt and work with you to validate and remediate.

Contact and legal

Security and privacy contact: service@discloezy.com
Policies: Privacy Policy, Terms of Service