Security & Compliance

 

At Stream Legal, protecting your clients’ data is not just a feature  it’s a foundation.
Our platform is built on industry leading encryption standards, modern infrastructure, and strict adherence to Canadian privacy regulations.Canadian Badge

 

1. Data Protection Principles

We follow internationally recognized data protection standards, including:

  • PIPEDA (Personal Information Protection and Electronic Documents Act)
  • Canadian Bar Association – Technology & Confidentiality Guidelines
  • Frameworks aligned with SOC 2 Type II and ISO 27001

Your data remains yours. We process it solely to provide and improve our services — never for marketing or resale.

 

2. Data Encryption

All information is encrypted in transit and at rest.

  • In transit: TLS 1.3 with forward secrecy
  • At rest: AES-256 encryption across databases and backups
  • Passwords: bcrypt hashing and salting
  • Files: encrypted before storage

 

3. Laravel Application-Level Encryption

Stream Legal uses Laravel’s Crypt facade for application-level encryption:

  • AES-256-CBC via OpenSSL
  • Secure key management via environment variables
  • Integrity protection using HMAC signatures
  • Decryption only within authenticated context

 

4. Hosting & Infrastructure Security

  • Tier 3+ Canadian data centers
  • 24/7 physical security
  • DDoS mitigation and automated patching
  • Encrypted backups in separate regions

 

5. Access Control & Authentication

  • Two-Factor Authentication (2FA)
  • Role-based access control (RBAC)
  • Auto logout on inactivity
  • Audit logs for all admin actions

 

6. Compliance & Legal Framework

Compliant with PIPEDA, GDPR (where applicable), CASL, and provincial privacy acts.

 

7. Audit & Monitoring

  • Continuous monitoring and penetration testing
  • Quarterly incident-response drills
  • Annual staff training

 

8. Data Retention & Portability

Data retained only as required. Permanent deletion within 30–60 days of closure.

 

9. Confidentiality & Staff Training

All staff sign NDAs and complete annual cybersecurity and privacy training.

 

10. Incident Response Plan

Rapid isolation, assessment, and notification procedures ensure transparency and minimal data loss.

 

11. Your Role in Security

Use strong passwords, enable 2FA, and report suspicious activity.

 

12. Questions or Concerns

Contact our Data Protection Officer:
security@streamlegal.pro

 

13. Trust & Verification (Coming Soon)

  • SOC 2 Type II certification (in progress)
  • Third-party penetration testing
  • Canadian data hosting verification

Canadian BadgeQuébécois BadgeGreen Hosting Badge

*Last updated: October 2025