Preview · This site is in development and not operational · Nothing shown here is an offer, commitment, or legal advice.

How ORCA Protects Your Data

A system handling privileged legal materials must meet a high bar. Here's how we do it.

Data Residency in Israel

Application data - case files, exhibits, generated documents - is stored on servers in Israel. AI processing is performed via secure cloud services from international providers (OpenAI, Anthropic). All traffic is encrypted in transit.

Encryption at Every Stage

Encryption in transit (TLS 1.3) and at rest (AES-256). All communication between your browser and our system is fully encrypted.

Automatic Deletion

Uploaded files and generated documents are deleted automatically on a defined retention schedule. Documents are removed within 30 days. No request needed.

Your Data Is Never Used for Training

Client materials are never used for model training. Your data belongs to your client. Period.

Access Control

JWT authentication with token refresh. Firm-level isolation - each firm sees only its own documents. Rate limiting on every endpoint.

Upload Security

Every uploaded file undergoes magic-byte verification - checking that file content matches the declared type. Failed files are deleted immediately.

Input Sanitization

XSS protection on all input fields. Security headers (CSP, X-Frame-Options, X-Content-Type-Options). Payload size limited to 1MB.

Case Isolation

Every case is processed in complete isolation. No data sharing between cases, between clients, or between firms. Results are fully isolated.

Continuous Improvement

We build according to SOC 2 and ISO 27001 principles. Internal security audits are conducted regularly. If you have specific compliance requirements - let's talk.

Questions about security? Talk to us