All Collections
Thinking about the Switch?
General
Where does LeanLaw store and encrypt your data?
Where does LeanLaw store and encrypt your data?

LeanLaw's explanation of data security, encryption, location.

Jonathon Fishman avatar
Written by Jonathon Fishman
Updated over a week ago

Data Storage & Location

Below is a brief overview of our data management strategy.  Keep in mind that LeanLaw is a plug-in to QuickBooks Online.  This means that the majority of your data would permanently reside in QuickBooks Online and their server architecture. 

  • Client data is stored in Microsoft Azure cloud services. The data stores and web applications are in the “West US” location of Azure which means it is stored on US-based servers in the western geographical region. 

  • For diagnostic purposes, copies of the data might temporarily be downloaded to LeanLaw developer systems located in Boise, Idaho.

  • Client data is also temporarily located on user systems in browsers in local storage, cookies and caches.

Data Encryption

All data is encrypted "in motion" when transferred between LeanLaw's systems and other systems including the user's browser and third-party systems such as QuickBooks Online. The encryption is done with standard web encryption (HTTPS/TLS). LeanLaw also encrypts some sensitive data "at rest" including user credentials such as passwords and credentials for accessing QuickBooks online accounts using AES-256 encryption. Payment information is not stored or known to LeanLaw but managed by Stripe, a third-party payment provider.

Two-Factor Authentication

When authenticating in LeanLaw, you do have the option of credentialing via a Google, Intuit or Office365 account. With all three of those entities, you can use two-factor authentication.  We don't offer that option for users who choose to use a LeanLaw username and password. 

Overall Compliance Strategy

We follow best practices and standards as much as possible. 

  • Legal Cloud Computing Association

Legal Cloud Computing Association (LCCA) is an organization whose purpose is to facilitate adoption of cloud computing technology within the legal profession, consistent with the highest standards of professionalism and ethical and legal obligations.  The organization’s goal is to promote standards and guidelines for cloud computing that are responsive to the needs of the legal profession and to enable lawyers to become aware of the benefits of computing resources through the development and distribution of educational and informational resources.

  • Intuit security validation for QuickBooks apps

Data and Location

The following information is stored by LeanLaw systems:

  • Client and matter information

  • Time entries

  • User billing rates and other data

  • User credentials

  • Invoices

  • QuickBooks access tokens

Where is it located?

  • Client data is stored in Microsoft Azure cloud services. The data stores and web applications are in the “West US” location of Azure which means it is stored on US-based servers in the western geographical region. 

  • For diagnostic purposes, copies of the data might temporarily be downloaded to LeanLaw developer systems located in Boise, Idaho.

  • Client data is also temporarily located on user systems in browsers in local storage, cookies and caches.

LeanLaw does not have geographic redundancy in the production database.

Security Certifications (LCCA Standard 3)

Microsoft supports the following standards in the Azure platform:

Did this answer your question?