Security
The most secure professional
platform ever built.
Attorney-client privilege is sacred. Client financial data is irreplaceable. Marco Reid security is built to courtroom admissibility standards — not just “good enough for SaaS.”
Security architecture.
Every feature designed for the most sensitive data in the professional world.
FIPS 140-3 encryption
Federal standardAll data encrypted at rest and in transit using Federal Information Processing Standard validated cryptographic modules. The standard required by US federal courts for electronic evidence.
Immutable audit trails
Court-admissibleEvery action on the platform is logged in a cryptographically signed, append-only audit trail. No record can be modified or deleted after creation. This creates a legally defensible chain of evidence admissible in court.
Chain of custody tracking
Evidence-gradeEvery document and recording has a complete chain of custody: who created it, who accessed it, who modified it, when, and from where. If opposing counsel challenges a document, the chain of custody proves its integrity.
Tamper-evident architecture
CryptographicIf any data is modified outside the normal application flow — by a database administrator, a compromised system, or any other means — cryptographic signatures break and the system flags it immediately. Integrity is mathematically provable.
End-to-end encryption
Privilege-protectedAll attorney-client and CPA-client communications are end-to-end encrypted. Messages, documents, and files are encrypted before they leave the sender’s device and can only be decrypted by the intended recipient.
Court-admissible metadata
Rules-compliantAll documents preserve original metadata: creation date, author, modification history, device information. This metadata is itself immutable and cryptographically signed, meeting Federal Rules of Evidence requirements for ESI.
Zero-knowledge architecture
Coming soonThe ultimate security goal: even Marco Reid as a company cannot access client data. Encryption keys held exclusively by the firm. Marco Reid processes encrypted data without ever decrypting it. The gold standard for privilege protection.
Multi-factor authentication
RequiredMFA mandatory for all accounts. Time-based one-time passwords, hardware security keys, and biometric authentication supported. No account can be accessed with a password alone.
Compliance.
Built to the strictest standard. Satisfies everything else automatically.
| Standard | Status | Details |
|---|---|---|
| SOC 2 Type II | Planned | 6-month observed audit of sustained security controls |
| GDPR | Built-in | Privacy by design — right to erasure, data portability, consent management |
| NZ Privacy Act 2020 | Built-in | Full compliance with NZ privacy requirements |
| Australian Privacy Act | Built-in | Compliant with 2022 reforms and enhanced enforcement |
| CCPA | Built-in | California consumer privacy rights implemented |
| UK GDPR | Built-in | Post-Brexit UK data protection compliance |
| IOLTA compliance | In progress | 50-state trust accounting analysis with legal tech attorney |
| WCAG 2.1 AA | Built-in | Accessibility compliance across all interfaces |
Your data stays in your jurisdiction.
Each firm is assigned a data region at signup. All data is stored exclusively in that region. A US attorney’s data never touches the Sydney server. An Australian CPA’s data never touches the Virginia server.
United States
Virginia (us-east)
Australia / NZ
Sydney (ap-southeast)
United Kingdom
London (eu-west)
European Union
Frankfurt (eu-central)
Security questions?
We take security as seriously as you do. Get in touch.