FLAST-AI SERVER FOR LAW FIRMS Security Policy
This Security Policy governs the processing of data provided by a FLAST client in connection with their FLAST Supply and Support Terms and Conditions (βAgreementβ) or through the use of the FLAST services or websites. By using our software, services, or website, or by signing an Agreement with FLAST, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our services or websites.
FLAST-AI SERVER FOR LAW FIRMS Data on FLAST-AI SERVER FOR LAW FIRMS
As a cloud solution, the software and all client data are stored on FLAST Servers, built on the Amazon Web Services (AWS) platform.
AWS is a leading cloud services platform, providing database storage, content delivery, and a range of other functions. It is one of the largest and most successful cloud platform providers globally.
AWS prioritizes security, offering a data center and network architecture designed to meet the requirements of the most security-sensitive organizations such as NASA, Johnson & Johnson, Moderna, Nasdaq, and Dow Jones. AWS continually enhances its core security services, including identity and access management, logging and monitoring, encryption and key management, network segmentation, and Denial of Service (DDoS) protection.
FLAST-AI SERVER FOR LAW FIRMS stores data from Australia and New Zealand in Sydney or Melbourne data centres. FLAST-AI SERVER FOR LAW FIRMS actively leverages AWS's suite of services, adhering to Information Security industry best practices.
For more details on AWS security, refer to the AWS Security & Compliance Quick Reference Guide (2018).
Data Breach Notification
FLAST-AI SERVER FOR LAW FIRMS will notify the client without undue delay and in writing upon becoming aware of any Data Breach concerning our clientβs data.
If a vulnerability is identified or data is found to be publicly accessible outside of the FLAST-AI SERVER FOR LAW FIRMS, please contact FLAST immediately via email.
SOC 2 Compliance
FLAST-AI SERVER FOR LAW FIRMS uses AWS servers, which have achieved SOC 2 Type 1 certification. AWS provides SOC 2 reports that demonstrate how they achieve key compliance controls and objectives. These reports are available from AWS through AWS Artifact.
SOC 2 requires companies to establish and follow stringent information security policies and procedures, covering the security, availability, and confidentiality of customer data.
Our dedication to the security and confidentiality of our users' data has always been a top priority. This rigorous, independent assessment of our internal security controls validates our commitment to maintaining the highest standards for security and confidentiality to protect our users' data.
Data Encryption | FLAST Applications
Each FLAST application is accessed via HTTPS using Transport Layer Security (TLS).
Once client data reaches the FLAST cloud infrastructure, all information is encrypted at rest using AES-256 encryption.
Service Availability | Multiple AWS Datacentres
FLAST is designed to be a highly available, active-active solution. FLAST services are distributed across multiple AWS data centers within the AWS region. In the event of one data center going offline due to a disaster scenario, the second data center continues to serve data with minimal, if any, service interruption. FLAST is not responsible for any delays resulting from AWS server availability. Real-time availability status can be found here.
API Security
FLAST implements robust security measures to continuously monitor and protect all APIs (Application Programming Interface) to prevent unauthorized and abusive access. This protects against malicious activities such as account takeovers, credential stuffing, content scraping, and denial-of-service attacks.
The FLAST-AI SERVER FOR LAW FIRMS server integrations provide secure access to FLAST APIs and are the only authorized access methods.
Backup Policy | Frequency
FLAST-AI SERVER FOR LAW FIRMS servers are backed up multiple times daily, weekly, and monthly.
System Monitoring | 24/7
FLAST-AI SERVER FOR LAW FIRMS is monitored 24 hours a day, 7 days a week, 365 days a year.
Authorization
If you provide FLAST-AI SERVER FOR LAW FIRMS with any personal or sensitive data relating to other individuals, either directly, through our websites, through our software, or otherwise, you represent that you have the authority to do so and permit us to use, access, or host that data.
Account Access
To protect you and your information, FLAST-AI SERVER FOR LAW FIRMS may suspend your use of any FLAST service, without notice, pending an investigation if any breach of security is suspected. Access to and use of password-protected and/or secure areas without authorized access is prohibited and may lead to criminal prosecution. If you believe that your interaction with us is no longer secure (for example, if you suspect that the security of any account you have with us has been compromised), please immediately notify us of the problem by contacting us at admin@flast.com.au.
We may use your information as we believe necessary or appropriate:
- Under applicable law, including laws outside your country of residence;
- To comply with legal processes;
- To respond to requests from public and government authorities, including public and government authorities outside your country of residence;
- To liaise with service providers that act for us or provide services for us, such as for marketing or for the processing of payments, ensuring their use of Personal Information is subject to our agreements with them and any applicable laws;
- To enforce our terms and conditions;
- To protect our operations or those of any of our affiliates;
- To protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others;
- To allow us to pursue available remedies or limit the damages we may sustain.
FLAST-AI SERVER FOR LAW FIRMS employs industry-standard security measures to ensure the security of information. However, the security of information transmitted through the Internet can never be guaranteed. FLAST-AI SERVER FOR LAW FIRMS is not responsible for any interception or interruption of any communications through the Internet or for changes to or losses of information. Site users are responsible for maintaining the security of any password, user ID, or other form of authentication involved in obtaining access to password-protected or secure areas of any FLAST-AI SERVER FOR LAW FIRMS websites.
