LegisDex handles contract chat, compliance review, tracker workspaces, billing, and public sharing. This Trust Center describes the controls currently visible in the product and codebase, including authenticated workspaces, encrypted sensitive storage, hashed bearer tokens, and reviewable compliance output.
A practical view of the safeguards around contract questions, compliance uploads, tracker data, billing, account settings, and shared pages.
Chat, compliance, tracker, billing, and account settings sit behind sign-in. Public pages are limited to marketing, legal, support, and deliberately shared read-only chat views.
Contract chat stores conversations as ordered message parts and uses retrieval-backed context for FIDIC and contract questions. Where relevant, responses can include source-document references surfaced by the chat tools.
Compliance runs store the contract source label, score, pass/fail/review counts, rule totals, and structured evaluation output so users can inspect why a review needs attention.
Selected sensitive fields are encrypted at rest with AES-256-GCM, including persisted chat content, compliance uploads and analysis data, two-factor secrets, and OAuth provider tokens.
New email verification, password reset, and shared-chat link tokens are stored as keyed hashes rather than reusable plaintext token values.
Shared chat links open in a read-only public view, can expire, can be revoked from account settings, and are marked noindex.
The app is built around four active work areas: chat, compliance, tracker operations, and account controls. Each area has explicit ownership checks and server-side routes behind the interface.
Authenticated users can ask contract questions, persist chat history, rate assistant messages, attach file context, and create controlled public share links when sharing is enabled.
Users can upload supported contract files, manage playbooks and rules, run compliance evaluations, and review structured pass, fail, and review outcomes.
Tracker routes support project records, contract packages, purchase orders, service orders, work orders, milestones, areas of concern, and tracker-specific chat.
Account settings expose profile, model preference, security, billing, notification, sharing, retention, export, and account deletion controls.
Controls implemented around authentication, API routes, uploads, model access, billing events, and stored sensitive fields.
LegisDex supports credentials and Google OAuth. Passwords are hashed, two-factor secrets are encrypted, and Google sign-in is blocked for accounts with two-factor enabled.
Sensitive API routes use same-origin checks, upload validation, rate limits, ownership checks, and account-scoped queries before changing or returning user data.
Compliance uploads are limited by file type and size. Supported upload types include PDF, TXT, HTML, HTM, and RTF, with a 6 MB limit before analysis.
Model availability is checked in application logic, not only in the interface, so free and paid model access is enforced server-side.
Stripe checkout, portal, and webhook flows live behind server routes, and billing events are processed only after Stripe webhook signature verification succeeds.
Selected sensitive fields are encrypted at rest with AES-256-GCM, including persisted chat content, compliance uploads and analysis data, two-factor secrets, and OAuth provider tokens.
For contract software, precision matters. These boundaries keep the public trust language aligned with what the application does today.
LegisDex is built to help with contract interpretation, drafting, compliance review, and tracker workflows. It does not replace professional legal, commercial, or technical judgment.
This public page describes controls visible in the product and codebase. It does not claim SOC 2, ISO 27001, HIPAA, or other external certification unless that certification is separately published.
LegisDex encrypts selected sensitive stored fields at rest, but the server must decrypt relevant data to provide chat, compliance, sharing, and export features.
Anyone with an active shared-chat URL can view that read-only shared page until the link expires or is revoked.
References available for baseline diligence, privacy review, product questions, billing questions, and operational follow-up.
If you need more context on product behavior or public documentation, use the support form or email the LegisDex team directly.