Mylo Prime
Security & Compliance

Security your clients
can trust

Built from day one to meet the strictest security and compliance standards in the legal industry. Your data is protected at every layer.

SOC 2 Type II in progress

Pursuing independently audited controls for security, availability, and confidentiality.

Professional Responsibility

Built to support attorneys' professional-responsibility obligations — confidentiality, competence, and citation accuracy.

Privacy by Design

Your data is never used to train AI models. Firm data stays isolated per firm and is never shared with other clients.

CCPA / CPRA Rights Honored

Access, deletion, and opt-out of sale/sharing — privacy requests via [email protected].

Enterprise-grade security features

Every layer of Mylo Prime is designed to keep your firm's data safe, private, and compliant.

Encryption in Transit and at Rest

All data encrypted in transit with TLS 1.2+ and at rest with AES-256. No plaintext storage of sensitive client information.

Attorney-Client Privilege Protection

Mylo AI never trains on privileged communications. Firm data is isolated, never shared, and never used to improve models for other clients.

Role-Based Access Control

Granular permissions for partners, associates, paralegals, and staff. Control who sees what — down to individual matters and documents.

Audit Logging

Audit logging of key financial, security, and data-mutation events — so you can see who accessed, modified, or exported sensitive records, with timestamps.

US Data Hosting

Your data is hosted in US data centers on Google Cloud, with per-firm data isolation enforced at the database layer (row-level security).

Automated Backups

Automated backups with point-in-time recovery on managed Google Cloud infrastructure, so your data can be restored if something goes wrong.

SSO & MFA

SSO via Google, plus multi-factor authentication (authenticator app and SMS one-time codes). SAML on the roadmap.

Security Testing

Internal security testing today, with independent third-party penetration testing planned annually. Responsible disclosure and rapid patching for any identified issues.

Your data. Your control. Always.

We believe transparency builds trust. Review our security practices in detail or request a personalized security review for your firm.