The software solution you can trust. Gavel protects your data and your clients' information with top security features and protocols.
Law firms, government organizations, and courts across the world trust Gavel with their sensitive data. As a result, we take several measures to ensure the collection, storage, and transfer of this data is secure. Each Gavel customer is set up on their own subdomain and isolated database.
We continuously monitor for potential vulnerabilities and review and update our code and systems configuration to ensure your data is always protected. Gavel also maintains high standards for code quality, mandatory code reviews, and constant internal security consultations.
Each year, Gavel works with a leading cybersecurity firm that tests the software using the most advanced techniques to ensure that Gavel's platform is secure.
All of the data you and your users collect and transmit is encrypted in transit and at-rest using industry best practices, including Transport Layer Security (TLS). Gavel requires all third party integrations (configurable by you) that receive data from Gavel to provide secure, encrypted endpoints that will receive the data.
Your data is encrypted at rest with AES-256 encryption in AWS data centers. AWS data centers are managed in accordance with SOC 1-3, PCI DSS Level 1 and ISO 9001/ISO 270001. For users who use Gavel for payment processing, our payment processing vendors are also PCI compliant.
You have full control over whether the data collected by your workflows is stored in your account. Please use the Settings tab for each of your workflows to choose whether you want to store data. If you do choose to store data, you also have full control over immediately deleting any and all data in your account.
By default, Gavel will store your data in the United States. Gavel also offers hosting options in the European Union, Canada, Australia, or any other AWS region (see here). Additional setup costs apply.
Data centers in all AWS regions securely decommission their storage devices using techniques detailed in NIST 800-88.
Gavel only uses and integrates with payment vendors who are operating in accordance with PCI legislation. Gavel does not store any payment information.
Gavel enforces physical, technical, and administrative protocols, including but not limited to two-factor authentication, background checks, regular employee security training, and secure access policies.
Gavel customers may set up two-factor authentication and/or single sign-on (SSO) with your preferred provider in order to further limit access through your organization. We also enforce strong passwords, regular password resets, and will also automatically lock your account for a period of time after too many failed login attempts.