Security & Compliance

Security Architecture

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Cryptographic keys are managed using industry-standard key management services with hardware security module backing.

EXOCHAIN Immutability

EXOCHAIN's architectural design provides no administrative override mechanism. Once a Decision Record achieves deterministic finality on EXOCHAIN, no party — including LegalDyne — can alter the record. This is not a policy commitment; it is an architectural constraint.

Access Controls

Role-based access controls at the organization, board, and session level. Enterprise tier includes SSO/SAML authentication. All access events are logged to the EXOCHAIN audit trail.

SOC 2

SOC 2 Type II audit in progress. Status available to prospective Enterprise clients under NDA. Contact security@legaldyne.com.

Security Headers

The decision.forum platform enforces strict Content Security Policy, X-Frame-Options, Strict-Transport-Security, X-Content-Type-Options, and Referrer-Policy headers on all responses.

Incident Response

Enterprise clients receive a dedicated incident response SLA. Security incidents are disclosed to affected clients within 72 hours of confirmed identification.

Contact

Security inquiries and vulnerability disclosures: security@legaldyne.com