Your documents. Your data. Our commitment.

Legal Redliner is built from the ground up for professionals who handle sensitive information. Here's how we protect your data.

How your data flows

Legal Redliner runs entirely in your browser as a Word add-in. Your contract text is only sent to AI providers when you explicitly click Review. We never store your documents.

Microsoft Word
Browser Add-in
Encrypted API Call
AI Provider
Suggestions
Tracked Changes

No document text is persisted at any point. Processing happens in memory and results are returned directly to your Word session.

Security at every layer

Encryption in Transit

All communications use HTTPS with TLS 1.2+. No data ever travels unencrypted.

No Document Storage

Contract text is processed in memory only. We never write your document content to disk or database.

API Key Encryption

BYOK API keys are encrypted with AES-256-GCM before storage. Keys are only decrypted for the duration of each API call.

Authentication

Firebase Authentication with Google SSO, Microsoft SSO, and email/password. Sessions are token-based with automatic refresh.

Rate Limiting

300 requests per minute globally, 20 per minute per user for AI operations. Protects against abuse without impacting normal usage.

Input Validation

All inputs sanitized and validated. API keys checked for length, control characters, and provider-specific format before acceptance.

CORS Protection

Origin allowlisting restricts API access to authorized domains only. Cross-origin requests from unauthorized sources are rejected.

Fail-Closed Design

Infrastructure errors result in denied requests (503), not silent pass-through. Your quota and access controls are always enforced.

Full control with Bring Your Own Key

Want complete control over your AI provider relationship? Use your own API key from Google Gemini, Anthropic Claude, OpenAI, or Azure OpenAI.

Your Key, Your Provider

Choose which AI provider processes your documents. Switch anytime.

Encrypted Storage

Your API key is encrypted with AES-256-GCM. Only decrypted momentarily for each request.

Unlimited Reviews

BYOK users bypass subscription limits. Review as many contracts as you need.

Privacy & compliance

  • No cookies or tracking on your documents
  • No analytics collected inside the Word add-in
  • GDPR-compliant data handling
  • Data processed in US-Central1 (Google Cloud)
Read our Privacy Policy → Read our EULA →

Security questions?

Contact our team at support@bvt.net for security inquiries, compliance documentation, or to discuss your organization's requirements.

Ready to review your first contract?

Join legal professionals who are saving hours on every contract review.

Start Free