Divorcepath is the only Canadian family law platform with an independent SOC 2 Type 1 examination. Client matter data is protected by audited security controls and stored and processed in Canada.
Independently examined by MHM CPA
Client files, documents, calculations, and generated forms stay in Canadian infrastructure
Data encrypted in transit (TLS 1.2+) and at rest
Divorcepath completed a SOC 2 Type 1 examination conducted by MHM CPA, covering the Trust Services Criteria for Security and Privacy.
This means an independent auditor has verified that our security and privacy controls are properly designed and implemented — not a self-assessment, but a formal third-party examination.
We are actively pursuing SOC 2 Type 2, which will demonstrate these controls operate effectively over a continuous monitoring period.
The full SOC 2 report is available under NDA for firms evaluating the platform. Request a copy →
Six layers of security designed for the sensitivity of family law.
Client matter data, uploaded financial documents, calculations, and generated forms are stored and processed in Canadian datacentres.
TLS 1.2+ encrypts all data in transit. AES-256 encryption protects data at rest. Database-level and storage-level encryption applied to all client information.
Role-based permissions restrict data access within organizations. Multi-factor authentication available for all accounts. Full session logging and activity tracking.
Hosted in SOC 2 and ISO 27001 audited datacentres. Regular penetration testing performed. Automated vulnerability scanning. Redundant encrypted backups.
PIPEDA-compliant data handling. No employee accesses client data without authorization and a legitimate business need. All staff sign NDAs covering client confidentiality. Clear retention and deletion policies.
Financial documents are processed in encrypted Canadian environments. AI extraction for client matter data runs in Canadian infrastructure. The document editor processes data client-side in WebAssembly — your data never leaves the browser during editing.
Lawyers have professional obligations around client confidentiality and technology competence. Divorcepath is purpose-built to support those obligations — not create risk.
Common questions about security, privacy, and data handling.
Client matter data is stored and processed in Canadian datacentres. This includes uploaded financial documents, client file information, calculations, and generated court forms. We also use certain trusted providers for website analytics, billing, and support communications, which may process limited account or usage data outside Canada.
SOC 2 Type 1 is a formal examination conducted by an independent auditor — in our case, MHM CPA. The auditor verified that our security and privacy controls are properly designed and implemented as of the audit date. This is not a self-assessment. We are actively pursuing SOC 2 Type 2, which demonstrates that controls operate effectively over a continuous monitoring period.
Yes. The full SOC 2 Type 1 report is available under NDA for firms evaluating the platform. Contact us or talk to sales to request a copy.
Yes. Divorcepath maintains PIPEDA-compliant data handling practices including: meaningful consent for data collection, data minimization, access rights for individuals, breach notification procedures, and clear retention and deletion policies. We also design for provincial privacy legislation including Alberta PIPA, Quebec Law 25, and BC PIPA.
AI extraction for client matter data runs within Canadian infrastructure. When you upload a financial document (T4, NOA, pay stub, bank statement), it is processed in an encrypted Canadian environment. Extracted data is stored in your client file and protected by the same AES-256 encryption and access controls as all other client matter data.
Yes. We use trusted providers for certain website analytics, billing, and support workflows, and those providers may process limited account or usage data outside Canada. Our core client matter data handling is separate: client files, uploaded financial documents, calculations, generated forms, and document extraction workflows remain in Canadian infrastructure.
Yes. TOTP-based multi-factor authentication is available for all accounts and is strongly recommended for anyone managing client data. Recovery codes are provided for access recovery. Learn how to set up MFA →
You can export your data at any time. After cancellation, your data is retained for a limited period to allow for reactivation, after which it is permanently deleted. You can also request immediate deletion by contacting us at [email protected].
No. Divorcepath maintains a formal internal data access policy: no employee may access client data stored on the platform without explicit authorization and a legitimate business need (such as responding to a support request you initiated). All employees sign confidentiality agreements covering client data. Personal information is used solely to provide the service — no secondary uses without your consent. These controls are covered by our SOC 2 examination.
No. Client data is isolated to your account. Opposing counsel cannot see your files unless you explicitly share specific documents through the financial disclosure feature, which provides granular sharing controls. There is no cross-account data access.
Talk to sales about rollout planning, request security materials, or explore enterprise deployment requirements with us.
SOC 2 report under NDA · client matter data in Canada · rollout support available
