How we protect your data

B-Legal takes the security of your legal information seriously. This page describes our current security posture and practices.

HTTPS everywhere

All data transmitted between your browser and B-Legal is encrypted using TLS. HTTP connections are automatically redirected to HTTPS.

No public exposure of private documents

B-Legal does not publicly index or expose personal legal documents. FOIL letters and saved documents are private to the account that created them.

Security headers

This site sets the following security headers on all responses:

• X-Frame-Options: DENY — prevents clickjacking
• X-Content-Type-Options: nosniff — prevents MIME-type sniffing
• Referrer-Policy: strict-origin-when-cross-origin

Responsible disclosure

Found a security issue? Email security@blegalapp.com with a description. We will acknowledge within 48 hours and aim to resolve confirmed issues promptly.

Account security (coming soon)

Authenticated account features including document storage are in development. When launched, accounts will use industry-standard authentication practices.