Pharos ← Back to home

Security & Data Protection

Last updated: June 2026

Pharos is built to hold sensitive, privileged client information for law firms. Protecting that data is foundational to the product. This page describes the measures we take. It is a plain-English summary, not a contract; the Terms of Service and Privacy Policy govern your use of the Service.

1. Tenant isolation

Pharos is multi-tenant: each firm's data is logically isolated and scoped to that firm. Requests are authenticated and authorized to a single firm, and one firm cannot view, search, or open another firm's clients, documents, or records. Research content a firm marks private is restricted to that firm.

2. Encryption in transit

All connections to Pharos are served exclusively over HTTPS (TLS), with HTTP Strict Transport Security enabled. Traffic between your browser and the Service is encrypted.

3. Authentication & access control

4. Audit logging

Security-relevant events — including login success and failure, two-factor events, and key document and template actions — are recorded in an audit log to support accountability and investigation.

5. Hosting & infrastructure

Pharos runs on reputable cloud infrastructure in the United States. The application server is firewalled, kept patched, and administered over key-based SSH only. File storage and backups are kept in private (non-public) storage.

6. Backups & availability

We maintain regular backups of application data so that information can be restored in the event of a failure. Backups are stored privately and are not publicly accessible.

7. Confidentiality & the attorney-client relationship

You own your data. Pharos acts as a processor of the information your firm puts into the Service and uses it to provide the Service to you — not to sell or to train third-party advertising models. Our AI features are designed to be grounded: they answer from a corpus of verified, public legal authority and do not require your confidential matter content to be sent to third parties for model training. You remain responsible for your own professional and ethical obligations, including supervising the work product the Service helps you produce.

8. Sub-processors

We use a small number of vetted service providers (for example, cloud hosting, email delivery, and payment processing) to operate the Service. These providers process data only as needed to perform their function. Payment-card data is handled by our PCI-compliant payment processor and is not stored on Pharos servers.

9. Your responsibilities

Security is shared. Please use a strong, unique password, enable two-factor authentication, keep your login credentials private, manage who in your firm has access, and notify us promptly of any suspected unauthorized access.

10. Incident response

If we become aware of a security incident affecting your data, we will investigate, take steps to contain and remediate it, and notify affected firms consistent with applicable law.

11. Data ownership, export & deletion

Your firm's data belongs to your firm. You may request an export of your data, and you may request deletion of your account and associated data, subject to limited retention required by law or for legitimate business records. See the Privacy Policy for details.

12. A note on assurances

Pharos is an actively developed product from a small company. We are transparent about what we do today and are continually improving our security posture. If your firm has specific diligence requirements or needs a data-processing addendum, contact us — we're happy to work with you.

13. Contact

Security questions or to report a concern: Pharos Legal Software LLC, Round Rock, Texas 78664. Email: hello@pharos.legal.

© 2026 Pharos Legal Software LLC. All rights reserved.