Law Firm Data Security

Serious about security

InTouch uses proven practices, technologies and policies to help keep your (and your clients’) data safe.

As a SaaS platform, we handle updates, maintenance and monitoring so your data stays protected with minimal effort from your team. We continually review and improve our procedures and infrastructure to stay aligned with industry expectations.

InTouch Security Highlights:

Hosted on Microsoft Azure with regional redundancy (UK/Channel Islands and Australia).

Encryption in transit (HTTPS) and at rest (Transparent Data Encryption).

Independent penetration testing and continuous hardening.

Granular user permissions, 2FA and new‑device alerts.

Cloudflare edge protection to help block threats before they reach our app.

Talk to us

Secure by design

Compliance Controls

You control what users can do in the system. InTouch supports granular permissions, for example, restricting certain tasks to supervisors or allowing only accounts staff to raise invoices. Administrators can deactivate/reactivate user access when needed.

Cloudflare

We use Cloudflare’s network of over 2 million websites to help identify and block threats. When a malicious source is detected on one site, that origin can be blocked across the network, sharing intelligence that helps stop many attacks before they start.

2FA

If you enable two‑factor authentication (2FA), users sign in with a password and a code sent to their registered mobile device. This requires the correct username and password plus possession of that device.

Independent penetration testing

We test before attackers do. InTouch undergoes regular testing by an independent security company that continuously assesses the platform for vulnerabilities. Issues are triaged and remediated promptly to help keep your data secure.

New device alerts

When a new device signs in to InTouch for the first time, we send an email notification to the linked account with approximate location and device details. This helps you quickly identify and respond to any unexpected access.

Built on Microsoft Azure for resilience and continuity

InTouch is hosted on Microsoft Azure cloud servers. This brings strong controls for information security, disaster recovery and business continuity.

    • We use Microsoft’s latest geo‑redundant backup methods. At any time, two separate instances that include all data and code are maintained.

    • These are spread across two sites in the UK for the UK and Channel Islands, and two in Australia. If one site goes down, we can restore service with minimal disruption.

    • In a major regional outage (e.g., power failure or natural disaster), we can recover from a geo‑redundant store up to one hour old in a different Microsoft data centre—supporting strong business continuity.We use Microsoft’s latest geo‑redundant backup methods. At any time, two separate instances that include all data and code are maintained.

    • These are spread across two sites in the UK for the UK and Channel Islands, and two in Australia. If one site goes down, we can restore service with minimal disruption.

    • In a major regional outage (e.g., power failure or natural disaster), we can recover from a geo‑redundant store up to one hour old in a different Microsoft data centre—supporting strong business continuity.

  • Microsoft Azure data centres comply with the ISO 27001 standard for information security management, covering people, processes and IT systems. Azure holds a wide range of additional certifications (see Microsoft Trust Center). Access to servers is limited to authorised personnel.

    Note: These certifications apply to Microsoft’s data centres. InTouch inherits the benefits of those controls as a customer of Azure.

    • All communication with InTouch uses HTTPS for every service (including our public website), helping protect against man‑in‑the‑middle attacks and eavesdropping.

    • We regularly audit the certificates we serve, the certificate authorities we use and the ciphers we support. You can verify the connection via the padlock icon in your browser.

    • We use Transparent Data Encryption (TDE) so databases, backups and log files are encrypted in real time using symmetric keys. Even if a third party were to gain physical access to underlying storage, the data would remain unreadable.

Book a demo

Trusted by firms such as