Client Data Summary – InterActive LegalSuite™ Online
Updated January 24, 2023
This document summarizes the processing and storage of client data in the online version of InterActive LegalSuite (the “Online System”), published by ILS Management, LLC. For purposes of this summary, “client data” refers to all data entered or imported into the Online System by a licensed user after accessing the Online System with such user’s login credentials, or by a client of such user via the client intake form function available in the Online System. “Client data” includes all information in text, date, or number fields, such as names, birthdates, and addresses, and all selections in response to prompts presented within the Online System or the client intake form.
ILS stores client data entered into the System in a database hosted by AWS. Read more about AWS security for RDS (Relational Database Service) here: https://aws.amazon.com/rds/features/security/
All client data is encrypted in transit and at rest. Database encryption keys are managed by AWS, and client data is further encrypted within the database by a proprietary encryption algorithm. ILS employees and contractors do not have access to unencrypted client data unless it is affirmatively shared by a User for troubleshooting or support purposes. Client data that is stored in the ILS database is only used for the purpose of providing Services to Users and in deriving deidentified aggregate Resultant Data as expressed in the InterActive Legal Subscription Agreement Terms and Conditions (in which the terms “Services” and “Resultant Data” are defined). Client data can be deleted from the System by users
once it is no longer needed. Deleted client data is deleted from the primary database but is stored in backups as described below.
The ILS database is hosted in what AWS calls “Multi-AZ”, meaning there is a redundant database that also stores the client data, should the primary database fail. Should both instances fail, or the data in the database become corrupted, ILS would resort to restoring data using daily backups. In this event, we would notify all Users of the exact point in time the database was restored.
Daily backups are stored in AWS as “snapshots” of the database instance, and are encrypted at the same level as the client data database. Client data is stored in daily backups for 30 days. The backup data is intended only for disaster recovery and cannot be used to restore individual client data.