Discovery Genie takes privacy, security, and data integrity seriously. We believe that the foundation of our business is respect for the trust our customers place in us. Our philosophy is simple: our customers are the experts when it comes to managing their own data. Our goal is to process records quickly, accurately, and with minimal expense and then return the appropriate files for our customers to control. Once we do so, we delete the files from our online platform. We believe this is the most responsible way for us to respect and preserve the confidentiality of our customers’ proprietary data.
PRIVACY AND CUSTOMER DATA
Discovery Genie stores information its customers supply during registration as well as transaction history as they use the system. Examples of such data include user names, email addresses, and phone numbers. It is our policy to collect only the information that is necessary to provide our services and to use that data only to administer our online eDiscovery platform.
Discovery Genie uses customer contact information for the purposes of providing customer support. This may include communication via email and phone intended to help our company provide the level of service, technical support, and customer care our users expect.
It is our policy not to share customer information of any kind with any third party. Discovery Genie uses customer email addresses for the purposes of informing users about useful company developments, including new feature announcements, company news, and thought leadership content of potential interest to litigation professionals. It is our policy to include a link in all marketing emails for unsubscribing from marketing communications.
Discovery Genie does not store credit card numbers or any other financially sensitive customer data on our servers. We store only the last four digits of customer credit cards in our system as a way for the user to identify payment sources in transaction history. All other customer financial information is held on secure servers by our payment processing partner.
We are committed to complying with the letter and the spirit of our regulatory obligations to manage customer data responsibly. As a Colorado-based company, we comply with HB 1128, the Colorado Consumer Privacy Protection Act. In the event of a data breach, we are committed to notifying customers in a timely manner, in accordance with the provisions of the Act.
We understand that our customers require a balance of security and usability. Discovery Genie recognizes that password management is critically important to the integrity of our systems and we view it as our responsibility to ensure an appropriate baseline of password security. We encourage users to choose strong passwords by enforcing minimum complexity requirements and implement user enumeration to protect account integrity. In addition, it is our policy not to store plain-text passwords in our system; we store only salted cryptographic hashes.
Account Permissions and Data Access
Discovery Genie’s authentication and authorization system segregates user data and ensures that each user sees only her own data. When required, the application’s permission system can be configured to allow users within the same firm to collaborate on cases. Because data sharing potentially exposes proprietary information, we take account configuration seriously and enable data sharing only at the written direction of a firm’s designated administrator. It is our policy to enable case collaboration only when customers have explicitly requested that we do so.
Session management and automatic timeout
Persistence of customer files
At Discovery Genie, we believe our customers are the best custodians of their proprietary data. We understand that our users turn to us to automate record processing and facilitate document review, not to manage their files. Discovery Genie users upload emails, attachments, and electronic documents for conversion and review. We treat this data as confidential and proprietary. We encrypt the records for storage and return processed records to the user. We want our users to understand that Discovery Genie is not a document management system and that our goal is to store customer’s data only as long as it takes to perform a privilege/substantive review. Once a job is finished, Discovery Genie makes the resulting output files available for download for a period of three days. After that, we delete the files and associated metadata from our servers. It is Discovery Genie’s policy not to persist customer data after a job has been finished.
Data retention for customer files
While it is Discovery Genie’s policy to delete emails, attachments, electronic documents, and related metadata from the system on job completion, it is important that the company retain processing statistics. It is the company’s policy to retain data that describes transactional attributes of cases and jobs managed within the system. Such data includes case and job metadata, such as bates and privilege number ranges, numbers of records processed, document disposition totals (privileged, produced, irrelevant), numbers of pages processed, processing dates, job costs, and payment method. These processing statistics do not contain any proprietary customer data and are retained to preserve customer transaction history for our users.
It is Discovery Genie’s policy to encrypt our customers’ data both in transit and at rest. Client connections support the most current version of TLS and force https connections. Files uploaded to Discovery Genie are encrypted for storage and deleted as soon as soon as final processing is complete. Discovery Genie has an A rating on the Qualys SSL Labs SSL Server Test.
Data integrity and risk mitigation
Discovery Genie is committed to proactive risk management and data integrity oversight. It is our policy to back up up our systems on a regular basis to preserve customer data and to manage the risk of service interruptions. We undertake regular reviews of our infrastructure to identify and correct security vulnerabilities, monitor activity logs, and prepare for disaster recovery.
If you have questions about our privacy and security policies or if you believe you have identified a vulnerability we need to address, we encourage you to communicate with us at firstname.lastname@example.org.