Security & Compliance

Security White Papers

Ensuring the security and compliance of JR3, your trusted Microsoft Word Add-in.

General

Certifications & Compliance

ISO Compliance

Information Security and Service Management Certifications

JR3 is ISO 27001 certified, ensuring robust information security practices across all operations.

View Details

SOC2 Certification

System and Organization Controls certification

JR3 is SOC2 certified, demonstrating our commitment to security, availability, processing integrity, confidentiality, and privacy of customer data.

View Details

GDPR Compliance

General Data Protection Regulation adherence

JR3 is fully GDPR compliant, with strict data protection measures in place for all customer data.

View Details

Sub-Processors

Our Sub-Processors

Amazon Web Services (AWS)

Cloud Infrastructure and Hosting

United States

SOC2

ISO-27001

GDPR

PCI-DSS

HIPAA

View Compliance

Cloudflare

CDN and DDoS Protection

United States

SOC2

ISO-27001

GDPR

PCI-DSS

View Compliance

Stripe

Payment Processing

United States

SOC2

GDPR

PCI-DSS

View Compliance

OpenAI

Large Language Model Provider

United States

SOC2

GDPR

View Compliance

Anthropic

Large Language Model Provider

United States

SOC2

View Compliance

Google Cloud

Cloud Infrastructure and AI Services

United States

SOC2

ISO-27001

GDPR

PCI-DSS

HIPAA

View Compliance

Resources

Security Resources

Prompt Injection Protection

PDF Document

Download

Data Processing Agreement

Word Document

Download

ISO 27001 Certificate

Word Document

Request

SOC2 Type I Report

Word Document

Request

SOC2 Type II Report

Word Document

Request

Data Privacy

Zero Data Retention

Your documents are processed and returned. Nothing is stored, logged, or used for training.

No document storage

When you submit a document for review or drafting, JR3 processes it in memory and returns the result. The original document and the AI output are not stored on our servers. Period.

No model training

Your firm's documents are never used to train AI models; not ours, not our providers'. We have zero-training agreements with every model provider. Your data stays exclusively yours.

No prompt logging

We don't log your prompts, queries, or document content. Interaction metadata (timestamps, token counts) is retained for billing only. The substance of your legal work is never stored.

Infrastructure

Private Hosting Available

For firms that need complete control, JR3 can run entirely within your own cloud environment.

Your cloud, your rules

Deploy JR3 on your firm's AWS, Azure, or GCP account. All data processing happens within your network perimeter. Nothing leaves your environment.

Air-gapped option

For firms handling classified or highly sensitive matters, JR3 supports fully air-gapped deployment. No internet connection required for core operations.

Same features, private infra

Private hosting gives you the same AI capabilities, dynamic training, templates, and integrations as the hosted version. No feature compromises for choosing security.