1.Overview
Sque implements enterprise-grade security architecture protecting client information at multiple levels—firm isolation, encryption, and granular access controls.
2.Firm-Level Data Isolation
Each firm's data is completely isolated from other firms' data:
1. Separate Data Tenants
- Each firm operates in isolated tenant environment
- Firm A cannot access Firm B's data even through system error or vulnerability
- Data isolation is enforced at infrastructure level
2. Tenant-Specific Encryption Keys
- Each firm's data is encrypted with firm-specific encryption keys
- No single key enables access to multiple firms' data
- Key management is segregated by firm
3. No Data Cross-Contamination
- Firm databases are completely separate
- No shared tables or data structures
- No common data repository accessible across firms
3.Data Encryption Framework
All data is encrypted at multiple levels:
1. Encryption in Transit
- All data traveling over internet is encrypted using TLS 1.2+ encryption
- Data traveling to/from Sque mobile apps is encrypted
- Email containing Sque links or data is encrypted end-to-end
2. Encryption at Rest
- All data stored in databases is encrypted
- All documents in Briefcase are encrypted
- Encryption keys are managed separately from data
3. Key Management
- Encryption keys are stored in separate key management system
- Keys are never stored with encrypted data
- Key access is restricted to authorized personnel
4.Access Control Framework
Granular access controls restrict data visibility:
1. User Authentication
- Multi-factor authentication (MFA) available for all users
- Integration with firm identity providers (Microsoft Entra ID, Google Workspace)
- Session timeout after period of inactivity
2. Role-Based Access Control (RBAC)
- Access permissions are based on user role
- Partner role has different permissions than Associate role
- Roles are customizable per firm
3. Matter-Level Access Control
- Users have access only to matters assigned to them
- Matter team members are explicitly specified
- Non-team members cannot access matter information
4. Document-Level Access Control
- Individual documents can be restricted to specified users
- Attorney work product is restricted to attorneys only
- Client confidential documents are restricted appropriately
5.Confidentiality Classifications
Documents are classified by confidentiality level:
- Public: Accessible to all firm personnel
- Firm Confidential: Accessible to all firm personnel but not to external parties
- Attorney Work Product: Accessible only to attorneys and designated staff
- Client Confidential: Accessible to assigned team members and designated client contacts
- Privileged: Accessible only to attorneys and communication not disclosed to third parties
Frequently asked questions
Each firm operates in an isolated tenant environment with tenant-specific encryption keys. Firm databases are completely separate with no shared tables or cross-firm data access—even through system error or vulnerability.
All data is encrypted in transit using TLS 1.2+ and at rest in databases and Briefcase. Encryption keys are stored in a separate key management system, never alongside encrypted data, with access restricted to authorized personnel.
Sque meets SOC 2 Type II compliance with annual third-party audits, GDPR compliance for European firms with data residency options, HIPAA-ready architecture for health information, and security architecture supporting professional liability insurance requirements.
When conflicts are identified, conflicted attorneys are automatically prevented from accessing adverse matters. The system screens email and chat communications, removes conflicted attorneys from adverse matter distributions, and logs and reports any wall violation attempts.