Security

1. Introduction

At Statular, we value our customers’ trust, and the security of their data is our utmost priority. We are committed to providing a secure environment for all our operations, including data processing and software development. This security policy outlines our guiding principles, responsibilities, and the mechanisms we use to protect information and services.

2. Policy Scope

This security policy applies to all Statular employees, contractors, partners, and any entities that interact with our systems or handle our data. This policy encompasses all systems, networks, devices, data, communication, and applications owned or managed by Statular.

3. Roles and Responsibilities

Everyone at Statular has a part in maintaining security.

• Employees & Contractors: They are expected to adhere to all the security policies, protocols, and procedures in place. They must immediately report any security incidents or suspected incidents.
• Management: Management is committed to providing the resources necessary to establish a secure environment, including adequate staffing, tools, and training.

4. Information Classification and Handling

All data handled by Statular is classified into one of the following categories: public, internal, confidential, or highly sensitive. Each category requires different handling measures, with the most stringent controls applied to the highest sensitivity data.

5. Physical and Environmental Security

Physical access to our premises is strictly controlled. Only authorized personnel are allowed access. Employee devices and accounts are protected with strong encryption, multi-factor security, and/or physical security keys.

6. Access Control

Access to our systems is strictly managed and based on the principle of least privilege. Multi-factor authentication is mandatory for Statular employees. Statular users are recommended to use multi-factor authentication to secure accounts used to log in to Statular.

7. Network Security

All data exchanged between the browser and the server is encrypted while being transmitted and encrypted while saved on disk.

8. Encryption Standards

All data transmitted between your browser and Statular's servers is encrypted using TLS 1.2 or higher. All data stored in our systems is encrypted at rest using AES-256 encryption, including our PostgreSQL databases, document storage in Amazon S3, and all database backups.

9. AI Data Privacy and Subprocessors

Statular uses Artificial Intelligence (AI) services to provide features such as document review, drafting assistance, and flowchart generation. We may use OpenAI, Anthropic, or Google as subprocessors to provide these AI services.

We do not allow these subprocessors to train their AI models using your data. Statular does not train AI models using your data. Your client information is processed solely to provide the requested service and is not retained by subprocessors beyond what is necessary to complete the request.

10. Application Security

We follow secure coding practices to develop our software. All our applications undergo rigorous testing before being deployed. Regular updates and patches are applied to keep them secure.

11. Incident Management

In case of a security incident, our team is ready to identify, respond, and recover. After each incident, we conduct a thorough investigation to prevent future occurrences.

12. Business Continuity and Disaster Recovery

We have a robust disaster recovery plan (DRP) to ensure our operations can continue in case of a significant disruption. Statular performs daily backups of critical data, and we have the capacity to quickly restore our services.

13. Compliance

Statular complies with all relevant regulations and standards, uses SOC2-compliant service providers for all infrastructure, and plans to obtain a SOC2 Type II certification in 2026.

14. Policy Review and Updates

This security policy is reviewed and updated annually, or more frequently if significant changes occur in our operations or threat landscape.

15. Contact Information

For any inquiries or security concerns, please contact our security team at contact@statular.com.

16. Enforcement

Failure to comply with this security policy can lead to disciplinary action up to and including termination of employment or contracts.

This policy is effective as of December 14, 2025.

Statular reserves the right to modify or update this policy at any time. Changes will be posted on this page, and your continued use of our services after such changes have been posted will constitute your acceptance of the changes.