Security & Encryption

Industry-leading security, compliance, and privacy standards

SOC 2 Type II Compliant

Encryption in transit and at rest

Zero data retention (ZDR) from AI providers

Join 3,000 firms worldwide using the most popular AI copilot for transactional lawyers:

Trust and security

At Spellbook, we know that privacy and security are our customers’ top priorities. So they are ours too. Spellbook is designed to deliver all the benefits of AI to law firms and in-house teams, with none of the downsides of AI applications designed for consumers. We have Zero Data Retention arrangements with our best-in-class AI infrastructure providers, both to ensure that your data stays private and isn’t used for training. We are compliant with major international regulations such as SOC 2 (Type II), GDPR and CCPA. We take a “defense in depth” approach to security, implementing numerous best-in-class, redundant security controls. Please view our Trust Portal for more information.

What data is retained by third party Large Language Models (LLMs)?

Spellbook has negotiated agreements with both OpenAI and Anthropic for zero data retention (ZDR). This means customer data included in requests and responses with these LLMs is not persisted and exist only in memory in order to process a request.

Do you support Single Sign-On (SSO)?

Spellbook is provided as a Microsoft Word add-in and uses Microsoft accounts for SSO. This allows companies to enforce authentication controls, such as multi-factor authentication (MFA), within their Microsoft Entra tenant.

More information on how SSO works can be found here.

What encryption methods does Spellbook use?

Spellbook ensures the security of your data by implementing robust encryption protocols for data both in transit and at rest. Spellbook employs industry-standard practices to protect user information.

What cloud providers are used by Spellbook?

Spellbook uses Amazon Web Services (AWS) as the primary cloud provider. Other third party services are used that may store or process customer information. A complete list of third party providers can be found on the subprocessors page in our trust centre here.

Where is customer data stored and processed?

Spellbook uses cloud providers with data centers in Canada and US for storing and processing customer data. A full list of subprocessors can be found in our trust centre here.

Compliant Internationally

We serve law firms in over 80 countries. We comply with GDPR, CCPA, PIPEDA and numerous other privacy regulations.

Still have questions?
View Trust Portal

Start your 7-day free trial

Join 3000+ legal teams using Spellbook

Please enter your work email address (not gmail, yahoo, etc.)
*Required

Thank you for your interest! Our team will reach out to further understand your use case.

Oops! Something went wrong while submitting the form.

Spellbook is the most complete legal AI suite for commercial lawyers, trusted by more than 3,000 law firms and in-house teams worldwide.

Follow us for latest in legal AI

SOC 2 Type II Compliant

© 2025 Spellbook

Join over 3,000 legal teams using Spellbook

Please enter your work email address (not gmail, yahoo, etc.)
*Required
Close modal

Thank you for your interest! Our team will reach out to further understand your use case.

Oops! Something went wrong while submitting the form.