MinuteBox is more than
Software as a Service
MinuteBox is Security as a Service.
We create the most secure legal technology on the planet.
Legal technology deserves to be more secure. So we invented it.
At MinuteBox, our philosophy is to build tools and services that exceed industry standards and expectations. To us, security means keeping your data secure and accessible.
Not all tools are created equal.
We don’t cut corners. Some legal technology companies are okay paying lip service to security. Not us. When we talk about security, we mean much more than preventing unauthorized users from accessing your data. To us, security also means that you can access your data when and where you need it and without concern about data loss or accessibility. To us, security means ensuring the integrity of your data and information throughout the entire life cycle of our end-to-end solution.
Our Secret to Keeping Your Secrets Secure
At a Glance. Every aspect of MinuteBox begins with security in mind.
* Some security features only available with a Service Level Agreement (SLA)
- END-TO-END ENCRYPTION
- HTTPS CONTENT SECURITY POLICY
- MULTI-FACTOR AUTHENTICATION
- DMARC EMAIL VALIDATION
- DOMAINKEYS IDENTIFIED MAIL
- SOC-3 CLOUD HOSTING
- FIDO/U2F AUTHENTICATION
- BORING SSL
- QUANTUM RESISTANT CRYPTOGRAPHY
- VULNERABILITY DISCLOSURE STIPEND
End-to-End. Now for more than just encryption.
Industry leading data security begins long before we ever look at bits and bytes. We’ve created a strong foundation from the moment we first encounter your confidential data. Redundant, independant and arms-length safeguards help keep your data secure on MinuteBox.
Great policy begets great security.
Information Security Policy
Our Information Security Policy creates strong data practices & procedures.
Dedicated Security Professionals
Security professionals with clearance so advanced that we can't say any more.
Daily Third-Party Audits
Audited each day by McAfee Secure to ensure data is protected from threats.
Our service providers meet the highest security standards.
ISO 27001 &
Managing information risks and controlling cloud-based information security.
World class and highly secure data centres that can't be beat.
Public report of controls over security, availability and confidentiality.
Advanced. Independent Security Testing.
Advanced and automated penetration tests on every aspect of our system.
A Content Security Policy that leaves no HTTPS security header overlooked.
Our RSA 2048-bits SSL certificate gets an "A" from SSL Labs.
Data Storage & Encryption
Don't be fooled. Encryption in Transit and at Rest leaves your data vulnerable to exposure. MinuteBox is the only cloud-based legal technology solution to offer End-to-End encryption using elliptical curve asymmetric AES-256 bit encryption.
Zero Knowledge & Quantum Resistant
For now and forever. Our Zero Knowledge & Quantum Resistant encryption keeps your data anonymous and secure. Zero Knowledge means that neither we, nor anyone else, can ever read your data. With Quantum Resistant encryption we ensure it stays that way.
MinuteBox offers a choice of residency for all of the data we safeguard. We help you comply with local bar guidelines and keep your client information in the jurisdiction of your choice.
Encryption Key Rotation
Get out your stop watch. All of your encryption keys are rotated every second. It's your data and that's why you hold the keys, not us.
Performance at scale and in real time from thousands of virtual machines (VMs). Comprehensive Stackdriver logging to store, search, analyze, monitor and alert on log data and events.
Great security depends on great user security. At MinuteBox we employ the strongest standards for user identification and verification.
- MULTI FACTOR AUTHENTICATION
- FIDO HARDWARE KEY SUPPORT
- GRANULAR USER PERMISSIONS
Great data security necessarily requires great data integrity. At MinuteBox, we take great strides to ensure your data is not only always secure but also always available.
Fault tolerance and high availability
With guaranteed 99.9% uptime, the MinuteBox platform offers industry leading fault tolerance and the highest levels of service availability.
Information Security Policy
Our Information Security Policy ensures the security of data at every step of the process. We have detailed every aspect of how MinuteBox interacts with your sensitive data.
Automated Audit Logging.
Our advanced Audit Logging features monitor and track every change on our platform in a secure and immutable audit trail. You'll never need to wonder how that last change happened.
Accessible Data is Secure Data
There's no point in securing your data if you cannot access it. At MinuteBox, we've developed mechanisms to ensure the highest levels of data accessibility so you can work when and where you want.
Disaster Recovery Policy
When Disaster Strikes. Our comprehensive Disaster Recovery Policy ensures that MinuteBox is up, running and accessible when you need it, even when disaster strikes.
At a Glance
Key Facts & Figures
- 99.9% Service Availability
- Zero Outages in the last 12 months
- Documented Disaster Recovery Plan
- 12-hour disaster recovery time
- 24-hour disaster recovery time
Security Beyond Technology
You’re in control of your data
MinuteBox’s security goes far beyond the mere protection of your hosted data. Security is paramount from the moment we first engage with your law firm.
Process & Procedure Security
MinuteBox's processes and procedures maintain the highest levels of security when working with your firm’s information. Our process & procedure security includes scanning that is done entirely on-site with any local data stored on AES-256 encrypted hard drives. MinuteBox maintains documented process & procedure guidelines for employees working with confidential information.
You’re in Control of Your Data
You decide who has access. MinuteBox has no control or knowledge of any data you store on our platform. All data is encrypted before it ever leaves your computer and stays that way until it gets back. Our granular user permissions allow you to add and control users with limited privileges. Our advanced sharing technology lets you securely share any book, document or piece of information with selected individuals.
Every employee at MinuteBox is screened in advance of employment. Our screening process includes Certified Criminal Records Check, Employment Verification, Education Verification, and Employment Reference Verification.
Perform a Cloud Security Audit
Be confident with your cloud provider. Start your Cloud Security Audit by entering the website of your vendor below. Start with MinuteBox.com to see what the results should look like.
Look for an A+ Grade on securityheaders.comInvalid URL: Please include the domain extension
Look for an A Grade on Qualys’ ssllabs.comInvalid URL: Please include the domain extension
Look for the use of any third party tools that spy on user behaviourInvalid URL: Please include the domain extension
Questions about conducting a full Cloud Security Audit and understanding the results? Contact us today.
MinuteBox employs a Vulnerability Disclosure Program (“VDP”). VDPs are programs designed to encourage and incentivize third-parties to disclose a system vulnerability upon discovery. The program is designed to promote disclosure directly to MinuteBox instead of, or in advance of, public disclosure. Moreover, the program is designed to counter any incentive of a third party to disclose a vulnerability to a malactor.
VDPs are primarily targeted toward security researchers, not bad actors. To show our appreciation to security researchers that disclose vulnerabilities, MinuteBox operates a stipend program to researchers that responsibly disclose vulnerabilities.
If you believe you’ve discovered a bug in MinuteBox’s security, please get in touch at firstname.lastname@example.org. We will respond as quickly as possible to your report. We request that you not publicly disclose the issue until it has been addressed by MinuteBox.
MinuteBox provides a stipend for the confidential disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our users’ data (such as by bypassing our login process, injecting code into another user’s session, or instigating action on another user’s behalf).
A minimum stipend of $500 USD may be provided for the disclosure of qualifying bugs discovered. At our discretion, we may increase the stipend amount based on the creativity or severity of the bugs. If you report a vulnerability that does not qualify under the above criteria, we may still provide a minimum stipend of $100 USD if your report causes us to take specific action to improve MinuteBox’s security.
As with most security stipend programs, we ask that you use common sense when looking for security bugs. Vulnerabilities must be disclosed to us privately with reasonable time to respond, and avoid compromise of other users and accounts, or loss of funds that are not your own. We do not stipend denial of service, spam, or social engineering vulnerabilities. Although MinuteBox itself and all services offered by MinuteBox are eligible, vulnerabilities in third-party applications that use MinuteBox are not.
As with most security stipend programs, there are some restrictions:
- We will only provide a stipend to the first person to responsibly disclose a bug to us
- Any bugs that are publicly disclosed without providing us a reasonable time to respond will not be provided a stipend.
- Whether to stipend the disclosure of a bug and the amount of the stipend is entirely at our discretion, and we may cancel the program at any time
- Your testing must not violate any laws
- We can’t provide you a stipend if it would be illegal for us to do so, such as to residents of countries under current U.S. sanctions