Security at Matter Vault.

Matter Vault is built for law firms handling sensitive client data. Security is a core requirement, not an afterthought.

All data transmitted between your browser and Matter Vault is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted by our infrastructure providers.

Matter Vault uses Supabase for authentication. Firm staff log in via email/password or Google Workspace SSO. Client portal access uses time-limited magic links — no passwords required for clients.

Matter documents are stored in your firm's Google Drive account, not on Matter Vault's servers. Your firm controls access to those files directly through Google. Matter Vault stores only document metadata (file name, size, upload date, custody events) in our database.

Every document action in Matter Vault — upload, review, production, deletion — is recorded in an append-only custody log with SHA-256 hash verification. These logs cannot be modified or deleted, even by Matter Vault staff.

Matter Vault uses the following infrastructure providers, each with their own security certifications:

• Supabase — database and authentication (SOC 2 Type II)
• Vercel — application hosting (SOC 2 Type II)
• Google — Drive storage (ISO 27001, SOC 2 Type II)
• Resend — transactional email
• Sentry — error monitoring

If you discover a security vulnerability in Matter Vault, please report it responsibly to legal@matter-vault.com. Do not disclose vulnerabilities publicly before we have had a chance to address them.

legal@matter-vault.com