Security Policy
Effective Date: December 17, 2025 Last Updated: December 30, 2025
This Security Policy describes the administrative, technical, and organizational measures Nationwide Legal, LLC (“Nationwide Legal,” “we,” “us,” or “our”) uses to protect information processed in connection with our litigation support and related administrative services.
This Security Policy should be read together with our Terms of Service, Privacy Policy, and Data Deletion Policy, which collectively govern information handling, security, and retention practices.
Our Commitment
Nationwide Legal is committed to protecting the security, confidentiality, and integrity of information entrusted to us by our clients. We implement commercially reasonable and industry-accepted security practices designed to safeguard data against unauthorized access, disclosure, alteration, or loss.
Security Practices
We maintain a defense-in-depth security posture across our applications, infrastructure, and operations. Our controls are designed to reduce risk and support the confidentiality, integrity, and availability of customer data.
Data Protection
-
- Data transmissions are encrypted using industry-accepted protocols such as Transport Layer Security (TLS).
- Sensitive data is protected in transit and at rest where appropriate, using encryption and other protective measures.
- Access to data is governed by the principle of least privilege.
- We follow data minimization practices and limit data collection, processing, and retention to what is reasonably necessary to provide services.
Access Controls
-
- Access to systems and data is limited to authorized personnel based on role and responsibility.
- Authentication and access control mechanisms are implemented to protect systems and data.
- Administrative access is subject to enhanced security controls.
- User sessions are managed using security controls appropriate to the risk profile of the system.
Infrastructure Security
-
- Our services are hosted with reputable cloud infrastructure providers that maintain recognized security standards.
- Network-level controls are used to protect against unauthorized access and misuse.
- Systems are monitored for security events, anomalies, and operational reliability.
- Encrypted backups and recovery mechanisms are maintained to support data availability and business continuity.
Application Security
-
- Applications are developed using secure coding practices appropriate to their function and risk profile.
- Controls are implemented to address common classes of web application vulnerabilities, such as access control issues and abuse prevention.
- Security considerations are integrated into the software development lifecycle.
- Updates and patches are applied as reasonably necessary to address identified security issues.
Vendor Management
-
- Third-party service providers are evaluated based on the nature of the services they provide and the data they may access.
- Vendors that handle sensitive data are required to maintain appropriate contractual security and confidentiality obligations.
- Nationwide Legal maintains reasonable oversight of vendor security practices consistent with risk and operational requirements.
Vulnerability Reporting
If you believe you have identified a potential security vulnerability affecting Nationwide Legal systems, please report it responsibly by contacting:
Email: security@nationwidelegal.com
Please include, where possible:
-
- A description of the issue
- Steps to reproduce the issue (if applicable)
- Contact information for follow-up
Please do not include sensitive personal data in vulnerability reports beyond what is necessary to describe the issue. Nationwide Legal appreciates responsible disclosure and will acknowledge reports in a timely manner.
Vulnerability and Patch Management
Nationwide Legal maintains a vulnerability management process designed to identify, assess, prioritize, and remediate security issues. Remediation prioritization considers factors such as severity, exploitability, and exposure.
Target response timeframes include:
-
- Acknowledgement: We aim to acknowledge reported vulnerabilities within two (2) business days.
- Remediation targets:
- High severity: targeted remediation within approximately seven (7) days
- Medium severity: targeted remediation within approximately thirty (30) days
- Low severity: targeted remediation within approximately ninety (90) days
These timeframes are targets and may vary based on complexity, operational constraints, or third-party dependencies.
Incident Response
Nationwide Legal maintains incident response procedures designed to detect, investigate, contain, and remediate security incidents.
In the event of a confirmed security incident affecting customer data:
-
- We investigate and contain the incident as promptly as reasonably practicable.
- Notifications are provided to affected parties as required by applicable law and contractual obligations.
- Reasonable steps are taken to mitigate impact and reduce the likelihood of recurrence.
Target response activities include:
-
- Initial triage: Initiated promptly upon detection or confirmation of a potential incident.
- External reports: Reports submitted to security@nationwidelegal.com are typically acknowledged within two (2) business days.
- Notifications: Provided without undue delay where legally required.
Business Continuity
Nationwide Legal maintains backup and recovery capabilities designed to support service resiliency and restore critical functions following system failures or operational disruptions.
Compliance
Our security program is designed to support compliance with applicable laws and data protection requirements. Security practices are periodically reviewed and updated to address evolving risks, operational changes, and regulatory considerations.
Questions
For questions regarding this Security Policy or our security practices, please contact:
Nationwide Legal, LLC 1609 James M Wood Blvd Los Angeles, CA 90015
Email: security@nationwidelegal.com Phone: (213) 249-9999