Security Whitepaper
Last Updated: June 29, 2026
Reede is a service of Reede Systems Inc.("Reede", "we", "us", or "our"). This document describes how Reede protects the personal information and confidential content handled on behalf of the paralegals and lawyers who use the service. It is intentionally short and direct. Where firms need more detail (for example, before signing a Data Processing Agreement), Reede provides supplementary documentation on request.
Why this document exists
Reede is used by paralegals and lawyers to run legal matters and to maintain ongoing client and entity records. The contents handled by the service — uploaded documents and files, matter and entity records, generated documents, and document-signing audit information — are often subject to solicitor-client privilege and contain personal information about clients and the other parties to a matter.
Summary
| Question | Answer |
|---|---|
| Where is data stored? | With a small set of vetted providers — see “Where data lives” below and the Subprocessor List. |
| Is it encrypted? | Yes — TLS 1.2+ in transit, AES-256 at rest |
| Who has access? | Your firm. Within a firm, only the firm's members; across firms, content is isolated. Internal access is limited and audited. |
| Is content used to train AI? | No. Reede's AI provider is contractually prohibited from training on customer content. |
| How long are uploads kept? | Source files from a one-time review are deleted within 24 hours; documents you save to an entity or matter are kept until you delete them. See “Retention” below. |
| Are third-party providers disclosed? | Yes. See Third-party service providers in the Privacy Policy. |
| Can my firm sign a DPA? | Yes, on request. |
Architecture
Reede runs on a small set of vetted infrastructure providers (listed below and in the Subprocessor List). Customer data the service directly controls — accounts, uploaded files, generated documents, records, and audit logs — is held with those providers and encrypted at rest. AI processing is handled by Anthropic and is governed by Anthropic's Commercial Terms (which prohibit training on customer content).
We do not guarantee that data is stored in any particular country or region. Where each provider stores and processes data reflects our current configuration and may change as our infrastructure evolves; the authoritative, current view is the data-location table below and the Subprocessor List.
Data flow
The flow below describes a one-time document review (for example, a minute book review). When you save a matter or entity, its records and the documents Reede generates are retained in your account until you delete them — see Retention.
- The file is uploaded over TLS directly to file storage (Supabase).
- Reede's server reads the file, validates it (size limits, file-type verification by inspecting the file's actual contents, not just its extension), and creates a database record.
- The file content is sent to Anthropic for analysis. Anthropic is contractually prohibited from using the content to train models.
- The structured report is returned and stored with our database/storage provider.
- The source PDF is deleted from storage shortly after the report is saved, in any case within 24 hours.
- The action is recorded in an audit log.
Where data lives
Reede uses the providers below. Regions reflect the current configuration and may change; they are not a residency guarantee.
| Provider | Role | Region(s) |
|---|---|---|
| Supabase | Database, file storage, authentication | Canada (Montreal, ca-central-1) |
| AWS SES | Transactional email | Canada (Montreal, ca-central-1) |
| Vercel | Application hosting, server logs | United States, with global edge |
| Anthropic | AI processing (never used for training; retained up to 30 days for trust & safety, then deleted) | United States |
| Stripe | Payments | United States / Canada |
Personal information processed in the United States (Anthropic, Vercel, and part of Stripe's processing) may be accessed by US courts, law enforcement, and national-security authorities under the laws of that country. Reede limits this exposure by contract — Anthropic's Data Processing Addendum incorporates the EU Standard Contractual Clauses — and by keeping its primary datastore (accounts, documents, records, and audit logs) with providers in Canada.
Document signing — tamper evidence
- At document generation, Reede computes a SHA-256 hash of the unsigned PDF and stores it alongside the file.
- Before signing, Reede re-fetches the unsigned PDF and recomputes its SHA-256. If the recomputed hash does not match the stored hash, the signing operation is aborted.
- The signing event records the SHA-256 of the signed PDF as well, so future audits can verify the exact bytes the signer attested to.
- In the per-document sign-off flow, one signature per document is enforced at the database level. Matter signing for annual and transaction packages records each required signer's signature as a separate attested execution.
For signing by someone outside your firm, access to the document is controlled by a one-time tokenized URL. The token is a 32-byte random value, is single-use (consumed the moment the signing event is recorded), and expires after a fixed window — 14 days for a per-document sign-off link, and 60 days for a client-signing link on an annual or transaction matter.
Encryption
- In transit: TLS 1.2 or higher.
- At rest: AES-256, performed by Reede's hosting providers as part of their standard security posture.
Access controls
- User authentication: account access requires email verification and a password. Passwords are stored only as one-way hashes.
- Two-factor authentication (2FA): available on every account (authenticator app), with recovery codes for backup access.
- Data isolation: every record belongs to a firm or to the account that created it. Within a firm, only the firm's members can access the firm's entities, matters, and documents; across firms, content is isolated. Access checks are enforced on every request, with row-level security enabled at the database engine as an additional layer beneath them.
- No internal "god mode": Reede personnel cannot read user reports without explicit user request, and any such access is logged.
- Service provider access: service providers handle data only to the extent needed for their function and under contractual confidentiality obligations.
Server-side validation
Files uploaded to Reede are validated on Reede's server before any processing or database recording happens:
- The file's actual contents are inspected to confirm it is a PDF (not just the extension or browser-reported MIME type).
- A maximum size is enforced server-side.
- The file is associated with the authenticated uploader; another user cannot claim ownership of an upload they did not make.
- A unique constraint prevents duplicate registrations of the same uploaded file.
Audit logging
Significant actions on user accounts are recorded to an append-only audit log. Each entry captures the user ID, action type, timestamp, IP address, and file metadata where relevant (filename, size — never file contents). Audit logs are retained for 12 months and then permanently deleted. Users can read their own audit log; access is enforced the same way as the rest of their data.
Retention, deletion, and data portability
Retention by data category
- Source PDFs: automatically deleted shortly after report generation, in any case within 24 hours.
- Generated reports: retained on the user's behalf so they can be revisited. Users may delete any report at any time.
- Entity records: retained on the user's behalf. Users may delete any record at any time.
- Account data: retained while the account is active. Account deletion permanently removes account data, reports, and entity records (subject to audit log retention below).
- Audit logs: 12 months.
- Server access logs: approximately 30 days.
- Billing records: 7 years, per Canadian tax record-keeping rules.
Data portability — your right to export
You own your data; Reede holds it on your behalf. You may export at any time:
- Generated reports, generated documents, and uploaded files can be downloaded individually in their original format.
- For a complete export of all entity data in machine-readable form, contact privacy@reede.ca and we will provide it within 30 days at no charge.
Cancellation and data deletion
When a user cancels their subscription:
- The account enters read-only mode for 30 days. The user can continue to access their data and download individual documents and reports during this window, and may request a complete data export at privacy@reede.ca.
- After 30 days, the user's account, reports, entity records, and personal information are permanently deleted from Reede's primary systems.
- Audit logs and billing records are retained per the schedule above.
If Reede ceases operations
- 90 days advance notice to all active users by email and on-platform notification.
- 90 days post-shutdown during which user data remains accessible for download. Users may request a complete data export at privacy@reede.ca during this window.
- After 180 days from the announcement, all customer data is permanently deleted.
AI provider arrangement
Reede uses Anthropic (the maker of Claude) for AI processing. Reede's AI features include the Reede assistant (describe a task in chat), Ask Reede (research questions), document drafting (resolutions, cover letters, invoices), and extraction of facts from uploaded documents. In each, the relevant content and a prompt are sent to Anthropic and a draft is returned for your review. The contractual arrangement governing this use includes:
- Anthropic's Commercial Terms of Service, which prohibit Anthropic from using customer inputs or outputs to train models;
- A Data Processing Addendum governing how Anthropic handles personal information processed on Reede's behalf;
- Server-side-only API access — Reede calls Anthropic's API from its own infrastructure, never from the user's browser.
Network and operational security
- Reede is hosted on infrastructure with established security practices (Supabase, Vercel, Stripe, AWS). See Subprocessor List.
- Hosting providers' standard monitoring is in use. Reede maintains its own audit log on top.
- Reede's payment flow uses Stripe's hosted checkout. Card numbers are not seen, transmitted, or stored by Reede; Stripe holds payment data under PCI-DSS Level 1 compliance.
Breach response
If Reede becomes aware of a security incident affecting personal information that creates a real risk of significant harm:
- Affected systems will be isolated promptly.
- The scope and impact will be assessed.
- Affected users will be notified as soon as feasible, as required by PIPEDA.
- The Office of the Privacy Commissioner of Canada will be notified as required by PIPEDA.
- A written record of the incident and the response will be retained for at least 24 months, as required by the Breach of Security Safeguards Regulations.
You can also raise a privacy concern or complaint at any time — see Your rights in the Privacy Policy for how to reach our Privacy Officer and your right to complain to the Office of the Privacy Commissioner of Canada or your provincial regulator.
What Reede deliberately does NOT do
- Reede does not sell user data — ever.
- Reede does not use your content to train AI models, and contractually prohibits its AI provider from doing so.
- Reede does not run analytics, tracking pixels, or marketing scripts on its website.
- Reede does not use third-party cookies. The only cookies set are first-party authentication cookies.
- Reede does not store credit card numbers.
- Reede does not retain source PDFs from a one-time review beyond the analysis window (documents you save to an entity or matter are kept until you delete them).
- Reede does not access user reports without an explicit user request, and any such access is logged.
For firm administrators
Reede is designed to support the cloud-service due diligence obligations lawyers undertake under Law Society guidance:
- Provider due diligence: this document, the Privacy Policy, and the Subprocessor List together describe Reede's data handling. Additional documentation is available on request.
- Written agreement: firms requiring a Data Processing Agreement may request one.
- Knowledge of storage location: the data-location table above and the Subprocessor List describe where each provider stores and processes your data. We do not commit to a specific residency region.
- Breach notification: incident notification protocols are above.
- Lawful-process notification: if Reede receives a subpoena, warrant, or court order for your data, we notify the affected firm before disclosing it where we are legally permitted to do so.
- Data retrieval and deletion: users can retrieve their reports and request deletion at any time.
For DPA requests, security questionnaires, or further questions:
Email: privacy@reede.ca