Security
Built for privileged client work product
Patent prosecution involves confidential, privileged information and hard statutory deadlines. Ipcraft is designed so the controls a law practice depends on — isolation, an auditable record, and human control of AI — are enforced by the architecture.
Per-client data isolation
Each client organization is a separate tenant. Tenant isolation is enforced at the database with row-level security (forced on every table), so one firm's matters are never visible to another — the boundary is in the data layer, not just the application.
Append-only legal-truth record
Prosecution events and AI work products are recorded in an append-only audit trail. History is not silently rewritten — what was decided, by whom, and when is preserved, which is what a malpractice-defensible record requires.
Human approval on AI
AI never autonomously files, abandons, changes claim scope, or alters statutory deadlines. Every AI work product is a proposal an authorized practitioner reviews and approves. Professional judgment stays with the attorney.
Encryption & transport security
Data is encrypted in transit (TLS) and at rest. Email is DKIM-signed and DMARC-aligned. Secrets are managed centrally and never embedded in code.
Least-privilege access
Authentication is handled by a dedicated identity provider; access follows least-privilege, and infrastructure is isolated per environment so production data is separated from development.
Isolated, US-region infrastructure
Ipcraft runs in dedicated, isolated AWS infrastructure in the United States, with guardrails that keep workloads inside approved accounts and regions.
A note on maturity. Ipcraft is in active development and is pre-launch. The protections above describe how the platform is architected today. Formal third-party attestations (e.g. SOC 2) are part of our roadmap as we move toward general availability — we're glad to discuss our current posture in detail. Questions: hello@ipcraft.co.