Security at Motion Granted
Your trust is our foundation. We employ industry-leading security practices to protect your confidential information.
How We Protect Your Data
Multiple layers of security protect your confidential information
Encryption
TLS 1.3 for data in transit, AES-256 encryption for data at rest. Your documents and case information are always protected.
Infrastructure
Hosted on enterprise-grade infrastructure with SOC 2 Type II compliance. Our providers (Vercel, Supabase) maintain rigorous security standards.
Access Controls
Role-based access control ensures only authorized personnel can access your data. Multi-factor authentication is enforced for all staff.
Audit Logging
Comprehensive audit logs track all access to your data. We maintain detailed records for compliance and security monitoring.
Staff Training
All staff receive regular security awareness training. Confidentiality agreements are required for anyone who handles client data.
Backups
Daily encrypted backups with 30-day retention. Point-in-time recovery ensures your data is never lost.
AI Security Measures
Special protections for AI-assisted drafting
- AI prompts do not include identifying client information when possible
- AI API calls use encrypted connections
- AI-generated content is reviewed by human professionals before delivery
- Your data is NOT used to train AI models
- AI processing is logged for audit and compliance purposes
- Separate API keys and access controls for AI systems
Important Note
While we employ robust security measures, AI systems process data through third-party APIs. We select AI providers with strong security practices and ensure contractual protections for your data.
Privilege Preservation
Motion Granted is architecturally designed to preserve attorney-client privilege and work product protection. Unlike consumer AI tools, our platform operates as a commercial document preparation service under the attorney's direction and control.
Legal Framework
Motion Granted operates as a Legal Process Outsourcing (LPO) service under the direct supervision of the hiring attorney. Under ABA Formal Opinion 08-451 and the Restatement (Third) of the Law Governing Lawyers §§ 70-73, communications and work product shared with LPO providers acting under attorney direction generally maintain their privileged status, consistent with the agency principles recognized in Clark v. United States, 289 U.S. 1 (1933).
Consumer AI vs. Motion Granted API
| Feature | Consumer AI | Motion Granted |
|---|---|---|
| Access Model | Public web interface | Authenticated commercial API |
| Data Handling | Stored for 30+ days, used for training | Zero retention — never stored by AI provider |
| Confidentiality Agreement | Consumer ToS — no confidentiality | Enterprise API agreement with confidentiality |
| Access Controls | Data accessible to provider employees | Encrypted, access-restricted, audited |
| Attorney Direction | User types prompts directly | Attorney directs via structured intake; 14-phase supervised workflow |
| Professional Relationship | No vendor relationship | Commercial service under attorney direction |
| Cross-Client Isolation | Shared conversation context | Complete isolation; no cross-client data sharing |
| Data Retention | Indefinite; user must manually delete | 365 days, then permanent deletion; earlier deletion on request |
| Privilege Status (Post-Heppner) | Likely waived (USA v. Heppner) | Preserved — distinguishable from Heppner facts |
Technical Safeguards
- All data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Strict role-based access controls limit data visibility to authorized personnel
- All AI processing occurs in isolated environments with no cross-client data sharing
- Comprehensive audit trails for all data access
- Case materials permanently deleted after 365 days per retention policy
- Your data is never used to train AI models
Recommended Privilege Preservation Steps
- Privilege Log: Include Motion Granted in your privilege log as an LPO vendor operating under attorney direction — consistent with how firms log other litigation support vendors.
- Work Product Doctrine: Filing packages constitute attorney work product prepared in anticipation of litigation, reflecting mental impressions, conclusions, opinions, and legal theories of counsel.
- Attorney Supervision: Our workflow ensures mandatory attorney review before delivery, maintaining the supervisory control courts examine when evaluating privilege claims.
- AI Disclosure: If your jurisdiction requires disclosure of AI-assisted drafting, such disclosure does not waive privilege over the underlying work product or attorney-client communications.
- Data Retention: Maintain your own copies of all case materials. Our 365-day retention policy means materials are permanently deleted after that period.
Best Practices for Attorneys
- Review all AI-generated output before filing — you maintain Rule 11 responsibility
- Use Motion Granted rather than consumer AI tools for privileged case materials
- Maintain documentation of your supervisory role in the document preparation process
- Consult your jurisdiction's ethics opinions on AI use in legal practice
Every filing package includes an Attorney Instruction Sheet with detailed privilege preservation guidance specific to your order. For questions about privilege preservation, contact security@motion-granted.com.
Compliance & Standards
Meeting industry standards and legal requirements
SOC 2 Type II
CompliantOur infrastructure providers maintain SOC 2 Type II compliance, demonstrating rigorous security controls.
ABA Formal Opinion 512
CompliantWe comply with ABA guidance on AI disclosure, ensuring transparency about AI-assisted drafting.
CCPA/CPRA
CompliantCalifornia Consumer Privacy Act compliance for California residents.
Attorney-Client Privilege
CompliantOur systems and processes are designed to protect the confidentiality of attorney work product.
Trusted Infrastructure
We partner with industry-leading providers
Vercel
Application Hosting
SOC 2 Type II
Supabase
Database
SOC 2 Type II
Stripe
Payments
PCI DSS Level 1
AI Processing
Commercial API
SOC 2 Type II
Report a Security Issue
We take security seriously. If you discover a vulnerability, please report it responsibly.
For security concerns or to report a vulnerability:
security@motion-granted.comPlease include as much detail as possible about the potential vulnerability. We will respond within 48 hours.