Live ·SOC 2 Type II ·TX-RAMP ·We never train on your data
Security & Trust

Security and trust, by default.

USLege holds the system of record for what your government says. We protect it to the standard that Fortune 500 teams, law firms, and government buyers require. SOC 2 Type II and TX-RAMP certified. We never train on your data.

Compliance at a glance

SOC 2 Type II

Independently audited. Report available on request, under NDA.

TX-RAMP

Certified for Texas public-sector procurement readiness.

We never train on your data

Your data is never training data, and never sold.

DPA available

A Data Processing Addendum is available for enterprise procurement.

Authentication enforced

Unique account authentication for every account, with production access restricted to authorized personnel.

Certifications

Audited. Authorized. Verifiable.

We claim only the certifications we hold and can prove. Two of them, both independently verified.

Certified

SOC 2 Type II

Independently audited controls for security, availability, and confidentiality, tested over time rather than at a single point. Our SOC 2 Type II report is available on request, under NDA.

Authorized

TX-RAMP

Certified under the Texas Risk and Authorization Management Program, the state framework for cloud security, so public-sector teams can procure with confidence.

Our full security posture lives in our Trust Center, where the SOC 3 report and TX-RAMP certificate can be downloaded directly and the SOC 2 Type II report can be requested.

Our data commitment

We never train on your data.

Your tracked bills, briefs, searches, and team activity belong to you. They are never used to train AI models, never mixed across organizations, and never sold. The intelligence on your screen comes from the public government record, not from your work.

See exactly how we handle data
Data handling & AI

How your data is handled.

Built for teams who answer to procurement, legal, and a board. Here is what happens to your data inside USLege.

Ownership

Your data is yours

You retain full ownership and control of your content. Close your account or request deletion at any time, and we delete your data except where the law requires us to keep it.

AI data use

Never training data

Content you bring into USLege, and your inputs to AI features, are never used to train models and are not retained for training.

Privacy

Never sold, never shared

We do not sell or share your personal information, in line with the CCPA, and we honor Global Privacy Control signals.

Access & authentication

Only the right people, only the right access.

Authentication and access controls sized for enterprise government affairs teams.

Authentication

Account authentication enforced

Unique account authentication is enforced for every account. Single sign-on is available for teams on Enterprise plans; talk to our team about your identity provider.

Permissions

Production access restricted

Access to production and to customer data is restricted to authorized personnel on a least-privilege basis.

Keys

Encryption key access restricted

Access to encryption keys is restricted and controlled, a published control in our SOC 2 program.

Infrastructure & hosting

Resilient by design.

The platform behind the largest government video archive in the world, built to stay secure and stay up.

Hosting

Enterprise cloud

USLege runs on enterprise cloud infrastructure, covered by the controls independently audited in our SOC 2 Type II program.

Encryption

Encrypted in transit and at rest

Customer data is encrypted in transit and at rest, and data transmission is encrypted end to end.

Monitoring

Tested and monitored

Controls are continuously monitored, with live status published in our Trust Center and real-time uptime at status.uslege.ai.

Continuity

Backups and recovery

Automated backups and a disaster-recovery plan keep your data available.

Response

Incident response

A formal incident-response process, with prompt, transparent notification if an event affects your data.

Retention

Retention and deletion

Clear data retention and deletion practices, with deletion on request when you close your account.

Privacy & legal

The documents your procurement team needs.

Legal

Terms & Privacy Policy

Our Terms of Service and Privacy Policy, in one document covering data use, confidentiality, and your rights.

Read Terms & Privacy

Compliance

Trust Center

Live certifications and controls, the SOC 3 report, the TX-RAMP certificate, and the SOC 2 report on request.

Open the Trust Center

Uptime

System Status

Real-time uptime and incident history across the application, legislative data, AI, and alerts.

View system status

Need a Data Processing Addendum for procurement? Email support@uslege.ai or ask your account manager and we will send it over.

Security · Frequently asked

The questions your security team will ask.

Is USLege SOC 2 compliant?
Yes. USLege holds SOC 2 Type II and TX-RAMP certifications. Our SOC 2 Type II report is available on request, under NDA. Our full security and compliance posture, including the SOC 3 report and TX-RAMP certificate, is in our Trust Center.
Does USLege train AI on my data?
No. USLege never trains on customer data. Your tracked bills, briefs, searches, and team activity are never used to train AI models, never mixed across organizations, and never sold.
Does USLege sell or share my data?
No. USLege does not sell or share your personal information, in line with the California Consumer Privacy Act, and we honor Global Privacy Control signals. You can request deletion of your data at any time.
Can I get a Data Processing Addendum (DPA)?
Yes. A Data Processing Addendum is available for enterprise procurement. Email support@uslege.ai or ask your account manager and we will send it over.
Is USLege data encrypted?
Yes. Customer data is encrypted in transit and at rest, and data transmission is encrypted end to end. USLege runs on enterprise cloud infrastructure covered by our SOC 2 Type II program.
Does USLege support single sign-on?
Unique account authentication is enforced for every account, and production access is restricted to authorized personnel. Single sign-on is available for teams on Enterprise plans; talk to our team about your identity provider.
Does USLege keep a subprocessor list?
Our data processors include Stripe for billing and Google Analytics for site analytics, as described in our Terms and Privacy Policy.
How do I report a security concern?
Reach our team at support@uslege.ai. We take every report seriously and respond promptly.