<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1275051933482651&amp;ev=PageView&amp;noscript=1">

Security & Confidentiality at ECFX

Your Documents. Your Control. Our Commitment.

At ECFX, security isn’t an afterthought—it’s a foundation. We understand the sensitive nature of legal documents and the critical responsibility that comes with managing court notices on behalf of our clients. That’s why we’ve built our platform with robust safeguards to ensure your data remains protected, private, and under your control at all times.

We built ECFX to be an extension of your law firm's secure environment—not a public library.

Schedule a Demo 

Risk Management

Risk Management

ECFX proactively identifies, assesses, and mitigates security risks through ongoing risk management practices and executive oversight, ensuring the highest levels of operational resilience.

Operational Monitoring

Operational Monitoring

Real-time monitoring across all systems enables ECFX to detect and respond quickly to potential threats, maintaining platform stability and protecting client data without interruption.

 

Employee Security Protocols

Employee Security Protocols

All ECFX employees complete rigorous background checks and ongoing security awareness training to strengthen our human firewall and maintain a strong security-first culture.

Secure Software Development

Secure Software Development

Security is embedded into the ECFX development lifecycle. Code undergoes static security scans before deployment, ensuring vulnerabilities are identified and resolved early.

Icons__5_-removebg-preview-2-1

Backup & Recovery Systems

Daily incremental backups with point-in-time recovery capabilities protect client data integrity and availability, with disaster recovery plans tested annually to ensure operational continuity.

Third-Party Security Validation

Third-Party Security Validation

ECFX maintains partnerships with industry-leading security auditors, conducting annual SOC 2 Type II examinations and regular penetration tests to independently validate our controls.

Respecting Court Guidelines, Reinforcing Client Trust

In response to recent guidance from federal courts—including notices from the Administrative Office of the U.S. Courts and the Standing Order of the Eastern District of North Carolina—we want to clearly communicate ECFX’s position and practices regarding the confidentiality and security of sealed documents and restricted information.

Why ECFX Is Exempt from Recent Court Orders

  • ECFX does not store attorney credentials for PACER accounts.
  • ECFX does not store attorney credentials for PACER accounts. Sealed documents must still be downloaded manually by those with access to the credentials. ECFX does not download sealed documents from PACER.
  • ECFX is not added as a secondary recipient on CM/ECF accounts.
  • ECFX does not resell or republish court documents or case information.

With ECFX, your court documents remain secure, confidential, and accessible only to your authorized team.

SOC 2 Type II Compliance

ECFX has successfully completed a SOC 2® Type II examination covering the design and operational effectiveness of our security controls based on the AICPA’s Trust Services Criteria for Security.

Our compliance ensures that:

  • Security protocols are fully documented and consistently applied.
  • All data in transit and at rest is encrypted using TLS 1.2 and AES-256-GCM.
  • Access is managed with multi-factor authentication and strict role-based permissions.
  • Security scans are executed on every code commit during development.
  • System and infrastructure monitoring is continuous, with alerts addressed in real time.
  • Daily backups include point-in-time recovery and are regularly tested.
  • Third-party audits and penetration testing validate the effectiveness of our controls.

This certification affirms that ECFX maintains strong, continuously operating safeguards to protect sensitive legal data.

Because ECFX never publishes your documents, you will never need to request that ECFX claw back or take down a sealed document or other inadvertent filing from public access.


With ECFX, your documents remain exclusively yours at all times.

SOC 2 Type II Certification

Get a Copy of ECFX's SOC 2 Type II Report

Security by Design

At ECFX, client data is logically separated within a secure multi-tenant environment to ensure isolation and confidentiality. Access to all systems is tightly controlled and continuously monitored, allowing only authorized personnel to interact with sensitive information. All sessions are encrypted over HTTPS, and system activity is fully logged to support auditability and transparency. We maintain formal policies that govern acceptable use, incident management, vendor security, and data retention, ensuring that security best practices are embedded throughout our operations. To safeguard business continuity, ECFX also maintains and tests disaster recovery and business continuity plans on an annual basis.

Governance, Risk & Compliance

ECFX conducts regular risk assessments to address security, regulatory, and fraud-related concerns, ensuring proactive management of potential threats. The executive team meets weekly to review internal controls and monitor the effectiveness of our security practices. As part of our commitment to safeguarding client information, all new hires and contractors undergo thorough background checks prior to joining ECFX. Our employees also complete semi-annual security awareness training to stay informed about evolving cybersecurity risks. Additionally, internal policies covering areas such as access control, change management, and disaster recovery are regularly reviewed and updated to align with best practices and regulatory requirements.

Data Integrity and Resilience

ECFX employs continuous monitoring tools, such as New Relic, to promptly alert our support teams to performance and security issues, ensuring rapid response to potential threats. To validate the strength of our defenses, we conduct annual external penetration tests performed by independent security experts. Vendor SOC reports are reviewed annually as part of our ongoing third-party risk management process, helping us ensure that all service providers meet our stringent security standards. Access to production systems is limited to essential personnel only and is reviewed quarterly to maintain strict control over sensitive environments.

 

 

 

 

 

 

Automate your complex, manual ECF notice processes.

Schedule a Demo