Inherit, Don't Invent
Most legal tech products ask you to trust a new company with your most sensitive data. They spin up their own servers, create their own login portals, and ask you to take their word that it's safe.
LitiGator takes a fundamentally different approach. Every piece of data LitiGator processes stays inside your existing Google Workspace™. There is no external database holding your case data. LitiGator's servers and employees do not see or access your client data. A lightweight license validation server confirms your subscription — no client data is sent or stored. There is no separate login. No new infrastructure to secure.
Your IT team already evaluated Google Workspace. Your firm already signed Google's data processing agreement. LitiGator operates entirely within that boundary, inheriting every security control you've already put in place.
Where Your Data Lives
Every record, every file — in your Google Workspace.
| Data Type | Storage Location | Who Controls Access |
|---|---|---|
| Client contact information | Google Sheets™ (your spreadsheet) | You |
| Case summaries (PDF) | Google Drive™ (your Drive) | You |
| Uploaded evidence & documents | Google Drive (your Drive) | You |
| Attorney decisions & votes | Google Sheets (your spreadsheet) | You |
| Conflict check records | Google Sheets (your spreadsheet) | You |
| System audit logs | Google Sheets (your spreadsheet) | You |
| Notification emails | Gmail™ (your inbox) | You |
| Daily backups | Google Drive (your Drive) | You |
Encryption
In Transit
Every communication is encrypted with TLS. This includes viewing your spreadsheet, opening Drive files, sending emails, and every automated action LitiGator performs.
At Rest
All data is encrypted at rest using AES-256. Google manages encryption keys through its Key Management Service. If your firm uses CSEK or CSE, LitiGator's data benefits automatically.
No Extra Key Management
There is no separate encryption key to lose, rotate, or manage. LitiGator relies on Google's infrastructure-level encryption.
Authentication & Access Control
No new accounts. No new passwords. No new risk.
No LitiGator Passwords
No login page, no usernames, no password reset flows. Access controlled through your existing Google Workspace permissions.
Multi-Factor Authentication
If your admin has enabled MFA, that protection automatically covers LitiGator. Hardware keys, TOTP codes, Google Prompts — all apply.
Single Sign-On
If your firm uses Okta, Azure AD, or another IdP federated with Google Workspace, LitiGator inherits that SSO configuration.
Admin Controls That Apply Automatically
| Admin Policy | How It Protects LitiGator Data |
|---|---|
| Data Loss Prevention (DLP) | LitiGator's files and emails are scanned like any other |
| Drive sharing restrictions | External sharing rules apply to LitiGator files |
| Mobile device management | Managed device requirements apply to LitiGator data |
| Vault retention policies | Holds apply to LitiGator emails and Drive files |
| Admin audit log | All LitiGator file access appears in your audit log |
| Context-Aware Access | IP, device, and geo restrictions apply |
| OAuth app allowlisting | Admin controls which Apps Script projects can run |
Ethical Walls & Conflict Detection
Ethical Walls
- Admin sets personal conflict lists per attorney
- Conflicted attorneys excluded from case notifications and case folder access
- By default, walled attorneys see a dashboard notice they have an active conflict — without seeing case details, names, or parties. Silent mode is available via configuration.
- Complete audit trail for compliance reviews
5-Layer Conflict Detection
- Identity Match — name, email, or phone
- Address Match — same address as known person
- Entity Conflict — adverse party matches known entity
- Past Witness — client was a prior witness
- Known Witness — listed witness already in records
What LitiGator Does NOT Do
- Does NOT store data outside your Google Workspace
- Does NOT create new user accounts or passwords
- Does NOT require network configuration (no VPN, no firewall rules)
- Does NOT install software on any device
- Does NOT send email from external servers
- Does NOT require a separate security review
- Does NOT phone home with your data (only a license key check)
- Does NOT use AI or machine learning on your data
Traditional Legal Tech vs. LitiGator
| Concern | Traditional SaaS | LitiGator |
|---|---|---|
| Client data stored on | Vendor's servers | Your Google Drive |
| Database access | Vendor's engineers | Only your team |
| Vendor breached? | Your data exposed | Your data isn't there |
| New credentials? | Yes | No |
| New software? | Yes | No |
| Separate security audit? | Yes | No |
| Email deliverability | Vendor domain issues | Your own Gmail |
| Vendor closes? | Data at risk | Data unaffected |
Want the full details?
Download our complete Security & Data Architecture whitepaper.
Request WhitepaperYour data. Your infrastructure. Your control.
See how it works in a live demo with your own test data.