About > Security

Security & Compliance

Zero data retention in the AI layer

Client data submitted for AI analysis is processed statelessly and purged within 24 hours. System logging is disabled at the infrastructure level. No prompts, responses, or uploaded documents are retained by our AI providers beyond the moment of inference.

The Secure Sandbox

OnTrial processes data within a segregated enterprise environment — not through consumer-grade AI tools. We act as a technical fiduciary for your data, maintaining strict separation between your case files and the AI processing environment.

No model training.

Your case data is never used to train, tune, or improve foundation models. Our enterprise agreements contractually prohibit model providers from using your inputs for any purpose beyond generating your specific response.

Encryption at rest and in-transit.

All data is encrypted using industry-standard protocols at every stage — in transit between systems, at rest in storage, and during processing within our secure cloud environment.

Security Posture

Security is foundational, not optional.

Defined sub-processor ecosystem

OnTrial maintains a strictly defined chain of custody for all client data. Every platform authorized to handle client data is documented, governed by enterprise agreements, and held to explicit security and retention standards.

24-hour purge cycle

All transient data — input artifacts, intermediate processing files, and generated reports — is automatically purged from the AI processing environment within 24 hours via lifecycle management policies. Permanent copies of final reports are delivered to your case file only

Dual-layer storage

OnTrial separates permanent case files from transient AI processing environments. Your case data lives in secure, access-controlled case management infrastructure. When AI analysis is requested, copies are transferred to an isolated processing environment and purged within 24 hours.

Data Architecture

A strict chain of custody for every file.

Audit-ready infrastructure

Full activity logging and access tracking across the platform, designed to support internal compliance requirements and external audit processes. OnTrial maintains a strictly defined chain of custody for all client data. Every platform authorized to handle client data is documented, governed by enterprise agreements, and held to explicit security and retention standards.

Role-based access control

Granular permissions across teams, departments, and offices — ensuring that only authorized users can access specific case data.

Data lifecycle management

Clients retain control over their data at every stage — what is uploaded, how long it is retained, and when it is deleted.

Access Control & Governance

Enterprise controls, built in from day one.

FCRA & GLBA Compliant

All intelligence reports are produced in full compliance with the Fair Credit Reporting Act and the Gramm-Leach-Bliley Act — the federal standards governing the handling of consumer information in investigative contexts.

Licensed investigators

OnTrial is a licensed investigations firm. All agents are fully licensed and insured, operating in compliance with state regulatory requirements.

CCPA & SB 1454 compliant

Data retention, access, and audit practices are aligned with California Consumer Privacy Act requirements and SB 1454 investigative reporting standards.

Investigative Compliance

Licensed, regulated, and built to a higher standard.