Announcing our SOC 2 Certification

News
Written By Sean Snowdon

We’re thrilled to share that Recital is officially SOC 2 certified.

Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 is the gold standard for evaluating how companies manage customer data. Successfully completing a SOC 2 audit demonstrates that Recital has designed and implemented robust controls that align with the trust service criteria of security, availability, processing integrity, confidentiality, and privacy.

Why This Matters

SOC 2 certification means your legal documents and sensitive contract data are protected by security practices that have been rigorously evaluated by independent auditors. For our customers, this provides concrete assurance that we're committed to maintaining the highest standards for data protection.

The certification process evaluated how we protect customer data across our entire operation, with particular focus on:

  • Data encryption and protection - Ensuring your legal documents are secure both at rest and in transit

  • Access control - Implementing role-based permissions that prevent unauthorized access to sensitive contracts

  • Third-party security validation - Confirming our security practices through rigorous independent verification

  • Incident response - Maintaining robust procedures to address potential security events quickly and effectively

For in-house legal departments, this certification removes a significant barrier to adoption. You can now confidently introduce Recital to your organization knowing we've demonstrated compliance with industry-standard security protocols that your InfoSec teams require.

An All-Hands Effort

The independent audit was conducted by Johanson Group LLP, marking a significant milestone in our growth journey.

Achieving SOC 2 certification was a methodical, months-long initiative that touched every corner of Recital. Led by our executive team, security became a shared responsibility across all departments—from engineering and product to operations and customer support. Everyone received comprehensive training on our security policies and played a part in ensuring our practices met the rigorous standards required.

This collaborative approach reflects our philosophy that security isn't just an IT function—it's woven into the fabric of how we build and deliver our product. We invested this level of company-wide commitment because we understand that when legal teams choose Recital, they're trusting us with their most sensitive documents and data.

What’s Next

Security isn't a one-time achievement—it's part of our ongoing operational DNA. While this certification represents a significant milestone, our security work continues every day through concrete, proactive measures:

  • Regular penetration testing by independent security experts to identify and address potential vulnerabilities

  • Quarterly vulnerability scanning across our entire infrastructure to stay ahead of emerging threats

  • Automated security checks integrated directly into our development and deployment pipeline

  • Comprehensive incident response system with 24/7 monitoring and automated escalation

  • Thorough security assessments of all third-party vendors and services we use

These aren't future plans—they're security practices we've already implemented and continue to refine. Our approach combines automated tools with human expertise to create multiple layers of protection for your legal documents and data.

We're committed to continuous improvement of our security program, making security an integral part of our development process and company culture. This certification is not the destination but confirmation that we're on the right path.

Our Approach to Security

We built Recital specifically for legal teams who need both modern tools and ironclad security. This isn't about bolting security onto an existing product—it's about designing protection for sensitive legal documents from day one.

Our security architecture uses a defense-in-depth approach tailored to legal workflows:

  • Complete tenant isolation ensures your contracts and legal documents remain completely separate from other customers' data

  • Multi-level data classification applies appropriate security controls based on sensitivity—with legal documents receiving our highest protection level

  • End-to-end encryption protects your contract data both while stored and during transmission

  • Automated security checks integrated throughout our development process catch potential issues before they reach production

  • Globally distributed team structure provides natural resilience against regional disruptions

For legal departments, this means your negotiation strategies, contract terms, and confidential agreements remain protected while still being accessible to authorized team members. We've designed our security controls to be robust yet unobtrusive—protecting your work without getting in its way.

We also believe in transparency. Our Security page outlines many of our practices and controls, and we’re always open to answering questions about our approach.

About Recital

Recital is a simplified, AI-powered contract solution built for corporate legal teams. It automates contract repository creation and version control while using AI to assist with redlining and contract review. Designed with data security and privacy at its core, Recital protects sensitive legal information while helping teams work faster. Unlike legacy CLM software that takes 6–12 months to implement, Recital is up and running in days and works within the tools legal teams already use—like Word and email.

Want to know more? See how we keep customer data safe.

Curious about how Recital can support your legal team? Get in touch with us, we’d love to hear from you.

Sean Snowdon
Next

New in Recital: Compare from Docusign Emails & Faster Search