A1 CMS
Security

Security & data protection.

How A1 CMS keeps your firm's data isolated, recoverable, and yours.

Isolated tenant databases

Every firm runs in its own dedicated database, not in shared tables. Your records are physically separated from every other customer's.

Encrypted in transit

All traffic between your team, your clients, and A1 CMS runs over HTTPS/TLS, including the client portal and file transfers.

Role-based access

Granular staff permissions control who can view, create, edit, or delete each record type, and client portal users only ever see their own matters.

Activity logging

Administrative and record activity is logged, so you can see who did what and when.

Automated backups

Database backup tooling is included on every plan, with scheduled backups of your tenant database.

Your data stays exportable

Full CSV export ships on every plan, including Starter. You can take your clients, matters, and records with you at any time.

Payments handled by processors

Card payments are processed by Stripe and PayPal. Card details are entered on and stored by the processor, never on A1 CMS servers.

AI on your own keys

The Claude and ChatGPT assistants run on API keys you provide, under your own agreement with the provider. Your content is not routed through shared keys.

Questions or disclosures

Security questions, disclosure reports, or data deletion requests: email security@a1cms.com and we will respond within one business day. See also our privacy policy and terms of use.