Trust Center
At CORTO, trust is at the core of everything we build.
Our Trust Centre is designed to provide clear, transparent information about the security, privacy, and reliability practices that underpin our platform. We know our customers rely on us to handle their data with the highest levels of care, and this responsibility shapes our technology, operations, and culture.
CORTO Re-certified under the Data Privacy Framework (DPF)
We’re pleased to announce that CORTO has been successfully re-certified under the Data Privacy Framework (DPF) for the coming year, reaffirming our ongoing commitment to data protection and privacy.
This certification covers both:
- EU-U.S. Data Privacy Framework (EU-U.S. DPF)
- UK Extension to the EU-U.S. Data Privacy Framework
What this means for our clients:
- If your personal data transferred is from the EU and UK to the United States, it continues to be protected in accordance with recognised international privacy standards.
- CORTO remains aligned with regulatory expectations for lawful cross-border data transfers.
You can view our active certification on the official Data Privacy Framework website:
https://www.dataprivacyframework.gov/list
(Search for “CORTO”)
LawY is now powered by the CORTO platform
We’re pleased to announce that LawY is now powered by the CORTO platform. LawY utilises CORTO’s secure infrastructure and technology stack to deliver its services.
As a result, LawY integrates with CORTO’s established security boundary, leveraging the comprehensive controls, monitoring, and compliance.
CORTO is now CASA Tier 3 Certified
Protecting the security, confidentiality, and reliability of our customers’ data remains central to everything we do at CORTO. As a trusted partner to legal professionals, we recognise the responsibility that comes with handling sensitive information and continuously strengthen our security posture.
We’re pleased to share that CORTO has been certified at CASA Tier 3 - the highest level within the Cloud Application Security Assessment (CASA) framework. CASA is an industry recognised framework built upon the OWASP Application Security Verification Standard (ASVS), providing a consistent, measurable approach to assessing application security. Achieving Tier 3 demonstrates that our platform implements rigorous security controls and adheres to the highest assurance level for application security compliance.
This recognition highlights the ongoing efforts of our Information Security team and reinforces CORTO’s commitment to maintaining the highest standards of protection and assurance for our clients.
To learn more about our approach to security and compliance, please visit our Security FAQs.
CORTO Achieves SOC 2 Type II Certification
The security, confidentiality and reliability of our customer's data has always been a top priority here at CORTO. As a company dedicated to serving legal professionals, we understand the critical importance of safeguarding sensitive information. We are proud to announce our SOC 2 Type 2 certification, after a successful audit period!
SOC 2 (System and Organisation Controls 2) is a globally recognised security framework developed by the American Institute of Certified Public Accountants (AICPA). This certification validates that CORTO's security controls and processes meet requirements or protecting the data and information entrusted to us by our clients—and, in turn, by their clients.
This milestone reflects the ongoing commitment by our Information Security team, and CORTO as a whole, to ensure the security and integrity of our systems.
If you have any questions or would like more information about our security practices, please visit our Security FAQs.
- Do you maintain an inventory of AI models, datasets, and related artefacts?
- Does CORTO use Artificial Intelligence (AI) or Generative AI? If so, how is it used?
- How is data segmented between the CORTO's customers?
- What data are AI models trained on? Does training data include personal or sensitive information?
- How does CORTO ensure client data confidentiality when using AI?