Security & Trust

Perdura is built from the ground up to protect the integrity and confidentiality of your digital evidence. Security isn't an afterthought—it's the foundation of every design decision we make.

Encryption
AES-256 at rest, TLS 1.3 in transit
All evidence is encrypted before it touches disk and travels over encrypted channels exclusively.
Timestamps
RFC 3161 compliant
Cryptographic timestamps issued by an independent Time Stamping Authority, providing non-repudiable proof of capture time.
Isolation
Firm-level data segregation
Each firm's data is logically isolated at the infrastructure level. Cross-tenant access is architecturally impossible.

Infrastructure

Perdura runs on hardened cloud infrastructure with the following protections:

  • Hosted on SOC 2 Type II certified infrastructure providers
  • All compute instances run in isolated virtual private networks
  • Database connections are encrypted and restricted to application-layer access
  • Infrastructure as Code ensures consistent, auditable deployments
  • Automated vulnerability scanning on every deployment

Authentication & Access Control

We implement defense-in-depth for access management:

  • Password-based and magic link authentication options
  • Role-based access control (RBAC) with firm administrator oversight
  • Session tokens with automatic expiration and revocation
  • All authentication events are logged and auditable
  • No Perdura employee can access your evidence without explicit written consent

Evidence Integrity

The entire evidence lifecycle is designed to produce court-admissible records:

  • Capture. Evidence is collected through isolated, instrumented browser environments to prevent tampering
  • Timestamp. RFC 3161 timestamps are obtained from independent Time Stamping Authorities at the moment of capture
  • Hash. SHA-256 cryptographic hashes are computed for every piece of evidence, creating a tamper-evident seal
  • Store. Evidence is encrypted with AES-256 and stored in append-only, immutable storage
  • Audit. Every operation—capture, view, export, share—is logged with timestamp, user, and action in an immutable audit trail

Chain of Custody

Perdura automatically maintains a complete chain of custody for every piece of evidence. This includes:

  • Who captured the evidence, when, and from which source URL
  • Cryptographic proof that evidence has not been modified since capture
  • A full access log of every user who viewed or exported the evidence
  • Timestamped audit entries for all lifecycle events

This chain of custody is included in every exported PDF bundle, providing courts with verifiable provenance of digital evidence.

Data Retention & Deletion

You control your data. Evidence is retained for the duration of your subscription plus a 90-day grace period. You can request deletion of specific evidence or your entire account at any time. Deletion requests are processed within 72 hours and are cryptographically irreversible.

Cryptographic timestamps and chain-of-custody metadata may be retained after evidence deletion to support ongoing legal proceedings, as required by law.

Incident Response

We maintain a documented incident response plan that includes:

  • 24-hour initial response commitment for reported security incidents
  • Affected customers notified within 72 hours of confirmed breach
  • Root cause analysis and remediation published for all material incidents
  • Regular tabletop exercises to test and improve response procedures

Vulnerability Disclosure

We welcome responsible security research. If you discover a vulnerability in Perdura, please report it to security@perdura.io. We commit to:

  • Acknowledging your report within 48 hours
  • Providing regular updates on remediation progress
  • Not pursuing legal action against good-faith security researchers
  • Crediting researchers (with consent) in our security advisories

Contact

For security-related questions or concerns, contact our security team at security@perdura.io.

DLG Holdings Limited
Malta