Security
Security is built around tenant isolation and least-privilege access.
Case Yield treats law-firm intake and signed-case data as sensitive business data. The private-pilot posture uses approved firm accounts, organization-scoped records, and least-privilege access.
Access control
- Authenticated users resolve to an organization membership, role, and permission set.
- Staff views redact admin economics such as ad spend and signed-case value.
- Service-role credentials are server-only and never exposed to browser code.
Tenant isolation
- Client data records carry organization scope and row-level security policies restrict direct client-role reads.
- Org-scoped uniqueness allows the same phone, source, or external ID across different firms.
- Raw import and backup PII tables are not exposed to browser client roles.
Operational controls
- Webhook and import paths require secrets or authenticated admin access.
- Indexes are added for org, date, source, contact, status, and spend paths.
- Operational routes fail closed when required secrets, authentication, storage, or tenant configuration is missing.
Launch standard
- Real client onboarding is limited to approved private-pilot accounts and explicitly configured organizations.
- Release checks include lint, tests, build, safer-gate deployment checks, and production smoke verification.
- Security concerns can be sent to hello@trycaseyield.com.
Case Yield supports revenue attribution and intake intelligence only. It does not provide legal advice, create an attorney-client relationship, or make legal decisions for a firm.