Security

Security is built around tenant isolation and least-privilege access.

Case Yield treats law-firm intake and signed-case data as sensitive business data. The private-pilot posture uses approved firm accounts, organization-scoped records, and least-privilege access.

Access control

  • Authenticated users resolve to an organization membership, role, and permission set.
  • Staff views redact admin economics such as ad spend and signed-case value.
  • Service-role credentials are server-only and never exposed to browser code.

Tenant isolation

  • Client data records carry organization scope and row-level security policies restrict direct client-role reads.
  • Org-scoped uniqueness allows the same phone, source, or external ID across different firms.
  • Raw import and backup PII tables are not exposed to browser client roles.

Operational controls

  • Webhook and import paths require secrets or authenticated admin access.
  • Indexes are added for org, date, source, contact, status, and spend paths.
  • Operational routes fail closed when required secrets, authentication, storage, or tenant configuration is missing.

Launch standard

  • Real client onboarding is limited to approved private-pilot accounts and explicitly configured organizations.
  • Release checks include lint, tests, build, safer-gate deployment checks, and production smoke verification.
  • Security concerns can be sent to hello@trycaseyield.com.

Case Yield supports revenue attribution and intake intelligence only. It does not provide legal advice, create an attorney-client relationship, or make legal decisions for a firm.