Security & Trust

Perdura is built from the ground up to protect the integrity and confidentiality of your digital evidence. Security isn't an afterthought—it's the foundation of every design decision we make.

Encryption

AES-256 at rest, TLS 1.3 in transit

All evidence is encrypted before it touches disk and travels over encrypted channels exclusively.

Timestamps

RFC 3161 compliant

Cryptographic timestamps issued by an independent Time Stamping Authority, providing non-repudiable proof of capture time.

Isolation

Firm-level data segregation

Each firm's data is logically isolated at the infrastructure level. Cross-tenant access is architecturally impossible.

Infrastructure

Perdura runs on hardened cloud infrastructure with the following protections:

Hosted on SOC 2 Type II certified infrastructure providers
All compute instances run in isolated virtual private networks
Database connections are encrypted and restricted to application-layer access
Infrastructure as Code ensures consistent, auditable deployments
Automated vulnerability scanning on every deployment

Authentication & Access Control

We implement defense-in-depth for access management:

Password-based and magic link authentication options
Role-based access control (RBAC) with firm administrator oversight
Session tokens with automatic expiration and revocation
All authentication events are logged and auditable
No Perdura employee can access your evidence without explicit written consent

Evidence Integrity

The entire evidence lifecycle is designed to produce court-admissible records:

Capture. Evidence is collected through isolated, instrumented browser environments to prevent tampering
Timestamp. RFC 3161 timestamps are obtained from independent Time Stamping Authorities at the moment of capture
Hash. SHA-256 cryptographic hashes are computed for every piece of evidence, creating a tamper-evident seal
Store. Evidence is encrypted with AES-256 and stored in append-only, immutable storage
Audit. Every operation—capture, view, export, share—is logged with timestamp, user, and action in an immutable audit trail

Chain of Custody

Perdura automatically maintains a complete chain of custody for every piece of evidence. This includes:

Who captured the evidence, when, and from which source URL
Cryptographic proof that evidence has not been modified since capture
A full access log of every user who viewed or exported the evidence
Timestamped audit entries for all lifecycle events

This chain of custody is included in every exported PDF bundle, providing courts with verifiable provenance of digital evidence.

Data Retention & Deletion

You control your data. Evidence is retained for the duration of your subscription plus a 90-day grace period. You can request deletion of specific evidence or your entire account at any time. Deletion requests are processed within 72 hours and are cryptographically irreversible.

Cryptographic timestamps and chain-of-custody metadata may be retained after evidence deletion to support ongoing legal proceedings, as required by law.

Incident Response

We maintain a documented incident response plan that includes:

24-hour initial response commitment for reported security incidents
Affected customers notified within 72 hours of confirmed breach
Root cause analysis and remediation published for all material incidents
Regular tabletop exercises to test and improve response procedures

Vulnerability Disclosure

We welcome responsible security research. If you discover a vulnerability in Perdura, please report it to security@perdura.io. We commit to:

Acknowledging your report within 48 hours
Providing regular updates on remediation progress
Not pursuing legal action against good-faith security researchers
Crediting researchers (with consent) in our security advisories

Contact

For security-related questions or concerns, contact our security team at security@perdura.io.

DLG Holdings Limited
Malta