We understand that law firms handle highly sensitive client information. Security isn't an afterthought at Capel—it's foundational to everything we build.
All data transmitted between your devices and Capel servers is encrypted using TLS 1.3. Data at rest is encrypted using AES-256, the same standard used by banks and government agencies. Your documents and client information are never accessible in plaintext, even to our own engineers.
Your data never leaves Ireland. We host all infrastructure in AWS Dublin (eu-west-1), ensuring compliance with Irish and EU data protection requirements. This means your client data is subject to Irish law and EU GDPR protections, not foreign jurisdictions.
We honour all GDPR data subject requests including access, rectification, and deletion. As an Irish company handling Irish client data, we take data protection seriously. You can request a copy of your data or ask for deletion at any time by contacting our team.
Role-based access control ensures team members only see what they need. Multi-factor authentication is available for all accounts and mandatory for admin users. We maintain detailed audit logs of all access to sensitive data, available for your compliance reviews.
Automated daily backups with point-in-time recovery ensure your data is never lost. Our infrastructure is designed for 99.9% uptime with automatic failover. In the unlikely event of a service disruption, your data remains safe and accessible as soon as systems recover.
We engage independent security firms to conduct annual penetration tests of our application and infrastructure. Findings are remediated promptly, and we continuously monitor for vulnerabilities using automated scanning tools. Security researchers can report vulnerabilities through our responsible disclosure programme.
We're happy to discuss our security practices in detail, provide documentation for your due diligence process, or arrange a call with our security team.
Contact Security Team